Section: .. / 0804-advisories /
| /// File Name: |
ksesfilter.txt |
Description:
|
kses-based HTML filters for projects like WordPress, Moodle, Drupal, eGroupWare, Dokeos, PHP-Nuke, Geeklog, etc, have been found vulnerable to cross site scripting and code execution vulnerabilities.
| | Author: | Lukas Pilorz | | Homepage: | http://allegro.pl/ | | File Size: | 4498 | | Last Modified: | Apr 4 17:36:05 2008 |
| MD5 Checksum: | 84dffd73915467fb43f6eb8e2af5244f |
|
| /// File Name: |
dsa-1545-1.txt |
Description:
|
Debian Security Advisory 1545-1 - Sebastian Krahmer discovered that an integer overflow in rsync's code for handling extended attributes may lead to arbitrary code execution.
| | Homepage: | http://www.debian.org/security | | File Size: | 4483 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 10 17:19:22 2008 |
| MD5 Checksum: | 60c2d47e8f39b7e8a4cb8ba00b9f1eb6 |
|
| /// File Name: |
secunia-clamav.txt |
Description:
|
Secunia Research has discovered a vulnerability in ClamAV, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "cli_scanpe()" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Upack" executable. Successful exploitation allows execution of arbitrary code. Versions 0.92 and 0.92.1 are affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4482 | | Related CVE(s): | CVE-2008-1100 | | Last Modified: | Apr 14 16:48:27 2008 |
| MD5 Checksum: | bc71a35fc0ef71c2746cdc41b8e30f13 |
|
| /// File Name: |
sa29720.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/29720/ | | File Size: | 4441 | | Last Modified: | Apr 8 22:22:39 2008 |
| MD5 Checksum: | 4d912b1a387274f69634933ec99a6d0b |
|
| /// File Name: |
secunia-activefolio.txt |
Description:
|
Secunia Research has discovered 21 vulnerabilities in activePDF DocConverter, which can be exploited by malicious people to compromise a vulnerable system. Boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4427 | | Related CVE(s): | CVE-2007-6020 | | Last Modified: | Apr 14 17:37:16 2008 |
| MD5 Checksum: | 1c9df97a790f8ff13a24742726f83853 |
|
| /// File Name: |
04.08.08-2.txt |
Description:
|
iDefense Security Advisory 04.08.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 SP4 and Windows XP SP2.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4393 | | Related CVE(s): | CVE-2008-1083 | | Last Modified: | Apr 8 23:47:33 2008 |
| MD5 Checksum: | 34d30137464d61e601f066344de4ddb9 |
|
| /// File Name: |
MDVSA-2008-084.txt |
Description:
|
Mandriva Linux Security Advisory - Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attacker could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4391 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 14 16:05:56 2008 |
| MD5 Checksum: | 2256326410ab661f147afb96ec79eaa8 |
|
| /// File Name: |
secunia-htmsr.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. A boundary error within the HTML speed reader (htmsr.dll) when handling links in e.g. the "background" attribute of BODY tags can be exploited to cause a stack-based buffer overflow. A boundary error within the HTML speed reader (htmsr.dll) when handling e.g. the "src" attribute of IMG tags can be exploited to cause a stack-based buffer overflow. A boundary error within the HTML speed reader (htmsr.dll) when handling large chunks of data inside an HTML document can be exploited to cause a heap-based buffer overflow. Lotus Notes version 7.0.2 and 7.0.3 are affected.
| | Author: | Secunia Research | | Homepage: | http://secunia.com/ | | File Size: | 4381 | | Related CVE(s): | CVE-2008-0066 | | Last Modified: | Apr 14 17:13:29 2008 |
| MD5 Checksum: | a558444c02a80ac7014bcf1ad4adba8f |
|
| /// File Name: |
04.08.08-3.txt |
Description:
|
iDefense Security Advisory 04.08.08 - Remote exploitation of a heap based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, and Windows Vista.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4366 | | Related CVE(s): | CVE-2008-1083 | | Last Modified: | Apr 8 23:49:18 2008 |
| MD5 Checksum: | 60f3fc7a671c6778db875e863f646c5d |
|
| /// File Name: |
akamai-activex.txt |
Description:
|
A security vulnerability has been discovered in versions prior to 2.2.3.5 of Akamai Download Manager. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user.
| | Author: | iDefense | | Homepage: | http://www.akamai.com/ | | File Size: | 4350 | | Related CVE(s): | CVE-2007-6339 | | Last Modified: | Apr 30 20:50:51 2008 |
| MD5 Checksum: | b705edaeedc6bd7e8536506f8e8c9491 |
|
| /// File Name: |
secunia-hpopenwide.txt |
Description:
|
Secunia Research has discovered a vulnerability in HP OpenView Network Node Manager, which can be exploited by malicious people to disclose certain information. It is possible to download or view arbitrary files by sending a HTTP request to the OpenView5.exe CGI application and passing strings containing directory traversal sequences to the "Action" parameter. HP OpenView Network Node Manager version 7.51 is affected.
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4311 | | Related CVE(s): | CVE-2008-0068 | | Last Modified: | Apr 14 17:46:36 2008 |
| MD5 Checksum: | fe82ad6a60c92b2a8a4138eb93854f3c |
|
| /// File Name: |
secunia-folioflat.txt |
Description:
|
Secunia Research has discovered 21 vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a vulnerable system. Boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows. Lotus Notes versions 7.0.3 and 8.0 are affected.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4305 | | Related CVE(s): | CVE-2007-6020 | | Last Modified: | Apr 14 17:15:20 2008 |
| MD5 Checksum: | 658d6de2e5bf506bdc6b9c42899cd2ed |
|
| /// File Name: |
CAalert-multi.txt |
Description:
|
CA Security Advisory - CA Alert Notification Server service contains multiple vulnerabilities that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The vulnerabilities are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4301 | | Related CVE(s): | CVE-2007-4620 | | Last Modified: | Apr 4 20:06:38 2008 |
| MD5 Checksum: | 0f210394aad268a0f3f84f8d8acfb639 |
|
| /// File Name: |
sa29665.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various CA products, which can be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29665/ | | File Size: | 4297 | | Last Modified: | Apr 4 16:56:23 2008 |
| MD5 Checksum: | 23c9019b81f4b41328d6003de3430900 |
|
| /// File Name: |
secunia-adobeheap.txt |
Description:
|
Secunia Research has discovered a vulnerability in Adobe Flash Player, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of "Declare Function (V7)" tags. This can be exploited to cause a heap-based buffer overflow via specially crafted argument preload flags. Successful exploitation may allow execution of arbitrary code. Adobe Flash Player 9.0.115.0 is affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4263 | | Related CVE(s): | CVE-2007-6019 | | Last Modified: | Apr 14 16:49:44 2008 |
| MD5 Checksum: | 85907b98a4a0365807e5c2b1c7cfffaf |
|
| /// File Name: |
secunia-datastream.txt |
Description:
|
Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing data streams and can be exploited to trigger a use-after-free condition by returning a specially crafted data stream of e.g. an unexpected MIME-type for which no handler is registered. Successful exploitation allows execution of arbitrary code when a user visits a malicious website. Versions 5.01, 6, and 7 are affected.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4256 | | Related CVE(s): | CVE-2008-1085 | | Last Modified: | Apr 14 17:34:40 2008 |
| MD5 Checksum: | 1f288ff9a8f03d249d4baf06e66ac53c |
|
| /// File Name: |
secunia-keyview.txt |
Description:
|
Secunia Research has discovered 21 vulnerabilities in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. Boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows. Autonomy Keyview version 10.3.0.0 is affected.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4229 | | Related CVE(s): | CVE-2007-6020 | | Last Modified: | Apr 14 17:22:08 2008 |
| MD5 Checksum: | 355e6bf2288853d5658d3ab39bceee50 |
|
| /// File Name: |
sa29747.txt |
Description:
|
Secunia Security Advisory - Some security issues and vulnerabilities have been reported in Nortel Communication Server, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29747/ | | File Size: | 4205 | | Last Modified: | Apr 15 13:23:16 2008 |
| MD5 Checksum: | 5a9345a219037e8f933cdca35f489858 |
|
| /// File Name: |
glsa-200804-27.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 4182 | | Related CVE(s): | CVE-2008-1227, CVE-2008-1429, CVE-2008-1552 | | Last Modified: | Apr 24 16:25:59 2008 |
| MD5 Checksum: | 22e5a4d1c293c8e431da1d01bd9d9ee2 |
|
| /// File Name: |
dsa-1544-1.txt |
Description:
|
Debian Security Advisory 1544-1 - Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a weak random number generator to create DNS transaction IDs and UDP source port numbers. As a result, cache poisoning attacks were simplified.
| | Homepage: | http://www.debian.org/security | | File Size: | 4181 | | Related CVE(s): | CVE-2008-1637 | | Last Modified: | Apr 10 16:37:42 2008 |
| MD5 Checksum: | 5f318a0c586da19bca411140ef2d5fe4 |
|
| /// File Name: |
sa29833.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in LightNEasy, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, disclose sensitive information, manipulate data, or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29833/ | | File Size: | 4167 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 1ab581f5f3d78727385fb7c8331e8822 |
|
| /// File Name: |
sa29774.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in multiple TIBCO products, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29774/ | | File Size: | 4161 | | Last Modified: | Apr 10 17:19:45 2008 |
| MD5 Checksum: | 322d0802af9c74c4d1c9d64742a2b391 |
|
| /// File Name: |
sa29712.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29712/ | | File Size: | 4114 | | Last Modified: | Apr 8 22:22:39 2008 |
| MD5 Checksum: | b9269c663dfc6c8da16ca83b590dde8f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
