.:[ packet storm ]:.
                             
beyond paranoid
beyond paranoid

 Section:  .. / 0702-advisories  /

Page 6 of 19
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 >> Files 125 - 150 of 465
Currently sorted by: File SizeSort By: File Name, Last Modified

 ///  File Name: 02.07.07-2.txt
Description:
 iDefense Security Advisory 02.07.07 - Local exploitation of an input validation vulnerability within version 1.5.0.1052 of TmComm.sys as included with Trend Micro's AntiVirus engine could allow an attacker execute arbitrary code in kernel context. This vulnerability specifically exists due to insecure permissions on the \\.\TmComm DOS device interface. The permissions on this device allows "Everyone" write access. This could allow a locally logged in user to access functionality via IOCTLs which was designed for privileged use only. Additionally, the IOCTL handlers for this DOS device interface do not validate addresses passed to them. As such, it is possible to overwrite arbitrary memory or execute attacker-supplied code in the context of the kernel (RING 0).
Author:Ruben Santamarta
Homepage:http://www.idefense.com/
File Size:3872
Last Modified:Feb 8 00:34:20 2007
MD5 Checksum:22568c831ac8870700d27ef6e9645b87

 ///  File Name: glsa-200702-08.txt
Description:
 Gentoo Linux Security Advisory GLSA 200702-08 - Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Versions less than 1.5.0.10 are affected.
Homepage:http://security.gentoo.org
File Size:3865
Related CVE(s):CVE-2006-6731, CVE-2006-6736, CVE-2006-6737, CVE-2006-6745, CVE-2007-0243
Last Modified:Feb 19 20:01:11 2007
MD5 Checksum:afc5acc5c88524f859003134314f9e2c

 ///  File Name: sa24259.txt
Description:
 Secunia Security Advisory - Mandriva has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Homepage:http://secunia.com/advisories/24259/
File Size:3799
Last Modified:Feb 22 21:32:16 2007
MD5 Checksum:6c53345156afb89f2ccb0682d491c9d7

 ///  File Name: sa24052.txt
Description:
 Secunia Security Advisory - Mandriva has issued an update for libwmf. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Homepage:http://secunia.com/advisories/24052/
File Size:3766
Last Modified:Feb 7 23:22:52 2007
MD5 Checksum:0609484d169e05f9dc46da7c9737782f

 ///  File Name: bugzilla-multiple.txt
Description:
 Bugzilla Security Advisory - Bugzilla versions 2.20.1 and above suffer from a cross site scripting vulnerability. Version 2.23.3 suffers from a database password disclosure flaw.
Author:Frederic Buclin, Dave Miller, Olav Vitters, Max Kanat-Alexander
Homepage:http://www.bugzilla.org/
File Size:3732
Last Modified:Feb 5 23:24:19 2007
MD5 Checksum:69ffd8fbfbab9aae67c189f99ee9d20b

 ///  File Name: sa23998.txt
Description:
 Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in MailEnable Web Mail Client, which can be exploited by malicious people to conduct cross-site request forgery attacks, cross-site scripting attacks, and script insertion attacks.
Homepage:http://secunia.com/advisories/23998/
File Size:3696
Last Modified:Feb 14 14:41:53 2007
MD5 Checksum:73bbef42af1a2ec4a736c33ac7a030b5

 ///  File Name: 02.22.07-2.txt
Description:
 iDefense Security Advisory 02.22.07 - Local exploitation of a file creation vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability exists due to unsafe file access from within several setuid-root binaries. Specifically, when supplying the DB2INSTANCE environment variable, the setuid-root DB2 administration binaries will use the home directory of the specified user for loading configuration data. This allows attackers create or append to arbitrary files by creating a specific executing environment. Additionally, the user's umask settings will be honored allowing the creation of root-owned world-writable files. iDefense has confirmed the existence of this vulnerability within IBM Corp.'s DB2 Universal Database 9.1 release installed on Linux. Other versions are suspected to be vulnerable as well. This vulnerability does not affect DB2 Universal Database running on the windows platform.
Homepage:http://www.idefense.com/
File Size:3685
Last Modified:Feb 23 21:49:41 2007
MD5 Checksum:2c23d7265527b5338afca6ce75a79b57

 ///  File Name: USN-425-1.txt
Description:
 Ubuntu Security Notice 425-1 - A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's "read" bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users.
Homepage:http://security.ubuntu.com/
File Size:3679
Related CVE(s):CVE-2007-0227
Last Modified:Feb 23 21:22:18 2007
MD5 Checksum:613e2881513ca3a66777f911db0bcf02

 ///  File Name: phish-bypass.txt
Description:
 Firefox 2.0.0.1 and Opera 9.10 are susceptible to a bypass vulnerability in their respective Fraud/Phishing protection mechanisms.
Author:Kanedaaa
Homepage:http://kaneda.bohater.net/
File Size:3640
Last Modified:Feb 7 23:46:34 2007
MD5 Checksum:7357694f9eed45bd07c50bd2b0589726

 ///  File Name: 02.15.07-1.txt
Description:
 iDefense Security Advisory 02.15.07 - Remote exploitation of a resource consumption vulnerability in Clam AntiVirus' ClamAV allows attackers to degrade the service of the clamd scanner. The vulnerability specifically exists due to a file descriptor leak. When clam encounters a cabinet header with a record length of zero it will return from a function without closing a local file descriptor. This can be triggered multiple times, eventually using up all but three of its available file descriptors. This prevents clam from scanning most archives, including zip and tar files. iDefense has confirmed this vulnerability affects Clam AntiVirus ClamAV v0.90RC1.1. All versions prior to the 0.90 stable release are suspected to be vulnerable.
Homepage:http://www.idefense.com
File Size:3639
Related CVE(s):CVE-2007-0897
Last Modified:Feb 16 02:59:38 2007
MD5 Checksum:b8d47572343b2242e38c953c15766fcf

 ///  File Name: sa24200.txt
Description:
 Secunia Security Advisory - Fedora has issued an update for spamassassin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Homepage:http://secunia.com/advisories/24200/
File Size:3628
Last Modified:Feb 16 23:12:18 2007
MD5 Checksum:660ce02d631e8824de491f45ca4d13ba

 ///  File Name: 02.07.07-3.txt
Description:
 iDefense Security Advisory 02.07.07 - Remote exploitation of a buffer overflow vulnerability within Trend Micro's AntiVirus engine could allow an attacker to crash the scan engine or execute arbitrary code. This vulnerability is caused by improper input validation when scanning specially crafted malformed UPX compressed executables. Memory corruption could occur leading to a invalid memory access or a potentially exploitable condition.
Homepage:http://www.idefense.com/
File Size:3603
Last Modified:Feb 8 00:35:04 2007
MD5 Checksum:139c09b8a3fd2b462fc65241fb55acc0

 ///  File Name: firefox-flaw.txt
Description:
 Firefox suffers from a design flaw that can be used to confuse casual users and evoke a false sense of authority when visiting a fraudulent website. The flaw can be also used to bypass a fix for an old UI spoofing bug that was thought to be addressed.
Author:Michal Zalewski
Homepage:http://lcamtuf.coredump.cx/
File Size:3596
Last Modified:Feb 16 23:52:09 2007
MD5 Checksum:ec8e7aac60183081b02eaa3b60e9f32b

 ///  File Name: 02.15.07-2.txt
Description:
 iDefense Security Advisory 02.15.07 - Remote exploitation of a directory traversal vulnerability in Clam AntiVirus' ClamAV allows attackers to overwrite files owned by the clamd scanner. The vulnerability specifically exists due to the lack of validation of the id parameter string taken from a MIME header. When parsing a multi-part message clam takes this string from the header and uses it to create a local file. By sending a string such as "../../../../some/file" an attacker can create or overwrite an arbitrary file owned by the clamd process. Data from the message body is later written to this file. iDefense has confirmed this vulnerability affects Clam AntiVirus ClamAV version 0.88.6. All versions prior to the 0.90 stable release are suspected to be vulnerable.
Homepage:http://www.idefense.com
File Size:3571
Related CVE(s):CVE-2007-0898
Last Modified:Feb 16 03:01:01 2007
MD5 Checksum:36ee4ce39b9934279d0d981740612fec

 ///  File Name: TA07-047A.txt
Description:
 Technical Cyber Security Alert TA07-047A - Apple has released Security Update 2007-002 to correct multiple vulnerabilities affecting Apple Mac OS X, Mac OS X Server, and iChat. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service.
Homepage:http://www.us-cert.gov/
File Size:3570
Last Modified:Feb 16 23:53:40 2007
MD5 Checksum:697dd19021c5ab8daf120207241dbc28

 ///  File Name: sa24206.txt
Description:
 Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious, local users to disclose potentially sensitive information, gain escalated privileges, or cause a DoS (Denial of Service), and by malicious people to cause a DoS.
Homepage:http://secunia.com/advisories/24206/
File Size:3559
Last Modified:Feb 19 17:55:20 2007
MD5 Checksum:04e4f09c5d9b594e83fdb3b30ab4e363

 ///  File Name: glsa-200702-10.txt
Description:
 Gentoo Linux Security Advisory GLSA 200702-10 - Five vulnerabilities were found: a buffer overflow in recv_add_unit(); a problem with improperly trusting user-supplied string information in decode_stringmap(); several issues with array manipulation via various commands during play; an SQL injection in server_protocol.cpp; and finally, a second buffer overflow in recv_map_data(). Versions less than 0.7.1062 are affected.
Homepage:http://security.gentoo.org
File Size:3545
Related CVE(s):CVE-2006-3788, CVE-2006-3789, CVE-2006-3790, CVE-2006-3791, CVE-2006-3792
Last Modified:Feb 27 19:49:11 2007
MD5 Checksum:99ddea7ead4b117736587c51b15ba5ce

 ///  File Name: sa24198.txt
Description:
 Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
Homepage:http://secunia.com/advisories/24198/
File Size:3504
Last Modified:Feb 16 23:12:18 2007
MD5 Checksum:69d84826a8e15e68c48209248520edf1

 ///  File Name: sa24228.txt
Description:
 Secunia Security Advisory - Fedora has issued an update for ekiga. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
Homepage:http://secunia.com/advisories/24228/
File Size:3473
Last Modified:Feb 22 21:32:16 2007
MD5 Checksum:bba1d6477227440cee7f0deb92ebb61e

 ///  File Name: alibaba-exec.txt
Description:
 A remote code execution vulnerability in Alipay's password input control "pta.dll" allows a remote attacker the ability to take complete control of the affected system.
Author:cocoruder
Homepage:http://ruder.cdut.net/
File Size:3464
Last Modified:Feb 8 00:24:56 2007
MD5 Checksum:540dc5afa51051e888cf578e1269e685

 ///  File Name: sa24095.txt
Description:
 Secunia Security Advisory - Mandriva has issued an update for gtk+2.0. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Homepage:http://secunia.com/advisories/24095/
File Size:3459
Last Modified:Feb 12 19:06:32 2007
MD5 Checksum:905f292356ce88b06c58b8a5d3478871

 ///  File Name: sa24245.txt
Description:
 Secunia Security Advisory - 3APA3A has discovered a weakness in Microsoft Windows, which can be exploited by malicious, local users to gain knowledge of certain information.
Homepage:http://secunia.com/advisories/24245/
File Size:3458
Last Modified:Feb 23 17:44:59 2007
MD5 Checksum:f4e2244cfe788bf979cf1c351cc0ba94

 ///  File Name: xmlhttprequest.txt
Description:
 A newline-and-tab technology along with the Msxml2.XMLHTTP ActiveX object in Microsoft Internet Explorer allows an attacker to bypass restrictions thus allowing XMLHttpRequest to interact with other sites.
Author:Michal Zalewski
Homepage:http://lcamtuf.coredump.cx/
File Size:3458
Last Modified:Feb 6 00:02:03 2007
MD5 Checksum:b29e0a763eb91c6def25f80552a014bd

 ///  File Name: advisory_032007.142.txt
Description:
 Hardened PHP Project Security Advisory - Multiple browsers suffers from a cross domain charset inheritance vulnerability. Affected include Firefox versions 2.0.0.1 and below, Internet Explorer 7,and Opera 9.
Author:Stefan Esser
Homepage:http://www.hardened-php.net/
File Size:3451
Last Modified:Feb 23 22:03:23 2007
MD5 Checksum:0c406f7eda7195f1dc12ae3ca465699a

 ///  File Name: CAID-35112.txt
Description:
 CA eTrust Intrusion Detection contains a vulnerability that can allow a remote attacker to cause a denial of service condition. Affected Products include eTrust Intrusion Detection 3.0 SP1, eTrust Intrusion Detection 3.0, and eTrust Intrusion Detection 2.0 SP1.
Author:Ken Williams
Homepage:http://www3.ca.com/
File Size:3429
Related OSVDB(s):32290
Related CVE(s):CVE-2007-1005
Last Modified:Mar 5 23:31:48 2007
MD5 Checksum:12add59dad847ba49e68e54ca2879c5b
 

 ///  Last 10 Files
  1. :· phpauction32-rfi.txt
  2. :· silentum-xss.txt
  3. :· iranmc-sql.txt
  4. :· citectodbc-fivews.txt
  5. :· citect_scada_odbc.rb.txt
  6. :· flockweb-dos.txt
  7. :· google-chrome-dos4.txt
  8. :· google-download2.txt
  9. :· PLSA-2008-41.txt
  10. :· PLSA-2008-40.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· PLSA-2008-41.txt
  2. :· PLSA-2008-40.txt
  3. :· PLSA-2008-39.txt
  4. :· PLSA-2008-38.txt
  5. :· PLSA-2008-37.txt
  6. :· MDVSA-2008-188.txt
  7. :· glsa-200809-05.txt
  8. :· PLSA-2008-36.txt
  9. :· microworld-insecure.txt
  10. :· SSRT080119.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· phpauction32-rfi.txt
  2. :· silentum-xss.txt
  3. :· iranmc-sql.txt
  4. :· citect_scada_odbc.rb.txt
  5. :· flockweb-dos.txt
  6. :· google-chrome-dos4.txt
  7. :· google-download2.txt
  8. :· webcmsportal-blindsql.txt
  9. :· esfaq-sql.txt
  10. :· vastal-itechcosmetics.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· clamav-0.94.tar.gz
  2. :· distack-1.1.0-dev.tar.gz
  3. :· samhain-2.4.6.tar.gz
  4. :· sqlmap-0.6.tar.gz
  5. :· psbot.py.txt
  6. :· mimedefang-2.65.tar.gz
  7. :· advchk-2.11.tar.bz2
  8. :· kisgearth-0.01f.tar.bz2
  9. :· lynis-1.2.0.tar.gz
  10. :· fwknop-1.9.7.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· citectodbc-fivews.txt
  2. :· freebsd-revcon.txt
  3. :· insecurityoverview-samsung.pdf
  4. :· xcon2008-cfp.txt
  5. :· aslr-bypass.txt
  6. :· alphanumeric-shellcode.txt
  7. :· imagebase-shellcode.txt
  8. :· mysql-injection-newbies.txt
  9. :· draft-gont-opsec-ip-security-01.txt
  10. :· draft-ietf-tsvwg-port-randomization-02.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice