Section: .. / Last 100 Advisory Files /
| /// File Name: | MDVSA-2010-142.txt | Description:
| Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16505 | | Related CVE(s): | CVE-2010-0211, CVE-2010-0212 | | Last Modified: | Jul 28 18:42:06 2010 | | MD5 Checksum: | 7c99ef64bfc0338ec6f317c16f73ff04 |
|
| /// File Name: | secunia-autonomykvrp.txt | Description:
| Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4449 | | Related CVE(s): | CVE-2010-0133 | | Last Modified: | Jul 28 14:18:24 2010 | | MD5 Checksum: | 1e07e58e799d937de79f9a8685c827aa |
|
| /// File Name: | secunia-autonomykvindex.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4524 | | Related CVE(s): | CVE-2010-1524 | | Last Modified: | Jul 28 14:17:09 2010 | | MD5 Checksum: | 3d559dc765a3666312900d97ec293124 |
|
| /// File Name: | secunia-wkssriu.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4554 | | Related CVE(s): | CVE-2010-1525 | | Last Modified: | Jul 28 14:05:08 2010 | | MD5 Checksum: | 50abca786543ffdc74a394e0ff72c086 |
|
| /// File Name: | secunia-autonomywosr.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4465 | | Related CVE(s): | CVE-2010-0135 | | Last Modified: | Jul 28 14:03:59 2010 | | MD5 Checksum: | 54f75386e8a64e96a4a8814d3df82ed6 |
|
| /// File Name: | secunia-autonomyrtfsigned.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the "\\ls" keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4490 | | Related CVE(s): | CVE-2010-0134 | | Last Modified: | Jul 28 14:02:22 2010 | | MD5 Checksum: | 051da84386777387a8d490662fbcab7b |
|
| /// File Name: | secunia-autonomywkssr.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4562 | | Related CVE(s): | CVE-2010-0131 | | Last Modified: | Jul 28 13:59:30 2010 | | MD5 Checksum: | b86bf4c0e20e58cec482e0807c9fbb94 |
|
| /// File Name: | secunia-autonomycfp.txt | Description:
| Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4672 | | Related CVE(s): | CVE-2010-0126 | | Last Modified: | Jul 28 13:55:45 2010 | | MD5 Checksum: | 51d0af3f78c93a798c10dd606371c9df |
|
| /// File Name: | dsa-2076-1.txt | Description:
| Debian Linux Security Advisory 2076-1 - It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 9249 | | Related CVE(s): | CVE-2010-2547 | | Last Modified: | Jul 27 21:22:59 2010 | | MD5 Checksum: | 9e20355dee50b90ffcce599a243fd717 |
|
| /// File Name: | MDVSA-2010-141.txt | Description:
| Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5981 | | Related CVE(s): | CVE-2010-1635, CVE-2010-1642 | | Last Modified: | Jul 27 21:20:06 2010 | | MD5 Checksum: | 61476c47e396c1762c6244eb9488a6f5 |
|
| /// File Name: | MDVSA-2010-140.txt | Description:
| Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 42790 | | Related CVE(s): | CVE-2010-2531, CVE-2010-0397, CVE-2010-2225 | | Last Modified: | Jul 27 21:18:57 2010 | | MD5 Checksum: | 9728cbfda6ca6f7ff1a4ca0bc367b17c |
|
| /// File Name: | MDVSA-2010-139.txt | Description:
| Mandriva Linux Security Advisory 2010-139 - This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible interruption array leak in strrchr(). Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). Fixed a possible memory corruption in substr_replace(). Fixed SplObjectStorage unserialization problems. Fixed a possible stack exhaustion inside fnmatch(). Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed handling of session variable serialization on certain prefix characters. Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 117022 | | Related CVE(s): | CVE-2010-2484, CVE-2010-2225, CVE-2010-0397, CVE-2010-2531 | | Last Modified: | Jul 27 19:22:48 2010 | | MD5 Checksum: | 2b75ea5f7908e8b6b979d2ee7f9b6e02 |
|
| /// File Name: | USN-964-1.txt | Description:
| Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 3854 | | Related CVE(s): | CVE-2010-0833 | | Last Modified: | Jul 26 18:53:46 2010 | | MD5 Checksum: | 3111259b30c67166c3ac294216b6aa2f |
|
| /// File Name: | USN-930-6.txt | Description:
| Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 36442 | | Related CVE(s): | CVE-2010-2755 | | Last Modified: | Jul 26 18:52:50 2010 | | MD5 Checksum: | 324692d14b04636308087c2f0b7a0216 |
|
| /// File Name: | USN-957-2.txt | Description:
| Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 33406 | | Related CVE(s): | CVE-2010-2755 | | Last Modified: | Jul 26 18:50:45 2010 | | MD5 Checksum: | 3ac0be5b6b188eb8f7028ff06ce196a5 |
|
| /// File Name: | LWSA-2010-011.txt | Description:
| Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired. | | Homepage: | http://www.likewise.com/ | | File Size: | 2860 | | Related CVE(s): | CVE-2010-0833 | | Last Modified: | Jul 26 18:48:56 2010 | | MD5 Checksum: | e3445faede7a32cf2db6c82cd7257311 |
|
| /// File Name: | nessus-xssdisclose.txt | Description:
| The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities. | | Author: | Renaud Deraison | | Homepage: | http://www.nessus.org | | File Size: | 4602 | | Last Modified: | Jul 26 18:46:42 2010 | | MD5 Checksum: | df40b917caf2683326df86131ff08b44 |
|
| /// File Name: | macosxwebdav-dos.txt | Description:
| The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation. | | Author: | Dan Rosenberg | | File Size: | 3441 | | Related CVE(s): | CVE-2010-1794 | | Last Modified: | Jul 26 18:43:41 2010 | | MD5 Checksum: | 435b710d622d103c5cd3285c6c725f47 |
|
| /// File Name: | foofus-20100726.txt | Description:
| The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected. | | Author: | Spider | | Homepage: | http://www.foofus.net/ | | File Size: | 2890 | | Last Modified: | Jul 26 18:40:02 2010 | | MD5 Checksum: | e3cc0c7592f38c3b6586dee82cf27d3e |
|
| /// File Name: | USN-958-1.txt | Description:
| Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7015 | | Related CVE(s): | CVE-2010-0654, CVE-2010-1205, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754 | | Last Modified: | Jul 26 16:52:04 2010 | | MD5 Checksum: | 0de1e7fa26e9a0047dec66a87aa31f88 |
|
| /// File Name: | MDVSA-2010-138.txt | Description:
| Mandriva Linux Security Advisory 2010-138 - Ovidiu Mara reported a vulnerability in ping.c (iputils) that could cause ping to hang when responding to a malicious echo reply. The updated packages have been patched to correct these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5056 | | Related CVE(s): | CVE-2010-2529 | | Last Modified: | Jul 23 16:03:25 2010 | | MD5 Checksum: | f3a0872b53366adca0c324b1c26cef97 |
|
| /// File Name: | USN-930-5.txt | Description:
| Ubuntu Security Notice 930-5 - USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. It was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 60875 | | Related CVE(s): | CVE-2008-5913, CVE-2010-0654, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754, CVE-2010-1212 | | Last Modified: | Jul 23 15:57:40 2010 | | MD5 Checksum: | b18fb0e1a60d1c8024c63d29cf99455e |
|
| /// File Name: | USN-930-4.txt | Description:
| Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 23090 | | Related CVE(s): | CVE-2008-5913, CVE-2010-0654, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202, CVE-2010-1203, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754, CVE-2010-1212 | | Last Modified: | Jul 23 15:51:43 2010 | | MD5 Checksum: | 8dac06ec88431ebfc36d057240bcabe5 |
|
| /// File Name: | USN-927-8.txt | Description:
| Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 5226 | | Last Modified: | Jul 23 15:51:16 2010 | | MD5 Checksum: | 64b84ca6839b3b57d046d740d8088886 |
|
| /// File Name: | DSECRG-09-068.txt | Description:
| SAP NetWeaver SLD versions 6.4 through 7.02 suffer from multiple cross site scripting vulnerabilities. | | Author: | Alexey Troshichev,Sh2kerr | | Homepage: | http://www.dsec.ru/ | | File Size: | 2579 | | Last Modified: | Jul 23 15:24:39 2010 | | MD5 Checksum: | 451abfbc0ef4b0e2a82befc9477d71d6 |
|
| /// File Name: | USN-957-1.txt | Description:
| Ubuntu Security Notice 957-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Various integer overflows and other issues have also been addressed. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 33146 | | Related CVE(s): | CVE-2010-0654, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754 | | Last Modified: | Jul 23 14:04:51 2010 | | MD5 Checksum: | 7a1629e070c14bb4c39b6846bb407b61 |
|
| /// File Name: | USN-927-7.txt | Description:
| Ubuntu Security Notice 927-7 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 4196 | | Last Modified: | Jul 23 14:04:32 2010 | | MD5 Checksum: | f5a372a92aec2d56467fcbe6e439463c |
|
| /// File Name: | USN-927-6.txt | Description:
| Ubuntu Security Notice 927-6 - USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 5804 | | Related CVE(s): | CVE-2009-3555 | | Last Modified: | Jul 23 14:03:56 2010 | | MD5 Checksum: | db50040bea6baa775cf39cbee8ab38e7 |
|
| /// File Name: | ZDI-10-137.txt | Description:
| Zero Day Initiative Advisory 10-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module which is loaded by the webappmon.exe CGI program. This DLL defines a function execvp_nc which unsafely concatenates a controllable command string into a statically allocated stack buffer. By supplying overly large values to variables passed through an HTTP request a strcat_new can be made to overflow this buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3144 | | Related CVE(s): | CVE-2010-2703 | | Last Modified: | Jul 21 20:26:22 2010 | | MD5 Checksum: | 8e35a02eb798212081089b29dd3734be |
|
| /// File Name: | ZDI-10-136.txt | Description:
| Zero Day Initiative Advisory 10-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Teaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tomcat server installed by default with Teaming. The server exposes an AJAX request handler which allows a remote user to upload an image via the upload_image_file operation. By crafting a specially formatted filename an attacker can bypass a name-mangling mechanism and traverse outside the intended temporary directory. By uploading a malicious JSP document to the web directory, an attacker can abuse this functionality to execute arbitrary code under the context of the SYSTEM user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3155 | | Last Modified: | Jul 21 20:26:02 2010 | | MD5 Checksum: | 542610dde673af95d2ee4fdae0cfc9c8 |
|
| /// File Name: | cisco-sa-20100721-spcdn.txt | Description:
| Cisco Security Advisory - The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks. Cisco has released free software updates that address this vulnerability. | | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 15420 | | Related CVE(s): | CVE-2010-1577 | | Last Modified: | Jul 21 20:24:23 2010 | | MD5 Checksum: | 2a6cec2e7c8969b69256572f86e1b516 |
|
| /// File Name: | hpovnnmov-overflow.txt | Description:
| VUPEN Vulnerability Research Team discovered a critical vulnerability in HP OpenView Network Node Manager (OV NNM). This vulnerability is caused by a buffer overflow error in the "ov.dll" library when processing certain arguments supplied via CGI executables, which could be exploited by remote unauthenticated attackers to execute arbitrary code. | | Author: | Sebastien Renaud | | Homepage: | http://www.vupen.com/ | | File Size: | 3495 | | Related CVE(s): | CVE-2010-2704 | | Last Modified: | Jul 21 20:23:18 2010 | | MD5 Checksum: | 509b42186233cb822e353add04968b5f |
|
| /// File Name: | hpovnnmnnmrpt-overflow.txt | Description:
| VUPEN Vulnerability Research Team discovered a critical vulnerability in HP OpenView Network Node Manager (OV NNM). This vulnerability is caused by a buffer overflow error in the "nnmrptconfig.exe" CGI when processing an overly long parameter value, which could be exploited by remote unauthenticated attackers to execute arbitrary code. | | Author: | Sebastien Renaud | | Homepage: | http://www.vupen.com/ | | File Size: | 3504 | | Related CVE(s): | CVE-2010-2703 | | Last Modified: | Jul 21 20:22:00 2010 | | MD5 Checksum: | 2b9f39d97c8b6adebe254ddf8139f783 |
|
| /// File Name: | ESA-2010-011.txt | Description:
| RSA(r) Federated Identity Manager may be impacted by potential arbitrary URL redirection vulnerability that may be exploited by malicious people to bypass certain security restrictions. Versions 4.0 and 4.1 are affected. | | Homepage: | http://www.emc.com/ | | File Size: | 5143 | | Related CVE(s): | CVE-2010-2337 | | Last Modified: | Jul 21 20:17:06 2010 | | MD5 Checksum: | e1891428ba75c5d7eb9073881f0f611c |
|
| /// File Name: | USN-940-2.txt | Description:
| Ubuntu Security Notice 940-2 - USN-940-1 fixed vulnerabilities in Kerberos. This update provides the corresponding updates for Ubuntu 10.04. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11868 | | Related CVE(s): | CVE-2010-1321 | | Last Modified: | Jul 21 19:17:44 2010 | | MD5 Checksum: | c65941da7e6040128ba4788f97396e39 |
|
| /// File Name: | dsa-2074-1.txt | Description:
| Debian Linux Security Advisory 2074-1 - Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 5213 | | Related CVE(s): | CVE-2010-0001 | | Last Modified: | Jul 21 19:17:16 2010 | | MD5 Checksum: | 68e4824d93372059399f2ddf91af2731 |
|
| /// File Name: | HPSBMA02558-SSRT010158.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code under the context of the user running the web server. | | Homepage: | http://www.hp.com/ | | File Size: | 7575 | | Related CVE(s): | CVE-2010-2704 | | Last Modified: | Jul 21 19:04:29 2010 | | MD5 Checksum: | b80f154a12eef2c1d5b8a89d69868d22 |
|
| /// File Name: | HPSBMA02557-SSRT100025.txt | Description:
| HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running on Windows. The vulnerability could be exploited remotely to execute arbitrary code. | | Homepage: | http://www.hp.com/ | | File Size: | 6544 | | Related CVE(s): | CVE-2010-2703 | | Last Modified: | Jul 21 19:03:25 2010 | | MD5 Checksum: | ef9be6c58dc1e4f2bc9a200c8c394019 |
|
| /// File Name: | dsa-2073-1.txt | Description:
| Debian Linux Security Advisory 2073-1 - Florian Streibelt reported a a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users' requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and / or delete arbitrary files. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 5704 | | Related CVE(s): | CVE-2009-4896 | | Last Modified: | Jul 21 19:02:58 2010 | | MD5 Checksum: | 860b1c06fd4bc803b70e7d5d7e8b7117 |
|
| /// File Name: | ZDI-10-135.txt | Description:
| Zero Day Initiative Advisory 10-135 - This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling html messages sent to a Novell Groupwise WebAccess user. Messages are improperly sanitized allowing client side script to be supplied to the user's web browser resulting in the user's WebAccess credentials being compromised. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3130 | | Last Modified: | Jul 20 20:54:31 2010 | | MD5 Checksum: | e102a31d3cb94682297082574c160b08 |
|
| /// File Name: | ZDI-10-134.txt | Description:
| Zero Day Initiative Advisory 10-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a workaround that was implemented in order to support recursive cloning of attribute nodes. If an event is added to the first attribute node, the application can be made to free the node, and then later access a reference to it. This can lead to code execution under the context of the application. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3037 | | Related CVE(s): | CVE-2010-1208 | | Last Modified: | Jul 20 20:54:13 2010 | | MD5 Checksum: | d829ed53bab07c459ac0c821774301f2 |
|
| /// File Name: | ZDI-10-133.txt | Description:
| Zero Day Initiative Advisory 10-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling of references to external font resources. A value is used as a 16 bit integer in an array allocation and later as 32 bit when iterating over and then populating these fields. By creating enough references, a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3077 | | Related CVE(s): | CVE-2010-2752 | | Last Modified: | Jul 20 20:51:29 2010 | | MD5 Checksum: | e21e2a53f18c5c091cc0d61e39bfe564 |
|
| /// File Name: | ZDI-10-132.txt | Description:
| Zero Day Initiative Advisory 10-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browser's method for parsing child elements out of a particular tag. The application will use a 32-bit index to enumerate them, but will store it in a 16-bit signed integer and then use it to allocate space for a cache. When populating the cache a buffer overflow will occur. This can lead to code execution under the context of the application. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3134 | | Related CVE(s): | CVE-2010-1214 | | Last Modified: | Jul 20 20:50:23 2010 | | MD5 Checksum: | f3bc6126c244823c77716ef3909a4a62 |
|
| /// File Name: | OSA-2010-006.txt | Description:
| Onapsis Security Advisory - The SAP J2EE Engine contains a Web Services Navigator interface, which enables the interaction with the deployed Web Services in the server. This interface suffers from a Cross-Site Scripting vulnerability, which may enable malicious parties to perform different kind of attacks over SAP users. | | Homepage: | http://www.onapsis.com/ | | File Size: | 6334 | | Last Modified: | Jul 20 20:43:44 2010 | | MD5 Checksum: | 98ff2f867dd1e33f82a76fbf20ab7ec6 |
|
| /// File Name: | ZDI-10-131.txt | Description:
| Zero Day Initiative Advisory 10-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of XUL element's "selection" attribute. There is an integer overflow when calculating the bounds of a new selection range. When calling adjustSelection on this manged range both ranges are deleted leaving a dangling reference. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3112 | | Related CVE(s): | CVE-2010-2753 | | Last Modified: | Jul 20 20:42:28 2010 | | MD5 Checksum: | bcfef1392605b867aa6a634138db002d |
|
| /// File Name: | ZDI-10-130.txt | Description:
| Zero Day Initiative Advisory 10-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of the NodeIterator interface for traversal of the Document Object Model. Due to the implementation requiring a javascript callback, an attacker can utilize the callback in order to manipulate the contents of the page. By doing so in an unexpected manner, an attacker can cause the process to corrupt memory. Successful exploitation will lead to code execution under the context of the application. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3161 | | Related CVE(s): | CVE-2010-1209 | | Last Modified: | Jul 20 20:41:28 2010 | | MD5 Checksum: | f22b3dddfaddad7d9a2864ed9540cc16 |
|
| /// File Name: | VMSA-2010-0012.txt | Description:
| VMware Security Advisory - The default version of the Jetty Web server in Update Manager is version 6.1.6 for which the following relevant vulnerabilities are reported. A directory traversal vulnerability in Jetty allows for obtaining files from the system where Update Manager is installed by a remote, unauthenticated attacker. The attacker would need to be on the same network as the system where Update Manager is installed. A cross-site scripting vulnerability in Jetty allows for running JavaScript in the browser of the user who clicks a URL containing a malicious request to Update Manager. For an attack to be successful the attacker would need to lure the user into clicking the malicious URL. | | Homepage: | http://www.vmware.com/ | | File Size: | 4414 | | Related CVE(s): | CVE-2009-1523, CVE-2009-1524 | | Last Modified: | Jul 19 21:20:44 2010 | | MD5 Checksum: | 9bba7d347077265fa082cc0c7a7e5b28 |
|
| /// File Name: | hpqc-xss.txt | Description:
| HP Quality Center suffers from multiple cross site scripting vulnerabilities. | | Author: | Dinesh Arora | | File Size: | 877 | | Last Modified: | Jul 19 20:58:58 2010 | | MD5 Checksum: | 1e0684e222ccacf6353eac72598cf0a8 |
|
| /// File Name: | ZDI-10-129.txt | Description:
| Zero Day Initiative Advisory 10-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is required to exploit this vulnerability. The flaw exists within the IMAP functionality included with GWIA. When provided with an overly long mailbox name to the CREATE verb, the IMAP server can be forced to overflow a buffer on the stack. Successful exploitation leads to remote code execution under the context of the server. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2824 | | Last Modified: | Jul 16 22:22:47 2010 | | MD5 Checksum: | 8cca1277e54171d91b56bac122774274 |
|
| /// File Name: | ZDI-10-128.txt | Description:
| Zero Day Initiative Advisory 10-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within SMTPDLL.dll (called by queuemgr.exe). When handling a message queued for remote delivery user supplied data can be used to specify additional format specifiers to a vsprintf call. This can be accomplished by providing a specially crafted -NOTIFY argument to the SMTP "RCPT TO:" argument. Additionally, the destination buffer supplied to vsprintf is a local stack buffer and can also be overflowed with a large -NOTIFY argument. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3064 | | Last Modified: | Jul 16 00:50:49 2010 | | MD5 Checksum: | 6925dd6d0ca2b42d7c557b71d25be680 |
|
| /// File Name: | ZDI-10-127.txt | Description:
| Zero Day Initiative Advisory 10-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication might be required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When a message subject contains a "?Q?" operator the string following that sequence is copied to a local stack buffer. No validation of the data or data length is done. In order to reach this code path a mailing list must be password protected (authentication required) or have previously had a password configured (no authentication required). A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3044 | | Last Modified: | Jul 16 00:48:41 2010 | | MD5 Checksum: | ee9eae402ef5c43b7deb5f45af40fc1a |
|
| /// File Name: | sap-heapcorruption.txt | Description:
| The SAPGui BI component version 7100.1.400.8 suffers from a heap corruption vulnerability that can result in the execution of arbitrary code. | | Author: | Elazar Broad | | File Size: | 1206 | | Last Modified: | Jul 16 00:45:56 2010 | | MD5 Checksum: | 1518bf3e5e2cbc644a76b75abd4f9cc5 |
|
| /// File Name: | ZDI-10-126.txt | Description:
| Zero Day Initiative Advisory 10-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail List Mailer. Authentication is not required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When a message contains multiple "Reply-To:" headers the imailsrv.exe process concatenates these into a single fixed length buffer on the stack. No validation of the data or data length is done. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2920 | | Last Modified: | Jul 16 00:45:04 2010 | | MD5 Checksum: | 9b8f1251cea7ac0e563a6ba86bf15714 |
|
| /// File Name: | MDVSA-2010-134.txt | Description:
| Mandriva Linux Security Advisory 2010-134 - Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13383 | | Related CVE(s): | CVE-2009-4270, CVE-2010-1628 | | Last Modified: | Jul 16 00:40:52 2010 | | MD5 Checksum: | 4b922bfe8a506dabc6efd16af20040f2 |
|
| /// File Name: | USN-962-1.txt | Description:
| Ubuntu Security Notice 962-1 - Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 14513 | | Related CVE(s): | CVE-2010-2713 | | Last Modified: | Jul 16 00:43:38 2010 | | MD5 Checksum: | 72e5c0962211bf21fc37eef4b8782523 |
|
| /// File Name: | secunia-gigaarray.txt | Description:
| Secunia Research has discovered a vulnerability in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation of the "item" argument passed to the "SetDLInfo()" method and can be exploited via array-indexing errors to corrupt memory. Successful exploitation allows execution of arbitrary code. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected. | | Homepage: | http://secunia.com/ | | File Size: | 4166 | | Related CVE(s): | CVE-2010-1518 | | Last Modified: | Jul 16 00:39:56 2010 | | MD5 Checksum: | 42b6e2cc2906737b522a04f5549600ff |
|
| /// File Name: | MDVSA-2010-133.txt | Description:
| Mandriva Linux Security Advisory 2010-133 - Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12797 | | Related CVE(s): | CVE-2008-6218, CVE-2010-1205, CVE-2010-2249 | | Last Modified: | Jul 16 00:34:46 2010 | | MD5 Checksum: | 8bc09ccec02bd7ed4d12ea2e21fb049e |
|
| /// File Name: | secunia-gigaunsafe.txt | Description:
| Secunia Research has discovered some vulnerabilities in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The unsafe method "dl()" allows automatically downloading and executing an arbitrary file. Combined usage of the unsafe methods "SetDLInfo()" and "Bdl()" allows automatically downloading an arbitrary file to an arbitrary location on the user's system. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected. | | Homepage: | http://secunia.com/ | | File Size: | 4185 | | Related CVE(s): | CVE-2010-1517 | | Last Modified: | Jul 16 00:38:13 2010 | | MD5 Checksum: | fd4a2da3ac7d8e9e5420c53c75b3085c |
|
| /// File Name: | HPSBUX02556-SSRT100014.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running rpc.ttdbserver. The vulnerability could be exploited remotely to execute arbitrary code. | | Homepage: | http://www.hp.com/ | | File Size: | 6364 | | Related CVE(s): | CVE-2010-0083 | | Last Modified: | Jul 16 00:35:10 2010 | | MD5 Checksum: | 6801d4322c051705ed1d74b0d8059dc2 |
|
| /// File Name: | MDVSA-2010-136.txt | Description:
| Mandriva Linux Security Advisory 2010-136 - Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133 The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4495 | | Related CVE(s): | CVE-2010-1628 | | Last Modified: | Jul 16 00:32:49 2010 | | MD5 Checksum: | 7844efa1cf92aa530e2c0cfef353ee81 |
|
| /// File Name: | MDVSA-2010-135.txt | Description:
| Mandriva Linux Security Advisory 2010-135 - Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4410 | | Related CVE(s): | CVE-2009-4270 | | Last Modified: | Jul 16 00:28:59 2010 | | MD5 Checksum: | e8f6faac84de7e8a34d301f349dec0d7 |
|
| /// File Name: | cpanel1125-xss.txt | Description:
| cPanel version 11.25 suffers from a cross site scripting vulnerability. | | File Size: | 490 | | Last Modified: | Jul 15 23:05:22 2010 | | MD5 Checksum: | 2e30624c2ac5902aef25b6afafa03c60 |
|
| /// File Name: | dsa-2071-1.txt | Description:
| Debian Linux Security Advisory 2071-1 - Dyon Balding discovered buffer overflows in the MikMod sound library, which could lead to the execution of arbitrary code if a user is tricked into opening malformed Impulse Tracker or Ultratracker sound files. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 7474 | | Related CVE(s): | CVE-2009-3995, CVE-2009-3996 | | Last Modified: | Jul 14 21:00:31 2010 | | MD5 Checksum: | 7a4974004e1858fed287fdb166a389a5 |
|
| /// File Name: | major_rls76.txt | Description:
| Conpresso CMS version 4.1.1 suffers from a cross site scripting vulnerability. | | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1509 | | Last Modified: | Jul 14 20:58:46 2010 | | MD5 Checksum: | 30a33389292bcee965860bd86311cb38 |
|
| /// File Name: | outlook-exec.txt | Description:
| It has been discovered that certain e-mail messages cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. | | Author: | Yorick Koster | | Homepage: | http://www.akitasecurity.nl/ | | File Size: | 11316 | | Related CVE(s): | CVE-2010-0266 | | Last Modified: | Jul 14 20:55:44 2010 | | MD5 Checksum: | a3fc63ad3fdc5a9727bd190087cc9656 |
|
| /// File Name: | MDVSA-2010-132.txt | Description:
| Mandriva Linux Security Advisory 2010-132 - Multiple integer overflows in audioop.c in the audioop module in Ptthon allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. The audioop module in Python does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12836 | | Related CVE(s): | CVE-2010-1634, CVE-2010-2089 | | Last Modified: | Jul 14 20:54:14 2010 | | MD5 Checksum: | e41a3d72559771e69d120a0d6981ae06 |
|
| /// File Name: | IS-2010-006.txt | Description:
| A buffer overflow condition can be triggered on the D-Link DAP-1160 by setting URL filtering for an overly long URL, leading to possible arbitrary code execution or denial of service. Successful authentication is required in order to exploit the vulnerability, but attackers can leverage other vulnerabilities for achieving unauthenticated remote exploitation. | | Author: | Cristofaro Mune | | Homepage: | http://www.icysilence.org/ | | File Size: | 3252 | | Last Modified: | Jul 14 20:47:24 2010 | | MD5 Checksum: | 2aa197c67d9a1fb2cde2af750d04088a |
|
| /// File Name: | ZDI-10-125.txt | Description:
| Zero Day Initiative Advisory 10-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the solid.exe process which listens by default on TCP port 1315. The code responsible for parsing the first handshake packet does not properly validate the length of the username field. By crafting an overly long value in the request an attacker can exploit this to execute arbitrary code under the context of the SYSTEM user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3034 | | Last Modified: | Jul 14 01:12:51 2010 | | MD5 Checksum: | b4f83ed5b962026d404a382439f4a61c |
|
| /// File Name: | ZDI-10-124.txt | Description:
| Zero Day Initiative Advisory 10-124 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2686 | | Last Modified: | Jul 14 01:12:12 2010 | | MD5 Checksum: | 4cf738d52f154a3f4ad93e9d66c14c75 |
|
| /// File Name: | HPSBOV02539-SSRT090267.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP OpenVMS Auditing. The vulnerability could result in a local disclosure of information or elevation of privilege. In addition, a potential vulnerability has been identified with HP OpenVMS on Itanium platforms. This vulnerability could be exploited locally resulting in a Denial of Service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 6745 | | Last Modified: | Jul 14 01:10:53 2010 | | MD5 Checksum: | 0fe0883340f41a0bec1aad617365fff2 |
|
| /// File Name: | TA10-194B.txt | Description:
| Technical Cyber Security Alert 2010-194B - A large amount of Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. | | Author: | US-CERT | | Homepage: | http://www.us-cert.gov/ | | File Size: | 5310 | | Last Modified: | Jul 14 01:06:07 2010 | | MD5 Checksum: | 2cccab589c3db4d4ad6cfa5f15a62558 |
|
| /// File Name: | tooltalk-overflow.txt | Description:
| There exists a vulnerability within a function of the ToolTalk database server (rpc.ttdbserverd), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability can be triggered by creating a fake database (.rec file) on the system and calling remote procedure 7 of ToolTalk database server pointing to this database, leading to a heap overflow. | | Author: | Rodrigo Rubira Branco | | File Size: | 3014 | | Last Modified: | Jul 14 01:03:49 2010 | | MD5 Checksum: | af99c10f5da75394836296a61008c25d |
|
| /// File Name: | HPSBMA02555-SSRT100064.txt | Description:
| HP Security Bulletin - A potential vulnerability has been identified with HP Client Automation Enterprise Infrastructure (Radia). The default configuration allows remote disclosure of information. | | Homepage: | http://www.hp.com/ | | File Size: | 6079 | | Related CVE(s): | CVE-2010-1972 | | Last Modified: | Jul 14 01:01:30 2010 | | MD5 Checksum: | 019c3052950fd69b830007382efcf37b |
|
| /// File Name: | winampflv-overflow.txt | Description:
| VUPEN Vulnerability Research Team discovered multiple vulnerabilities in Winamp. These issues are caused by integer and buffer overflow errors within the "vp6.w5s" component when parsing malformed Flash Video data, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted FLV file. Versions 5.572 and below are affected. | | Author: | Nicolas Joly | | Homepage: | http://www.vupen.com/ | | File Size: | 2767 | | Last Modified: | Jul 14 01:00:02 2010 | | MD5 Checksum: | bfc3b6b9b10b981e637d2bcccbcc64b2 |
|
| /// File Name: | TPTI-10-04.txt | Description:
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of commands sent to the obscheduled.exe service listening by default on TCP port 1026, or 1027. Due to a lack of bounds checking on a specific command sequence the program stack can be overwritten with user controlled data. Successful exploitation can lead to remote system compromise under the SYSTEM credentials. | | Author: | Cody Pierce | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 1673 | | Related CVE(s): | CVE-2010-0898 | | Last Modified: | Jul 14 00:58:46 2010 | | MD5 Checksum: | 52dcf2ee7632ebaf6818572daef4ac2a |
|
| /// File Name: | ZDI-10-123.txt | Description:
| Zero Day Initiative Advisory 10-123 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are specified via the URI it is possible for an attacker to bypass the authentication mechanism and reach functionality otherwise inaccessible without proper credentials. This can be leveraged by remote attackers to trigger what were post-auth vulnerabilities without valid credentials. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2740 | | Last Modified: | Jul 14 00:55:38 2010 | | MD5 Checksum: | 9323dc9a2b88fde9db06f8b5acf5aecd |
|
| /// File Name: | TA10-194A.txt | Description:
| Technical Cyber Security Alert 2010-194A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. | | Author: | US-CERT | | Homepage: | http://www.us-cert.gov/ | | File Size: | 3406 | | Last Modified: | Jul 14 00:55:08 2010 | | MD5 Checksum: | d023a50eadbf973fd22b93d0e39ab177 |
|
| /// File Name: | HPSBMA02553-SSRT100184.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Software Installer for Windows . The vulnerabilities could be exploited locally to allow unauthorized access to data and remotely to allow Cross Site Request Forgery (CSRF), cross site scripting (XSS), and unauthorized access to data. | | Homepage: | http://www.hp.com/ | | File Size: | 6096 | | Related CVE(s): | CVE-2010-1970, CVE-2010-1971, CVE-2009-1523, CVE-2009-1524 | | Last Modified: | Jul 14 00:53:47 2010 | | MD5 Checksum: | 85dc68fa61e7cf7f01a04e2afcbfbbd1 |
|
| /// File Name: | USN-961-1.txt | Description:
| Ubuntu Security Notice 961-1 - David Srbecky discovered that Ghostscript incorrectly handled debug logging. It was discovered that Ghostscript incorrectly handled certain malformed files. Dan Rosenberg discovered that Ghostscript incorrectly handled certain recursive Postscript files. Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript incorrectly handled certain malformed Postscript files. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 24474 | | Related CVE(s): | CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-1869 | | Last Modified: | Jul 14 00:50:59 2010 | | MD5 Checksum: | b4936b57212d8acbc1be6459a7658d6a |
|
| /// File Name: | ZDI-10-122.txt | Description:
| Zero Day Initiative Advisory 10-122 - This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2684 | | Last Modified: | Jul 14 00:50:41 2010 | | MD5 Checksum: | 9135d95d7edb386c0bfc0f36b1f61eb7 |
|
| /// File Name: | ZDI-10-121.txt | Description:
| Zero Day Initiative Advisory 10-121 - This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'selector[0]' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2652 | | Last Modified: | Jul 14 00:50:21 2010 | | MD5 Checksum: | 084280e297794b223032bf656318a216 |
|
| /// File Name: | HPSBMA02551-SSRT100165.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Virtual Connect Enterprise Manager for Windows . The vulnerability could be exploited to allow remote cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 5638 | | Related CVE(s): | CVE-2010-1969 | | Last Modified: | Jul 14 00:49:16 2010 | | MD5 Checksum: | f559fe0debf22d59070ee4cdff747575 |
|
| /// File Name: | ZDI-10-120.txt | Description:
| Zero Day Initiative Advisory 10-120 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3053 | | Last Modified: | Jul 14 00:32:19 2010 | | MD5 Checksum: | 8eb33e2969e479955a9e07e98f850e13 |
|
| /// File Name: | ZDI-10-119.txt | Description:
| Zero Day Initiative Advisory 10-119 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2794 | | Last Modified: | Jul 14 00:32:04 2010 | | MD5 Checksum: | bb58d262b87646ca25df70eca7b70537 |
|
| /// File Name: | HPSBMA02550-SSRT100170.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Software Installer for Windows . The vulnerabilities could be exploited locally to allow unauthorized access to data and remotely to allow Cross Site Request Forgery (CSRF). | | Homepage: | http://www.hp.com/ | | File Size: | 5856 | | Related CVE(s): | CVE-2010-1967, CVE-2010-1968 | | Last Modified: | Jul 14 00:30:45 2010 | | MD5 Checksum: | 5faaa341921d4515de1d4bf6c94bcec3 |
|
| /// File Name: | HPSBMA02549-SSRT090158.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Control power management for Windows . The vulnerability could be exploited locally to allow unauthorized access to data and Denial of Service (DoS). | | Homepage: | http://www.hp.com/ | | File Size: | 5710 | | Related CVE(s): | CVE-2010-1966 | | Last Modified: | Jul 14 00:27:52 2010 | | MD5 Checksum: | 5d4a49d1fe335d560509484c05a71c19 |
|
| /// File Name: | ZDI-10-118.txt | Description:
| Zero Day Initiative Advisory 10-118 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of user input to the uname variable of the login.php script running on the administration page of Oracle Secure Backup. Do to the lack of proper shell metacharacter filtering it is possible to bypass the login check. Successful exploitation of this vulnerability allows the attacker to access sensitive information running on the administration server without proper credentials. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2780 | | Last Modified: | Jul 14 00:27:09 2010 | | MD5 Checksum: | c7185f6a92e3a41cfdbf46ffecbbd247 |
|
| /// File Name: | ZDI-10-117.txt | Description:
| Zero Day Initiative Advisory 10-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required in that a user must browse to a malicious website. The specific flaws exists in the instantiation of three specific ActiveX controls. The combination of loading all three controls in a particular order results in a transfer of control to unallocated memory which can be leveraged by remote attackers to execute arbitrary code under the context of the currently logged in user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2807 | | Related CVE(s): | CVE-2010-0814 | | Last Modified: | Jul 14 00:26:16 2010 | | MD5 Checksum: | 2109976f8392551b4d3a2db09aba9dfb |
|
| /// File Name: | HPSBMA02548-SSRT100126.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Orchestration for Windows . The vulnerability could be exploited remotely to allow unauthorized access. | | Homepage: | http://www.hp.com/ | | File Size: | 5567 | | Related CVE(s): | CVE-2010-1965 | | Last Modified: | Jul 14 00:24:56 2010 | | MD5 Checksum: | fea4a2c97979787ce471aa3ac55f2701 |
|
| /// File Name: | HPSBMA02547-SSRT100179.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely to execute arbitrary code and other exploits. | | Homepage: | http://www.hp.com/ | | File Size: | 10656 | | Related CVE(s): | CVE-2008-4546, CVE-2009-3555, CVE-2009-3793, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189 | | Last Modified: | Jul 14 00:19:30 2010 | | MD5 Checksum: | 709dd62b42bf4d6b6820ebba17158d24 |
|
| /// File Name: | VMSA-2010-0011.txt | Description:
| VMware Security Advisory - VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0. | | Homepage: | http://www.vmware.com/ | | File Size: | 8679 | | Related CVE(s): | CVE-2010-2427, CVE-2010-2667 | | Last Modified: | Jul 14 00:12:47 2010 | | MD5 Checksum: | e698d3703729fc33a8c2fe7833a35c60 |
|
| /// File Name: | FreeBSD-SA-10.07.mbuf.txt | Description:
| FreeBSD Security Advisory - The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption. | | Homepage: | http://security.freebsd.org/ | | File Size: | 6104 | | Related CVE(s): | CVE-2010-2693 | | Last Modified: | Jul 13 23:01:14 2010 | | MD5 Checksum: | fba3429a085354e7f403b7d9a4ebd9e2 |
|
| /// File Name: | MDVSA-2010-131.txt | Description:
| Mandriva Linux Security Advisory 2010-131 - Multiple format string and buffer overflow vulnerabilities has been found and corrected in iscsitarget. The updated packages have been patched to correct these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2783 | | Related CVE(s): | CVE-2010-0743, CVE-2010-2221 | | Last Modified: | Jul 12 23:27:44 2010 | | MD5 Checksum: | 28fd38457963e09416f8c38b0415b449 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
