Section: .. / 0712-advisories /
| /// File Name: |
sa27871.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Symantec Mail Security, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27871/ | | File Size: | 3124 | | Last Modified: | Dec 12 17:55:08 2007 |
| MD5 Checksum: | 8d1f89ed7811e23baa117ff508d27679 |
|
| /// File Name: |
sa28046.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in the mod_imagemap module for Apache, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28046/ | | File Size: | 2565 | | Last Modified: | Dec 12 17:55:08 2007 |
| MD5 Checksum: | 964b58fd20cf66e9e54ab375191ca601 |
|
| /// File Name: |
sa28068.txt |
Description:
|
Secunia Security Advisory - Sun has issued an update for Adobe Flash Player. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28068/ | | File Size: | 2605 | | Last Modified: | Dec 12 17:55:08 2007 |
| MD5 Checksum: | 6395f44f6249dde65cf8d18f6c1cef38 |
|
| /// File Name: |
sa28073.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in the mod_imap module for Apache, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28073/ | | File Size: | 2719 | | Last Modified: | Dec 12 17:55:08 2007 |
| MD5 Checksum: | ce27aeaa3a203c4b2dca6a243f789fdb |
|
| /// File Name: |
12.11.07-2.txt |
Description:
|
iDefense Security Advisory 12.11.07 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s DirectShow could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability exists in the DirectShow SAMI parser, which is implemented in quartz.dll. When the SAMI parser copies parameters into a stack buffer, it does not properly check the length of the parameter. As such, parsing a specially crafted SAMI file can cause a stack-based buffer overflow. This allows an attacker to execute arbitrary code. iDefense has confirmed Microsoft DirectX 7.x and Microsoft DirectX 8.x are vulnerable. Microsoft DirectX 9.0c or newer is not vulnerable.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4259 | | Related CVE(s): | CVE-2007-3901 | | Last Modified: | Dec 12 17:55:01 2007 |
| MD5 Checksum: | e693d3582cbe875a9d4d0f14be2e879c |
|
| /// File Name: |
12.11.07-1.txt |
Description:
|
iDefense Security Advisory 12.11.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code in the context of the current user. The vulnerability lies in the JavaScript setExpression method, which is implemented in mshtml.dll. When malformed parameters are supplied, memory can be corrupted in a way that results in Internet Explorer accessing a previously deleted object. By creating a specially crafted web page, it is possible for an attacker to control the contents of the memory pointed to by the released object. This allows an attacker to execute arbitrary code. As of April 5th, 2007, iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0 with all available security patches are vulnerable. Older versions of Internet Explorer may also be vulnerable.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3988 | | Related CVE(s): | CVE-2007-3902 | | Last Modified: | Dec 12 17:53:34 2007 |
| MD5 Checksum: | 9c4c580a8e36817b3afe5e7aa86438ed |
|
| /// File Name: |
msoffice-signature.txt |
Description:
|
Microsoft Office 2007's digital signature protection does not protect meta-data.
| | Author: | Henrich C. Poehls, Dong Tran, Finn Petersen, Frederic Pscheid | | File Size: | 2944 | | Last Modified: | Dec 12 17:33:42 2007 |
| MD5 Checksum: | 4344e3549407ac807bc6531c29a6bf52 |
|
| /// File Name: |
SUSE-SA-2007-068.txt |
Description:
|
SUSE Security Announcement - The Samba suite is an open-source implementation of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON packets.
| | Homepage: | http://www.suse.com | | File Size: | 38640 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 12 14:21:14 2007 |
| MD5 Checksum: | 82308caf56f9dc3eeeb3831af2756513 |
|
| /// File Name: |
sa27894.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27894/ | | File Size: | 3035 | | Last Modified: | Dec 12 14:13:13 2007 |
| MD5 Checksum: | d69f5340bce4f8f4835c9127d9ff16c4 |
|
| /// File Name: |
sa27993.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27993/ | | File Size: | 2972 | | Last Modified: | Dec 12 14:13:13 2007 |
| MD5 Checksum: | 587b8c6b9eb082b42037be30eda21bd1 |
|
| /// File Name: |
sa27999.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27999/ | | File Size: | 40499 | | Last Modified: | Dec 12 14:13:13 2007 |
| MD5 Checksum: | e87b97683a97d3f7089939c77a0d4bd1 |
|
| /// File Name: |
sa28019.txt |
Description:
|
Secunia Security Advisory - Dave Lewis has reported a vulnerability in Websense Enterprise and Websense Web Security Suite, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28019/ | | File Size: | 2746 | | Last Modified: | Dec 12 14:13:13 2007 |
| MD5 Checksum: | 803d29181426e914062e948338cabdb9 |
|
| /// File Name: |
sa28044.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM AIX, which have unknown impacts.
| | Homepage: | http://secunia.com/advisories/28044/ | | File Size: | 2983 | | Last Modified: | Dec 12 14:13:13 2007 |
| MD5 Checksum: | 3f341c5952ce1998e43b9e848d5519e5 |
|
| /// File Name: |
sa28052.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Red Hat Enterprise Linux, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28052/ | | File Size: | 2808 | | Last Modified: | Dec 12 14:13:13 2007 |
| MD5 Checksum: | 72a44ed29fee0ed9607509b9a1a4b1a5 |
|
| /// File Name: |
sa28033.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28033/ | | File Size: | 33964 | | Last Modified: | Dec 11 23:41:36 2007 |
| MD5 Checksum: | be3b577bcd234c99793c20d7474de745 |
|
| /// File Name: |
ZDI-07-076.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. Authentication is not required to exploit this vulnerability. The specific flaw exists in the RPC interface defined on port 2103 with UUID fdb3a030-065f-11d1-bb9b-00a024ea5525. During the processing of opnum 0x06 the service copies user-supplied information into a fixed length stack buffer. Sending at least 300 bytes will trigger a stack based buffer overflow due to a vulnerable wcscat() call. Exploitation of this issue can result in arbitrary code execution. Affected versions are Windows 2000 SP4 and Windows XP SP2.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3201 | | Related CVE(s): | CVE-2007-3039 | | Last Modified: | Dec 11 23:41:28 2007 |
| MD5 Checksum: | 1bd474b25aceb117a8378f9633f4f4c3 |
|
| /// File Name: |
ZDI-07-075.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. By storing references to document nodes, then removing them by a separate reference, the document model in memory becomes unstable. Accessing the tags property while the document is in this unstable condition results in a heap corruption, allowing the execution of arbitrary code. Affected versions are 6 and 7.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3211 | | Related CVE(s): | CVE-2007-5344 | | Last Modified: | Dec 11 23:40:00 2007 |
| MD5 Checksum: | 8cb065228f52501f33ed8e57b6ede1fd |
|
| /// File Name: |
ZDI-07-074.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists due to improper use of the "cloneNode" and "nodeValue" javascript functions. When a specially crafted element is used during a repetitive call to one of these functions memory corruption can occur leading to remote code execution. Affected versions are 6 and 7.
| | Author: | Sam Thomas | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3060 | | Related CVE(s): | CVE-2007-3903 | | Last Modified: | Dec 11 23:38:59 2007 |
| MD5 Checksum: | 9d7271a44009b158cbf029b35d907e4d |
|
| /// File Name: |
ZDI-07-073.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the CRecalcProperty function in mshtml.dll. When rendering HTML after calling the setExpression methods, followed by a modification of the outerHTML property of a programatically created element. The vulnerable code dereferences a previously freed memory location which can be leveraged to execute arbitrary code. Affected versions are 5.01 SP4, 6, and 7.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3185 | | Related CVE(s): | CVE-2007-3902 | | Last Modified: | Dec 11 23:37:45 2007 |
| MD5 Checksum: | e0dac5f14981b09e1dc863847489ab40 |
|
| /// File Name: |
dsa-1431-1.txt |
Description:
|
Debian Security Advisory 1431-1 - It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby language, didn't properly sanitize input prior to constructing dialogs. This could allow for the execution of arbitrary code if untrusted input is displayed within a dialog.
| | Homepage: | http://www.debian.org/security | | File Size: | 82292 | | Related CVE(s): | CVE-2007-6183 | | Last Modified: | Dec 11 23:27:48 2007 |
| MD5 Checksum: | 6c1ffb00f33c9c4f31805eeaa783ac7e |
|
| /// File Name: |
dsa-1430-1.txt |
Description:
|
Debian Security Advisory 1430-1 - It was reported that a race condition exists in libnss-ldap, an NSS module for using LDAP as a naming service, which could cause denial of service attacks when applications use pthreads.
| | Homepage: | http://www.debian.org/security | | File Size: | 7993 | | Related CVE(s): | CVE-2007-5794 | | Last Modified: | Dec 11 23:26:53 2007 |
| MD5 Checksum: | bf0f4fcb1717a4e3fc9857992734d35a |
|
| /// File Name: |
dsa-1429-1.txt |
Description:
|
Debian Security Advisory 1429-1 - Michael Skibbe discovered that htdig, a WWW search system for an intranet or small internet, did not adequately quote values submitted to the search script, allowing remote attackers to inject arbitrary script or HTML into specially crafted links.
| | Homepage: | http://www.debian.org/security | | File Size: | 5030 | | Related CVE(s): | CVE-2007-6110 | | Last Modified: | Dec 11 23:26:15 2007 |
| MD5 Checksum: | f4050876b964b773d3a157af25d6c82f |
|
| /// File Name: |
dsa-1428-1.txt |
Description:
|
Debian Security Advisory 1428-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 37085 | | Related CVE(s): | CVE-2007-3104, CVE-2007-4997, CVE-2007-5500 | | Last Modified: | Dec 11 23:25:34 2007 |
| MD5 Checksum: | fb4b7a3957aab9d74e171dcfe9669d11 |
|
| /// File Name: |
sa26566.txt |
Description:
|
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in Vantage Linguistics AnswerWorks, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26566/ | | File Size: | 3163 | | Last Modified: | Dec 11 23:24:38 2007 |
| MD5 Checksum: | a9c328f235ce44653edc3f42ab107b67 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
