Section: .. / 0907-advisories /
| /// File Name: |
TPTI-09-05.txt |
Description:
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file. The specific flaw exists within Microsoft's DirectShow module quartz.dll. While parsing QuickTime atoms the NumberOfEntries field is trusted and if modified can control the location of several pointers meant to track stream positions. Specifying values that are larger than the number of bytes left to process in the input file will cause corruption that can be leveraged to execute arbitrary code.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 1573 | | Related CVE(s): | CVE-2009-1539 | | Last Modified: | Jul 14 16:34:50 2009 |
| MD5 Checksum: | e16bfcbae52be9ce88926b9310a928f4 |
|
| /// File Name: |
ZDI-09-045.txt |
Description:
|
Zero Day Initiative Advisory 09-045 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a target must visit a malicious page or open a malicious video file. The specific flaw exists within the parsing of the length records of certain QuickTime atoms. The application implicitly trusts the length during a transformation which will lead to memory corruption and can be leveraged to execute arbitrary code under the context of the current user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2706 | | Related CVE(s): | CVE-2009-1539 | | Last Modified: | Jul 14 16:34:29 2009 |
| MD5 Checksum: | 880ec874756b2f62a365bb8d8f4e4a5a |
|
| /// File Name: |
USN-803-1.txt |
Description:
|
Ubuntu Security Notice USN-803-1 - It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23739 | | Related CVE(s): | CVE-2009-0692 | | Last Modified: | Jul 14 16:26:27 2009 |
| MD5 Checksum: | 13c59926aecfb14856f64bee352d4038 |
|
| /// File Name: |
glsa-200907-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-12 - A buffer overflow in dhclient as included in the ISC DHCP implementation allows for the remote execution of arbitrary code with root privileges. The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. Versions less than 3.1.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2594 | | Related CVE(s): | CVE-2009-0692 | | Last Modified: | Jul 14 15:58:52 2009 |
| MD5 Checksum: | 0203d7b18f819cf7a6ee13296903ea32 |
|
| /// File Name: |
americasarmy-loop.txt |
Description:
|
America's Army 3 versions 3.0.5 and below suffer from an endless packet looping vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | udpsz.zip | | File Size: | 3218 | | Last Modified: | Jul 14 15:31:50 2009 |
| MD5 Checksum: | f4b24aaf06b3ffa6553e8a4b95d60f18 |
|
| /// File Name: |
dsa-1829-2.txt |
Description:
|
Debian Security Advisory 1829-2 - The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 4583 | | Related CVE(s): | CVE-2009-2360 | | Last Modified: | Jul 14 14:36:34 2009 |
| MD5 Checksum: | b881031aea974e2a0b897e090b1376e7 |
|
| /// File Name: |
oCERT-2009-010.txt |
Description:
|
The mimeTeX and mathTeX CGIs suffer from several buffer overflows as well as command injection which result in remote code execution. Unfortunately mimeTeX and mathTex are provided without version numbers by the maintainer, who releases version-less zip archives. It is therefore impossible to provide affected version numbers.
| | Author: | Chris Evans,Damien Miller | | File Size: | 2734 | | Related CVE(s): | CVE-2009-1382, CVE-2009-1383 | | Last Modified: | Jul 14 14:25:35 2009 |
| MD5 Checksum: | c7054415cf4b97f427efeec7cef352ed |
|
| /// File Name: |
FGA-2009-27.txt |
Description:
|
A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.
| | Author: | Haifei Li | | Homepage: | http://www.fortinet.com/ | | File Size: | 3054 | | Related CVE(s): | CVE-2009-1136 | | Last Modified: | Jul 14 14:19:47 2009 |
| MD5 Checksum: | 4d075e76c6de222b3a0822e2c095bd1d |
|
| /// File Name: |
sa35806.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in shiromuku(fs6)DIARY, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 2458 | | Last Modified: | Jul 14 12:49:27 2009 |
| MD5 Checksum: | 4f806f999c47d8af32d1661b397fa8c0 |
|
| /// File Name: |
sa35780.txt |
Description:
|
Secunia Security Advisory - ANTHRAX666 has discovered a vulnerability in HTMLDOC, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/ | | File Size: | 2366 | | Last Modified: | Jul 14 12:49:25 2009 |
| MD5 Checksum: | e85e8f86110f61b066c96945a89e0ce9 |
|
| /// File Name: |
sa35794.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Wyse Device Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/ | | File Size: | 2564 | | Last Modified: | Jul 14 12:49:22 2009 |
| MD5 Checksum: | feba5e080c7616c235685d76351483df |
|
| /// File Name: |
sa35820.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for djbdns. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
| | Homepage: | http://secunia.com/ | | File Size: | 6544 | | Last Modified: | Jul 14 12:49:20 2009 |
| MD5 Checksum: | 15fe618728eb2d3e7fb787eae3b24fc5 |
|
| /// File Name: |
sa35811.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for tiff. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
| | Homepage: | http://secunia.com/ | | File Size: | 18271 | | Last Modified: | Jul 14 12:49:17 2009 |
| MD5 Checksum: | 030516751528e7530fbef48bd4f9becf |
|
| /// File Name: |
sa35819.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for camlimages. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
| | Homepage: | http://secunia.com/ | | File Size: | 11327 | | Last Modified: | Jul 14 12:49:15 2009 |
| MD5 Checksum: | 1ab55a381af543036343961a8a737034 |
|
| /// File Name: |
sa35812.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for irssi. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/ | | File Size: | 10308 | | Last Modified: | Jul 14 12:49:12 2009 |
| MD5 Checksum: | 5c7d4402adbbfb6c01845f4072efb7c5 |
|
| /// File Name: |
sa35813.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for apache2. This fixes a weakness and a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/ | | File Size: | 23738 | | Last Modified: | Jul 14 12:49:10 2009 |
| MD5 Checksum: | de937cce5e071a1d3ae2acdd4ff24304 |
|
| /// File Name: |
sa35817.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in LibTIFF, which can be exploited by malicious people to potentially compromise a user's system.
| | Homepage: | http://secunia.com/ | | File Size: | 2697 | | Last Modified: | Jul 14 12:49:07 2009 |
| MD5 Checksum: | 8455f463d1c9a211b0266569dffe386a |
|
| /// File Name: |
sa35823.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for apache2. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/ | | File Size: | 8769 | | Last Modified: | Jul 14 12:49:05 2009 |
| MD5 Checksum: | 2470ca08543e85044607d7152048b4fe |
|
| /// File Name: |
sa35711.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in TekRADIUS, which can be exploited by malicious, local users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 2530 | | Last Modified: | Jul 14 12:49:02 2009 |
| MD5 Checksum: | 15b374787191075433eb8ee7bc479134 |
|
| /// File Name: |
sa35728.txt |
Description:
|
Secunia Security Advisory - Qabandi has reported a vulnerability in Mlffat, which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 2304 | | Last Modified: | Jul 14 12:49:00 2009 |
| MD5 Checksum: | cd353d2a595d54b2579cc78debe34549 |
|
| /// File Name: |
sa35821.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in LogRover, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 2442 | | Last Modified: | Jul 14 12:48:57 2009 |
| MD5 Checksum: | 64f713a5f6ab1ca834164593e236ae30 |
|
| /// File Name: |
sa35772.txt |
Description:
|
Secunia Security Advisory - Affix has reported a vulnerability in OnePound Shop, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 2225 | | Last Modified: | Jul 14 12:48:54 2009 |
| MD5 Checksum: | e6fbdac31fcf24f1ca4399a33d1907b0 |
|
| /// File Name: |
sa35818.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 2385 | | Last Modified: | Jul 14 12:48:52 2009 |
| MD5 Checksum: | 3cd5ef22b3f3b544aacab885d3f9b304 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
