.:[ packet storm ]:.
                           
it's okay to have the details
it's okay to have the details

 Section:  .. / 0709-advisories  /

Page 6 of 20
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 >> Files 125 - 150 of 493
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: 09.27.07-1.txt
Description:
 iDefense Security Advisory 09.27.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s (CA) BrightStor HSM allows attackers to execute arbitrary code with SYSTEM privileges. These problems specifically exist within various command handlers in the CsAgent service. There are eleven command handlers that contain one or more stack based buffer overflow vulnerabilities each. All of these vulnerabilities are simple sprintf() calls that overflow fixed size stack buffers with attacker supplied data. Additionally, there are five command handlers that are vulnerable to integer overflow vulnerabilities. In addition to this, the function responsible for reading in and dispatching a request to the appropriate handler also contains an integer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in Computer Associates BrightStor HSM version r11.5. Previous versions may also be affected.
Author:Sean Larsson
Homepage:http://www.idefense.com/
File Size:4473
Related CVE(s):CVE-2007-5082, CVE-2007-5083
Last Modified:Sep 27 21:25:23 2007
MD5 Checksum:ee2417c015c6a34fccef4c071b848987

 ///  File Name: MDKSA-2007-181.txt
Description:
 Mandriva Linux Security Advisory - A stack buffer overflow vulnerability was discovered in the RPCSEC_GSS RPC library by Tenable Network Security that could potentially allow for the execution of arbitrary code.
Homepage:http://www.mandriva.com/security/
File Size:4439
Related CVE(s):CVE-2007-3999
Last Modified:Sep 13 19:55:57 2007
MD5 Checksum:5c5b29687a1001a54fa198b3a7b485cd

 ///  File Name: dsa-1377-1.txt
Description:
 Debian Security Advisory 1377-1 - Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash.
Homepage:http://www.debian.org/security
File Size:4413
Related CVE(s):CVE-2007-4565
Last Modified:Sep 24 22:11:54 2007
MD5 Checksum:4e0d56b9efe48730352e38c5035f7915

 ///  File Name: 09.19.07-4.txt
Description:
 iDefense Security Advisory 09.19.07 - Remote exploitation of a sign extension vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
Author:regenrecht
Homepage:http://www.idefense.com/
File Size:4371
Related CVE(s):CVE-2007-4988
Last Modified:Sep 24 23:22:44 2007
MD5 Checksum:3fb64565806ae03bcbada338ab849a47

 ///  File Name: sa26715.txt
Description:
 Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM AIX, which can be exploited by malicious, local users to delete certain system files, cause a DoS (Denial of Service), or gain escalated privileges.
Homepage:http://secunia.com/advisories/26715/
File Size:4362
Last Modified:Sep 7 02:01:27 2007
MD5 Checksum:8b5dd314362b6c0e7aaf4b4680a75a8f

 ///  File Name: USN-521-1.txt
Description:
 Ubuntu Security Notice 521-1 - Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.
Homepage:http://security.ubuntu.com/
File Size:4162
Related CVE(s):CVE-2006-4192
Last Modified:Sep 30 01:44:42 2007
MD5 Checksum:bc77e9b2d2f87a175182f634fa4a1e79

 ///  File Name: sa26842.txt
Description:
 Secunia Security Advisory - Fedora has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and disclose potentially sensitive information.
Homepage:http://secunia.com/advisories/26842/
File Size:4146
Last Modified:Sep 20 04:11:10 2007
MD5 Checksum:26b502d42643871fbe41b0dcb6f2f40f

 ///  File Name: sa26718.txt
Description:
 Secunia Security Advisory - Fedora has issued an update for mapserver. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or to potentially compromise a vulnerable system.
Homepage:http://secunia.com/advisories/26718/
File Size:4136
Last Modified:Sep 7 02:01:27 2007
MD5 Checksum:00c3c6ac3febd1d23e5e969bf73287e7

 ///  File Name: waraxe-2007-SA053.txt
Description:
 NukeSentinel version 2.5.11 suffers from a critical SQL injection vulnerability.
Author:waraxe
Homepage:http://www.waraxe.us/
File Size:4125
Last Modified:Sep 25 21:46:25 2007
MD5 Checksum:bc18ba31c199b2db4bc0b4efc68dbaca

 ///  File Name: 09.19.07-1.txt
Description:
 iDefense Security Advisory 09.19.07 - Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code. Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
Author:regenrecht
Homepage:http://www.idefense.com/
File Size:4085
Related CVE(s):CVE-2007-4986
Last Modified:Sep 24 23:19:22 2007
MD5 Checksum:426806812f47416779fe434be2779695

 ///  File Name: 09.19.07-2.txt
Description:
 iDefense Security Advisory 09.19.07 - Remote exploitation of an off-by-one vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
Author:regenrecht
Homepage:http://www.idefense.com/
File Size:4057
Related CVE(s):CVE-2007-4987
Last Modified:Sep 24 23:20:34 2007
MD5 Checksum:95628f231271add7de03202d5f08623e

 ///  File Name: 09.11.07-1.txt
Description:
 iDefense Security Advisory 09.11.07 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp's Microsoft Windows 2000 Agent service could allow an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the Agent Service (agentsvr.exe). Due to improper handling of specially crafted URLs, an attack can cause stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in the Agent service included in Windows 2000. Microsoft reports that newer versions of the Agent service are not vulnerable.
Homepage:http://www.idefense.com/
File Size:3996
Related CVE(s):CVE-2007-3040
Last Modified:Sep 11 19:05:38 2007
MD5 Checksum:ffdb4254be1011f72b81e0af3478bd2b

 ///  File Name: TA07-254A.txt
Description:
 Technical Cyber Security Alert TA07-254A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Visual Studio, Microsoft Windows Services for Unix, and Microsoft MSN Messenger. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Homepage:http://www.us-cert.gov/
File Size:3954
Last Modified:Sep 11 19:06:43 2007
MD5 Checksum:5dbec3956228d973b95b37cbe03097c7

 ///  File Name: glsa-200709-15.txt
Description:
 Gentoo Linux Security Advisory GLSA 200709-15 - An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities. Versions less than 1.5.0.11_p1 are affected.
Homepage:http://security.gentoo.org
File Size:3929
Related CVE(s):CVE-2007-2788, CVE-2007-2789, CVE-2007-3004, CVE-2007-3005, CVE-2007-3503, CVE-2007-3698, CVE-2007-3716, CVE-2007-3922, CVE-2007-4381
Last Modified:Sep 24 23:57:51 2007
MD5 Checksum:a7467985a4a61638b6b3ec74dac18f63

 ///  File Name: 09.19.07-3.txt
Description:
 iDefense Security Advisory 09.19.07 - Remote exploitation of multiple denial of service vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to consume excessive CPU resources on the target system. The first vulnerability exists in the ReadDCMImage() function. Since the return value of ReadBlobByte() is not properly checked, it can enter an infinite loop. The second vulnerability exists in the ReadXCFImage() function. Since the return value of ReadBlobMSBLong() is not properly checked, it can enter an infinite loop. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
Author:regenrecht
Homepage:http://www.idefense.com/
File Size:3922
Related CVE(s):CVE-2007-4985
Last Modified:Sep 24 23:21:43 2007
MD5 Checksum:7d23da6b5f9042babd23911d8d238749

 ///  File Name: sa26660.txt
Description:
 Secunia Security Advisory - Some vulnerabilities and security issues have been reported in Interstage Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks or bypass certain security restrictions.
Homepage:http://secunia.com/advisories/26660/
File Size:3807
Last Modified:Sep 7 02:01:27 2007
MD5 Checksum:8b953198c77f1e514ef9193ea3b321a3

 ///  File Name: sa26728.txt
Description:
 Secunia Security Advisory - Mandriva has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
Homepage:http://secunia.com/advisories/26728/
File Size:3787
Last Modified:Sep 7 19:03:37 2007
MD5 Checksum:47472c89e50504274499d919d3a22b3a

 ///  File Name: CAID-hsmcmv.txt
Description:
 Multiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking in multiple CsAgent service commands. The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values in multiple CsAgent service commands, which can lead to buffer overflow. The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands.
Author:Ken Williams
Homepage:http://www3.ca.com/
File Size:3782
Related CVE(s):CVE-2007-5082, CVE-2007-5083, CVE-2007-5084
Last Modified:Sep 26 22:53:42 2007
MD5 Checksum:5758d3c018842776cb44bd43a352c4c7

 ///  File Name: sa26733.txt
Description:
 Secunia Security Advisory - Debian has issued an update for phpmyadmin. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
Homepage:http://secunia.com/advisories/26733/
File Size:3751
Last Modified:Sep 10 14:58:23 2007
MD5 Checksum:6d3d71dcc90e57290f7bf63453faabed

 ///  File Name: sa26891.txt
Description:
 Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun StarOffice, which potentially can be exploited by malicious people to compromise a user's system.
Homepage:http://secunia.com/advisories/26891/
File Size:3681
Last Modified:Sep 25 18:33:28 2007
MD5 Checksum:2e4be21bfb9049ab3eb3677fce56f6aa

 ///  File Name: glsa-200709-14.txt
Description:
 Gentoo Linux Security Advisory GLSA 200709-14 - Nikolaos Rangos discovered a vulnerability in ClamAV which exists because the recipient address extracted from email messages is not properly sanitized before being used in a call to popen() when executing sendmail (CVE-2007-4560). Also, NULL-pointer dereference errors exist within the cli_scanrtf() function in libclamav/rtf.c and Stefanos Stamatis discovered a NULL-pointer dereference vulnerability within the cli_html_normalise() function in libclamav/htmlnorm.c (CVE-2007-4510). Versions less than 0.91.2 are affected.
Homepage:http://security.gentoo.org
File Size:3638
Related CVE(s):CVE-2007-4510, CVE-2007-4560
Last Modified:Sep 20 22:34:41 2007
MD5 Checksum:f544e7d1cbe8beca74ac314d37e1c77a

 ///  File Name: sa26658.txt
Description:
 Secunia Security Advisory - Some vulnerabilities have been discovered in STPHPLib (SpeedTech PHP Library), which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
Homepage:http://secunia.com/advisories/26658/
File Size:3611
Last Modified:Sep 4 22:20:04 2007
MD5 Checksum:fe0a27c636aea7912d792c528bfebb1a

 ///  File Name: sa26683.txt
Description:
 Secunia Security Advisory - Mandriva has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
Homepage:http://secunia.com/advisories/26683/
File Size:3556
Last Modified:Sep 4 22:20:04 2007
MD5 Checksum:03571c8e971a88cb9d52067902172374

 ///  File Name: sa26926.txt
Description:
 Secunia Security Advisory - Some vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks or compromise a user's system.
Homepage:http://secunia.com/advisories/26926/
File Size:3525
Last Modified:Sep 24 20:19:43 2007
MD5 Checksum:208782b8813861ccaa44a89b67c4ca23

 ///  File Name: aa2k7x.txt
Description:
 Alien Arena 2007 versions 6.10 and below suffers from format string and spoofing vulnerabilities.
Author:Luigi Auriemma
Homepage:http://aluigi.org/
Related Exploit:aa2k7x.zip
File Size:3513
Last Modified:Sep 5 20:55:32 2007
MD5 Checksum:84e62c9d5b256b668bf9e170075f2556
 

 ///  Last 10 Files
  1. :· glsa-200809-04.txt
  2. :· glsa-200809-03.txt
  3. :· glsa-200809-02.txt
  4. :· glsa-200809-01.txt
  5. :· zencart138a-sql.txt
  6. :· atheros-overflow.txt
  7. :· clamav-0.94.tar.gz
  8. :· qwicsitepro-sqlxss.txt
  9. :· awstats-exec.txt
  10. :· clamav-chm.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· glsa-200809-04.txt
  2. :· glsa-200809-03.txt
  3. :· glsa-200809-02.txt
  4. :· glsa-200809-01.txt
  5. :· atheros-overflow.txt
  6. :· clamav-chm.txt
  7. :· marvell-null.txt
  8. :· marvell-overflow.txt
  9. :· USN-640-1.txt
  10. :· FreeBSD-SA-08-09.icmp6.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· zencart138a-sql.txt
  2. :· qwicsitepro-sqlxss.txt
  3. :· awstats-exec.txt
  4. :· google-chrome-dos2.txt
  5. :· google-download1.txt
  6. :· google-chrome-dos1.txt
  7. :· xrms-sqlxss.txt
  8. :· livinglocal-sql.txt
  9. :· moodle-exec.txt
  10. :· uploader6-xss.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· clamav-0.94.tar.gz
  2. :· distack-1.1.0-dev.tar.gz
  3. :· samhain-2.4.6.tar.gz
  4. :· sqlmap-0.6.tar.gz
  5. :· psbot.py.txt
  6. :· mimedefang-2.65.tar.gz
  7. :· advchk-2.11.tar.bz2
  8. :· kisgearth-0.01f.tar.bz2
  9. :· lynis-1.2.0.tar.gz
  10. :· fwknop-1.9.7.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· alphanumeric-shellcode.txt
  2. :· imagebase-shellcode.txt
  3. :· mysql-injection-newbies.txt
  4. :· aslr-bypass.txt
  5. :· draft-gont-opsec-ip-security-01.txt
  6. :· draft-ietf-tsvwg-port-randomization-02.txt
  7. :· evilshell.c
  8. :· OpenSSH-4.4p1-backdoored.tar.gz
  9. :· strongswan-4.2.6.tar.gz
  10. :· freebsd-master.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice