Section: .. / 0709-advisories /
| /// File Name: |
sa26935.txt |
Description:
|
Secunia Security Advisory - Evan Teran has reported a security issue in the Linux kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26935/ | | File Size: | 2410 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | bb085cafa27b8c3e677df2bab29630ab |
|
| /// File Name: |
sa26936.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/26936/ | | File Size: | 2711 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | 33cadf3c0b549f051bed3b93fa1595bb |
|
| /// File Name: |
sa26940.txt |
Description:
|
Secunia Security Advisory - R00T[ATI] has discovered a vulnerability in ClanSphere, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26940/ | | File Size: | 2437 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | c2ac29b4a6e0739b5e2f25edbda88899 |
|
| /// File Name: |
sa26944.txt |
Description:
|
Secunia Security Advisory - Enrico Milanese has reported a vulnerability in eGroupWare, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26944/ | | File Size: | 2380 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | ff207b7543e2de96eb96894cd56bfb61 |
|
| /// File Name: |
sa26952.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for httpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26952/ | | File Size: | 3372 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | f0762b39baf6a06df44afcb6fa421138 |
|
| /// File Name: |
sa26953.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26953/ | | File Size: | 2067 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | 67b1697a9f915b82666b204547275933 |
|
| /// File Name: |
sa26955.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26955/ | | File Size: | 133231 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | edb73b61f5ed89c3e83b484cad1833b7 |
|
| /// File Name: |
sa26956.txt |
Description:
|
Secunia Security Advisory - A weakness has been reported in ELinks, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/26956/ | | File Size: | 2257 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | 4eb12621ea7ca216ab0d3906af0d38d7 |
|
| /// File Name: |
sa26959.txt |
Description:
|
Secunia Security Advisory - shinnai has discovered a vulnerability in ebCrypt, which can be exploited by malicious people to overwrite arbitrary files.
| | Homepage: | http://secunia.com/advisories/26959/ | | File Size: | 2352 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | cfc37f4d80d548d36b58dc8450bdcfb0 |
|
| /// File Name: |
sa26960.txt |
Description:
|
Secunia Security Advisory - Joey Mengele has discovered a vulnerability in Ask Toolbar, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26960/ | | File Size: | 2427 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | ffb5132125c4d22d1e97f3fe6fb2e451 |
|
| /// File Name: |
sa26963.txt |
Description:
|
Secunia Security Advisory - r0t has reported a vulnerability in Freeside, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26963/ | | File Size: | 2331 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | 0fcd61f985314891a0b76e1ca0e45173 |
|
| /// File Name: |
ZDI-07-054.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw exists in the dsmcad.exe process bound by default on TCP port 1581. During HTTP header parsing, a host parameter of sufficient length will trigger an overflow through a call to vswprintf(). The call overflows into imported function pointers which are later called. Exploitation of this issue can result in arbitrary code execution.
| | Author: | Sebastian Apelt | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3434 | | Related CVE(s): | CVE-2007-4880 | | Last Modified: | Sep 25 00:10:02 2007 |
| MD5 Checksum: | d94fdf8ee105d5fcc99dc5ec05fd3ad4 |
|
| /// File Name: |
USN-517-1.txt |
Description:
|
Ubuntu Security Notice 517-1 - It was discovered that KDM would allow logins without password checks under certain circumstances. If autologin was configured, and "shutdown with password" enabled, a local user could exploit the problem and gain root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 58014 | | Related CVE(s): | CVE-2007-4569 | | Last Modified: | Sep 25 00:08:38 2007 |
| MD5 Checksum: | 909c4a2a9962000bca85095b2bff8aae |
|
| /// File Name: |
googleurchin-xss.txt |
Description:
|
There is a trivially exploitable cross site scripting vulnerability on Google Urchin Web Analytics 5's login page. The vulnerability has been tested on versions 5.6.00r2, 5.7.01, 5.7.02 and 5.7.03 (latest). Previous versions are most likely affected as well.
| | Author: | pagvac | | File Size: | 794 | | Last Modified: | Sep 25 00:06:14 2007 |
| MD5 Checksum: | 787e264d6b1e657a3f34181cf856f8d5 |
|
| /// File Name: |
SSRT071449-1.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been reported with HP OpenVMS when running BIND version 9.2.1 or BIND version 9.3.1. The vulnerability could be exploited remotely to cause DNS cache poisoning.
| | Homepage: | http://www.hp.com/ | | File Size: | 5772 | | Related CVE(s): | CVE-2007-2926 | | Last Modified: | Sep 25 00:04:31 2007 |
| MD5 Checksum: | 901bf77484794fee766fc5d12df252d4 |
|
| /// File Name: |
linuxkernel-validation.txt |
Description:
|
Insufficient validation of the general-purpose register in IA32 system call emulation code may lead to local system compromise on x86_64 platform for Linux kernels in the 2.4 and 2.6 series.
| | Author: | Wojciech Purczynski | | File Size: | 2766 | | Last Modified: | Sep 24 23:59:47 2007 |
| MD5 Checksum: | e8d9d1cded501fd645ff74c4967aac9f |
|
| /// File Name: |
glsa-200709-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200709-15 - An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities. Versions less than 1.5.0.11_p1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3929 | | Related CVE(s): | CVE-2007-2788, CVE-2007-2789, CVE-2007-3004, CVE-2007-3005, CVE-2007-3503, CVE-2007-3698, CVE-2007-3716, CVE-2007-3922, CVE-2007-4381 | | Last Modified: | Sep 24 23:57:51 2007 |
| MD5 Checksum: | a7467985a4a61638b6b3ec74dac18f63 |
|
| /// File Name: |
MDKSA-2007-187.txt |
Description:
|
Mandriva Linux Security Advisory - Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update. Not just a couple, not a few, but many.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16451 | | Related CVE(s): | CVE-2007-1375, CVE-2007-1399, CVE-2007-1900, CVE-2007-2727, CVE-2007-2728, CVE-2007-2748, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670 | | Last Modified: | Sep 24 23:41:53 2007 |
| MD5 Checksum: | b96e8da2cd6e8f174d150d88670ccbcd |
|
| /// File Name: |
EEYE-ARCserve.txt |
Description:
|
eEye Digital Security has discovered multiple vulnerabilities within CA ARCserve for Laptops & Desktops (L&D), an enterprise-level backup software suite designed for workstations. The vulnerabilities can be utilized by an attacker to execute arbitrary code on a remote system anonymously over TCP/1900.
| | Author: | Matt Oh, Andre Derek Protas, Yuji Ukai | | Homepage: | http://www.eeye.com/ | | File Size: | 8030 | | Last Modified: | Sep 24 23:39:26 2007 |
| MD5 Checksum: | 1c7505578b435c40f52cd57bf47ea93a |
|
| /// File Name: |
09.20.07-2.txt |
Description:
|
iDefense Security Advisory 09.20.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. The LGServer contains multiple vulnerable functions that handle network requests, several of which contain more than one vulnerability. All together there are nearly 60 buffer overflows in the LGServer. The majority of these are the result of copying remotely supplied strings into fixed-size buffers without validating that enough space is available. iDefense has confirmed the existence of these vulnerabilities in ARCServe Backup for Laptops and Desktops version 11.1 (Build 900) for Windows. Other versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 5535 | | Related CVE(s): | CVE-2007-5003, CVE-2007-3216 | | Last Modified: | Sep 24 23:27:56 2007 |
| MD5 Checksum: | 10ef3a0a739a3463bf5bd9865ed1fb50 |
|
| /// File Name: |
09.20.07-1.txt |
Description:
|
iDefense Security Advisory 09.20.07 - Remote exploitation of an authentication bypass vulnerability in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. This vulnerability specifically exists since the command handlers that service network requests do not check to see if the peer is authenticated. iDefense has confirmed the existence of this vulnerability in ARCServe Backup for Laptops and Desktops version R11.1 Build 900. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3346 | | Related CVE(s): | CVE-2007-5006 | | Last Modified: | Sep 24 23:26:27 2007 |
| MD5 Checksum: | ab1a997811f66137d1dcf49ab9f2f75e |
|
| /// File Name: |
09.19.07-4.txt |
Description:
|
iDefense Security Advisory 09.19.07 - Remote exploitation of a sign extension vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4371 | | Related CVE(s): | CVE-2007-4988 | | Last Modified: | Sep 24 23:22:44 2007 |
| MD5 Checksum: | 3fb64565806ae03bcbada338ab849a47 |
|
| /// File Name: |
09.19.07-3.txt |
Description:
|
iDefense Security Advisory 09.19.07 - Remote exploitation of multiple denial of service vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to consume excessive CPU resources on the target system. The first vulnerability exists in the ReadDCMImage() function. Since the return value of ReadBlobByte() is not properly checked, it can enter an infinite loop. The second vulnerability exists in the ReadXCFImage() function. Since the return value of ReadBlobMSBLong() is not properly checked, it can enter an infinite loop. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3922 | | Related CVE(s): | CVE-2007-4985 | | Last Modified: | Sep 24 23:21:43 2007 |
| MD5 Checksum: | 7d23da6b5f9042babd23911d8d238749 |
|
| /// File Name: |
09.19.07-2.txt |
Description:
|
iDefense Security Advisory 09.19.07 - Remote exploitation of an off-by-one vulnerability in ImageMagick, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4057 | | Related CVE(s): | CVE-2007-4987 | | Last Modified: | Sep 24 23:20:34 2007 |
| MD5 Checksum: | 95628f231271add7de03202d5f08623e |
|
| /// File Name: |
09.19.07-1.txt |
Description:
|
iDefense Security Advisory 09.19.07 - Remote exploitation of multiple integer overflow vulnerabilities in ImageMagick, as included in various vendors' operating system distributions, allows attackers to crash applications using the ImageMagick library, and in some cases, execute arbitrary code. Several integer overflow vulnerabilities have been identified in ImageMagick's handling of various file formats. By creating a specially crafted DCM, DIB, XBM, XCF, or XWD image file, an attacker can cause a heap buffer of insufficient size to be allocated. This results in a heap-based buffer overflow. iDefense Labs confirmed that ImageMagick version 6.3.4 is vulnerable. It is suspected that other versions of ImageMagick are also vulnerable.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4085 | | Related CVE(s): | CVE-2007-4986 | | Last Modified: | Sep 24 23:19:22 2007 |
| MD5 Checksum: | 426806812f47416779fe434be2779695 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
