Section: .. / 0707-advisories /
| /// File Name: |
07.18.07-1.txt |
Description:
|
iDefense Security Advisory 07.18.07 - Exploitation of an input validation vulnerability in Microsoft Corp.'s DirectX library could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability specifically exists in the way RLE compressed Targa format image files are opened. The Targa format allows multiple color depths and image storage options, depths and image storage options, and includes the ability to use run-length encoding (RLE), compression on the image data. This is a compression method which finds a 'run' of the pixels the same color and instead of storing the value multiple times, encodes the number of times to repeat one value. For example, instead of storing 'AAAAAAAA', it may encode that into 'store "A" 8 times'. The buffer allocated for the image data is based on the width, height and color depth stored in the image, but when decoding this type of file, no checks against writing past the end of the buffer are performed. If the encoding specifies more data than has been allocated, a controlled heap overflow can occur. iDefense has confirmed that libraries in Microsoft's DirectX SDK (February 2006) are vulnerable, as are the DirectX End User Runtimes (February 2006). It is suspected that previous versions are also affected, including the DirectX 9.0c End User Runtimes.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 4179 | | Related CVE(s): | CVE-2006-4183 | | Last Modified: | Jul 19 05:26:22 2007 |
| MD5 Checksum: | 90bae1472730b5cdfd52dc955a5da8ea |
|
| /// File Name: |
TA07-199A.txt |
Description:
|
Technical Cyber Security Alert TA07-199A - The Mozilla web browser and derived products contain several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3826 | | Last Modified: | Jul 19 05:23:56 2007 |
| MD5 Checksum: | 2901de1606f0f2ca8aa29e8e289c4b59 |
|
| /// File Name: |
dsa-1334-1.txt |
Description:
|
Debian Security Advisory 1334-1 - A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
| | Homepage: | http://www.debian.org/security | | File Size: | 9219 | | Related CVE(s): | CVE-2007-2754 | | Last Modified: | Jul 19 05:21:38 2007 |
| MD5 Checksum: | 0fe3ecc159d2bcdf1b2fb7ab84a6adb1 |
|
| /// File Name: |
dsa-1333-1.txt |
Description:
|
Debian Security Advisory 1333-1 - It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates.
| | Homepage: | http://www.debian.org/security | | File Size: | 12557 | | Related CVE(s): | CVE-2007-3564 | | Last Modified: | Jul 19 05:20:26 2007 |
| MD5 Checksum: | 4f8fae878f598eb9ea98c3a5cbe27c1d |
|
| /// File Name: |
cisco-sa-20070718-waas.txt |
Description:
|
Cisco Security Advisory - The Cisco Wide Area Application Services (WAAS) software contains a denial of service (DoS) vulnerability that may cause some devices that run WAAS software (WAE appliance and NM-WAE-502 module) to stop processing all types of traffic, including data traffic and management traffic.
| | Homepage: | http://www.cisco.com/ | | File Size: | 16056 | | Last Modified: | Jul 19 05:12:28 2007 |
| MD5 Checksum: | 28afe455034b3a7f7e2f312140d97afb |
|
| /// File Name: |
ledgersmb-bypass.txt |
Description:
|
LedgerSMB versions 1.2.0 through 1.2.6 suffer from an authentication bypass.
| | Author: | Chris Travers | | File Size: | 1775 | | Last Modified: | Jul 19 05:09:41 2007 |
| MD5 Checksum: | da593cf217e1cd7ff7d1ecd11e8c035a |
|
| /// File Name: |
sa26116.txt |
Description:
|
Secunia Security Advisory - phoenix has discovered a vulnerability in the Blixed theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26116/ | | File Size: | 2511 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | 193db0b9fdd517ca5c978895599e8a37 |
|
| /// File Name: |
sa26115.txt |
Description:
|
Secunia Security Advisory - phoenix has discovered a vulnerability in the BlixKrieg theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26115/ | | File Size: | 2583 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | 946c08ea013689e78e8995f32018e4fe |
|
| /// File Name: |
sa26114.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported for various Oracle products. Some of these have unknown impacts, while others can be exploited to bypass certain security restrictions and conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26114/ | | File Size: | 4357 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | fd282142ff5812e5008a1428ae2bd84c |
|
| /// File Name: |
sa26109.txt |
Description:
|
Secunia Security Advisory - phoenix has discovered a vulnerability in the Blix theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26109/ | | File Size: | 2419 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | dfa54d2a673cb3dff1e2a510167b7946 |
|
| /// File Name: |
sa26108.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for curl. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26108/ | | File Size: | 14746 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | 38f68c6c2281511f82d9abf60e9224a8 |
|
| /// File Name: |
sa26105.txt |
Description:
|
Secunia Security Advisory - joseph.giron13 has discovered some vulnerabilities in Insanely Simple Blog, which can be exploited by malicious people to conduct cross-site scripting attacks, script insertion attacks, and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26105/ | | File Size: | 2998 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | 5c7eb6afe0a5fd7556fa63a83d99431c |
|
| /// File Name: |
sa26104.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in cURL/libcURL, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26104/ | | File Size: | 2289 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | d508a6cb9fcf0e33390171c431efa99c |
|
| /// File Name: |
sa26102.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for php. This fixes a vulnerability and a weakness, which can be exploited by malicious people to bypass certain security restrictions or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26102/ | | File Size: | 37121 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | b5b405523de9c7cc7b54fe675cfd9bf6 |
|
| /// File Name: |
sa26099.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26099/ | | File Size: | 4757 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | faadf104b90e71ad03bf28a2a740305a |
|
| /// File Name: |
sa26098.txt |
Description:
|
Secunia Security Advisory - shinnai has discovered some vulnerabilities in Data Dynamics ActiveBar, which can be exploited by malicious people to overwrite arbitrary files.
| | Homepage: | http://secunia.com/advisories/26098/ | | File Size: | 2476 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | 6c1e549566f97a25e9f9969bc2469cbc |
|
| /// File Name: |
sa26097.txt |
Description:
|
Secunia Security Advisory - meoconx has reported a vulnerability in QuickEStore, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26097/ | | File Size: | 2282 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | 6b0b2f3d12b86ce84e52643043af7adf |
|
| /// File Name: |
sa26096.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Thunderbird, which can potentially be exploited to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26096/ | | File Size: | 2556 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | 2e77985b5223a595f9b7d1c08f50697d |
|
| /// File Name: |
sa26095.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26095/ | | File Size: | 3658 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | a658b90f4fda47b53875ea26e3b8d31b |
|
| /// File Name: |
sa26094.txt |
Description:
|
Secunia Security Advisory - GeFORC3 has reported a vulnerability in QuickerSite, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26094/ | | File Size: | 2304 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | ac5e2470a3774ae918f6c67e651442bd |
|
| /// File Name: |
sa26093.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Provisioning Manager for OS Deployment, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26093/ | | File Size: | 2624 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | 4e721ca75a378d12f92a7d6b95deae3c |
|
| /// File Name: |
sa26088.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various CA products, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26088/ | | File Size: | 3597 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | acc5d86bf8b36271e7c720a390ed1f0d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
