Section: .. / 0804-advisories /
| /// File Name: |
MDVSA-2008-082.txt |
Description:
|
Mandriva Linux Security Advisory - Daniel Papasian discovered a stack-based buffer overflow in the apc_search_paths() function in APC that can be triggered when processing long filenames. A remote attacker could exploit this vulnerability to execute arbitrary code in PHP applications that pass user-controlled input to the include() function.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3292 | | Related CVE(s): | CVE-2008-1488 | | Last Modified: | Apr 10 16:54:53 2008 |
| MD5 Checksum: | 017ee8b5bcc26ebc0b84a1bfa1f756bb |
|
| /// File Name: |
ZDI-08-021.txt |
Description:
|
A vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Flash player attempts to access embedded Actionscript objects that have not been properly instantiated. In order for exploitation to occur, an attacker would have to modify a DeclareFunction2 Actionscript tag within an SWF file. Exploitation of this vulnerability can result in arbitrary code execution under the context of the currently logged in user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3273 | | Related CVE(s): | CVE-2007-6019 | | Last Modified: | Apr 8 23:38:14 2008 |
| MD5 Checksum: | 1c08f7fa969eb04fa424f7f014901bb5 |
|
| /// File Name: |
ioactive-python.txt |
Description:
|
PyString_FromStringAndSize() incorrectly validates input in Python version 2.5.2. Earlier versions may also be vulnerable.
| | Homepage: | http://www.ioactive.com/ | | File Size: | 3268 | | Last Modified: | Apr 11 18:03:41 2008 |
| MD5 Checksum: | ce5261f198566aad695698664c3d2744 |
|
| /// File Name: |
04.09.08-3.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of a format string vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the content of a string in requests. Since this string is passed directly to a formatting function, a format string vulnerability occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3254 | | Related CVE(s): | CVE-2008-0963 | | Last Modified: | Apr 11 14:49:31 2008 |
| MD5 Checksum: | ab70e4fbca77cf4217be52d72bd24f1c |
|
| /// File Name: |
glsa-200804-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-03 - Two flaws have been discovered in OpenSSH which could allow local attackers to escalate their privileges. Versions less than 4.7_p1-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3251 | | Related CVE(s): | CVE-2008-1483, CVE-2008-1657 | | Last Modified: | Apr 8 00:48:31 2008 |
| MD5 Checksum: | d4f2e87f1dbc63781bc654d9051bc4eb |
|
| /// File Name: |
sa29964.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for phpmyadmin.This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks, and by malicious users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29964/ | | File Size: | 3249 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | dbf2545cfd4f33895dbb19587495841d |
|
| /// File Name: |
sa29961.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the Internationalization and Localizer modules for Drupal, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
| | Homepage: | http://secunia.com/advisories/29961/ | | File Size: | 3246 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 48e1cf1622d5f8b6c439a06bf468aac0 |
|
| /// File Name: |
sa29966.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in HP Software Update, which can be exploited by malicious people to disclose certain information or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29966/ | | File Size: | 3242 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | a2a09cd93d270aacb30c50461d6ba20f |
|
| /// File Name: |
ZDI-08-015.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library. The vulnerability resides in the component's parsing of 'crgn' atoms. A lack of proper sanity checks on the region size field can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
| | Author: | Sanbin Li | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3223 | | Related CVE(s): | CVE-2008-1017 | | Last Modified: | Apr 4 19:47:18 2008 |
| MD5 Checksum: | 9c6642a80f757742c14a9e01a910ccbf |
|
| /// File Name: |
sa29957.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, malicious users to cause a DoS (Denial of Service), and malicious people to bypass certain security restrictions, disclose potentially sensitive information, cause a DoS, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29957/ | | File Size: | 3187 | | Last Modified: | Apr 28 18:44:19 2008 |
| MD5 Checksum: | 2123f5b7bfebda2069cf535f9e189489 |
|
| /// File Name: |
sa29993.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various Bluemoon inc. modules for XOOPS, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29993/ | | File Size: | 3177 | | Last Modified: | Apr 28 18:12:57 2008 |
| MD5 Checksum: | bc1a7402046a55e45f2f9ac65d87c86e |
|
| /// File Name: |
ZDI-08-018.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Animation codec. A lack of proper length checks can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3171 | | Related CVE(s): | CVE-2008-1021 | | Last Modified: | Apr 4 19:51:11 2008 |
| MD5 Checksum: | fe8354f74872ddc5dccc2455a6d692b7 |
|
| /// File Name: |
glsa-200804-05-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-05:02 - Multiple integer overflow and buffer overflow vulnerabilities have been discovered in the X.Org X server as shipped by NX and NX Node (vulnerabilities 1-4 in GLSA 200801-09). Versions less than 3.1.0-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3169 | | Last Modified: | Apr 8 00:49:05 2008 |
| MD5 Checksum: | 19b40b26bffd8be163d7613f65f67ace |
|
| /// File Name: |
sa29716.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in KnowledgeQuest, which can be exploited by malicious people to conduct SQL injection attacks or to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29716/ | | File Size: | 3169 | | Last Modified: | Apr 10 16:17:17 2008 |
| MD5 Checksum: | bdcfa4f864dc632ba555c0ddbb7f428b |
|
| /// File Name: |
sa29838.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in multiple Adobe products, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29838/ | | File Size: | 3164 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 2cafac0f0f507db694eec5b69629e3f5 |
|
| /// File Name: |
sa29965.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29965/ | | File Size: | 3155 | | Last Modified: | Apr 28 18:12:57 2008 |
| MD5 Checksum: | 7bff48ec35618f0b69dc293d4e1b69d0 |
|
| /// File Name: |
sa29978.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Java System Directory Server, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29978/ | | File Size: | 3148 | | Last Modified: | Apr 28 18:12:57 2008 |
| MD5 Checksum: | e22ff49d71e8e69f8233a21188133122 |
|
| /// File Name: |
sa29916.txt |
Description:
|
Secunia Security Advisory - AmnPardaz Security Research Team have reported some vulnerabilities and a security issue in Acidcat CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, or to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29916/ | | File Size: | 3147 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 95e99e2c82cda230a064e5fc79493df9 |
|
| /// File Name: |
MDVSA-2008-089.txt |
Description:
|
Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3122 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 18 14:31:41 2008 |
| MD5 Checksum: | e99a3c71b13af72c3e05bd7db5c591d8 |
|
| /// File Name: |
sa29786.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for ImageMagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29786/ | | File Size: | 3108 | | Last Modified: | Apr 18 17:05:03 2008 |
| MD5 Checksum: | 59a648c7b3a4514396b88505204358a0 |
|
| /// File Name: |
sa29761.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for redhat-ds-admin. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29761/ | | File Size: | 3102 | | Last Modified: | Apr 16 18:08:48 2008 |
| MD5 Checksum: | 8c12dab937d23d491310405bcfe526be |
|
| /// File Name: |
04.03.08-1.txt |
Description:
|
iDefense Security Advisory 04.03.08 - Local exploitation of a directory traversal vulnerability within the pkgadd program distributed with SCO Group Inc's UnixWare operating system allows attackers to gain root privileges. iDefense confirmed the existence of this vulnerability within version 7.1.4 of UnixWare with all patches available as of August 27th, 2007 installed. Previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3099 | | Related CVE(s): | CVE-2008-0310 | | Last Modified: | Apr 4 19:54:59 2008 |
| MD5 Checksum: | 54a6b6775305fc5d7841e82a9879ee16 |
|
| /// File Name: |
sa29846.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29846/ | | File Size: | 3099 | | Last Modified: | Apr 18 14:12:52 2008 |
| MD5 Checksum: | 8a4ed6b506eae31ed40ea35da1bee78b |
|
| /// File Name: |
ZDI-08-016.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the parsing of the QuickTime Channel Compositor atom. When the movie file contains a malformed 'chan' atom, a heap corruption occurs resulting in the execution of arbitrary code. Version 7.4.1 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3095 | | Related CVE(s): | CVE-2008-1018 | | Last Modified: | Apr 4 19:48:34 2008 |
| MD5 Checksum: | ce95497bee97f6b5779de8557aa8055e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
