Section: .. / 0712-advisories /
| /// File Name: |
sa28168.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for autofs. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/28168/ | | File Size: | 3447 | | Last Modified: | Dec 24 18:08:44 2007 |
| MD5 Checksum: | b91cdcd7a86cc8149093d1e88ed3f349 |
|
| /// File Name: |
sa28148.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Sun Ray Server Software, which can be exploited by malicious, local users or malicious people to manipulate certain data or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28148/ | | File Size: | 3428 | | Last Modified: | Dec 19 19:28:49 2007 |
| MD5 Checksum: | 952978e89302bf937405049ac46dc691 |
|
| /// File Name: |
MDKSA-2007-234.txt |
Description:
|
Mandriva Linux Security Advisory - Raphael Marichez discovered a denial of service bug in how vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab could prevent vixie-cron from executing certain system cron jobs.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3424 | | Related CVE(s): | CVE-2007-1856 | | Last Modified: | Dec 4 00:29:12 2007 |
| MD5 Checksum: | ce3c43d6d7de27803535bb1c72e63753 |
|
| /// File Name: |
ZDI-07-071.txt |
Description:
|
Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard (HP) OpenView Network Node Manager (NNM). Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the CGI applications that handle the management of the NNM server. Due to lack of bounds checking during a call to sprintf(), sending overly long arguments to the various CGI variables result in a classic stack overflow leading to compromise of the remote server. Exploitation leads to code execution running under the credentials of the web server. Further techniques can be leveraged to gain full SYSTEM access. OpenView Network Node Manager versions 7.51 and below are affected.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3372 | | Related CVE(s): | CVE-2007-6204 | | Last Modified: | Dec 7 19:54:09 2007 |
| MD5 Checksum: | 311ceae015110716c8b40553879d3e45 |
|
| /// File Name: |
ZDI-07-078.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of St. Bernard Open File Manager. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Open File Manager service, ofmnt.exe, which listens by default on a random TCP port near 1000. The process blindly copies user-suppled data to a static heap buffer. By supplying an overly large amount of data, an attacker can overflow that buffer leading to arbitrary code execution in the context of the SYSTEM user. Open File Manager version 9.5 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3361 | | Related CVE(s): | CVE-2007-6281 | | Last Modified: | Dec 17 21:23:04 2007 |
| MD5 Checksum: | 31da33da8dcfead04f175ae756208305 |
|
| /// File Name: |
MDKSA-2007-240.txt |
Description:
|
Mandriva Linux Security Advisory - The NFSv4 ID mapper prior to 0.17 did not properly handle return values from the getpwnam_r() function when performing a username lookup, which could cause it to report a file as being owned by 'root' instead of 'nobody' if the file exists on the server but not the client.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3308 | | Related CVE(s): | CVE-2007-4135 | | Last Modified: | Dec 7 19:41:47 2007 |
| MD5 Checksum: | 1c159e5a8d0155d8c42d29c77de4cfa3 |
|
| /// File Name: |
12.17.07-1.txt |
Description:
|
iDefense Security Advisory 12.17.07 - Local exploitation of a stack based buffer overflow vulnerability in Apple Inc.'s Mac OS X mount_smbfs utility could allow an attacker to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.4.10, on both the Server and Desktop versions. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3299 | | Related CVE(s): | CVE-2007-3876 | | Last Modified: | Dec 18 19:50:55 2007 |
| MD5 Checksum: | e8889ad8722bdf741a8739a45928309c |
|
| /// File Name: |
sa28047.txt |
Description:
|
Secunia Security Advisory - MhZ91 has reported some vulnerabilities in Falcon Series One, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks and to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28047/ | | File Size: | 3296 | | Last Modified: | Dec 11 21:35:59 2007 |
| MD5 Checksum: | ca552490d5a1656d139065e5d22ab508 |
|
| /// File Name: |
glsa-200712-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-08 - The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28). Versions less than 20071114-r2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3289 | | Last Modified: | Dec 10 17:43:11 2007 |
| MD5 Checksum: | 4e4ec18e110d4bec5234e6ff509d5a87 |
|
| /// File Name: |
glsa-200712-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-22 - David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) and Rich text editing (CVE-2007-6522) could be used to allow cross domain scripting. Alexander Klink (Cynops GmbH) discovered an issue with TLS certificates (CVE-2007-6521). Gynvael Coldwind reported that bitmaps might reveal random data from memory (CVE-2007-6524). Versions less than 9.25 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3279 | | Related CVE(s): | CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6524 | | Last Modified: | Dec 31 16:40:36 2007 |
| MD5 Checksum: | f8410efea15b673e7cf2c21266cc5b0c |
|
| /// File Name: |
sa27875.txt |
Description:
|
Secunia Security Advisory - Omni has discovered some vulnerabilities in FTP Admin, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/27875/ | | File Size: | 3277 | | Last Modified: | Dec 2 15:29:26 2007 |
| MD5 Checksum: | 035157cda38abbb4c235c31eee2349b1 |
|
| /// File Name: |
dsa-1405-3.txt |
Description:
|
Debian Security Advisory 1405-3 - The Plone developers discovered that their hotfix, released as DSA 1405, introduced two regressions. This update corrects these flaws. It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
| | Homepage: | http://www.debian.org/security | | File Size: | 3275 | | Related CVE(s): | CVE-2007-5741 | | Last Modified: | Dec 28 20:10:01 2007 |
| MD5 Checksum: | 51efab4fc57ec107f1a38fb68b2c5b6c |
|
| /// File Name: |
sa28151.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Sun Management Center, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/28151/ | | File Size: | 3274 | | Last Modified: | Dec 19 19:28:49 2007 |
| MD5 Checksum: | ab3ce39f85094608acc523968198a291 |
|
| /// File Name: |
sa27923.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Absolute News Manager .NET, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, or to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/27923/ | | File Size: | 3272 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | 0a1e7cf2d74963910e22242ad85d250e |
|
| /// File Name: |
efsup.txt |
Description:
|
Easy File Sharing Web Server versions 4.5 and below suffer from upload directory traversal, download of database files, and sensitive file reading vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | efsup.zip | | File Size: | 3268 | | Last Modified: | Dec 7 20:16:48 2007 |
| MD5 Checksum: | 7b8029936acf59c68c58d727e8087c1b |
|
| /// File Name: |
glsa-200712-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3267 | | Related CVE(s): | CVE-2007-6351, CVE-2007-6352 | | Last Modified: | Dec 29 15:40:37 2007 |
| MD5 Checksum: | 0036504c0eb90eb8567eeebf7ed675d9 |
|
| /// File Name: |
glsa-200712-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-10 - Alin Rad Pop (Secunia Research) discovered a boundary checking error in the send_mailslot() function which could lead to a stack-based buffer overflow. Versions less than 3.0.28 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3265 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 10 17:44:00 2007 |
| MD5 Checksum: | 09bc05b35112c9d661915711bc0ff9fa |
|
| /// File Name: |
msoffice-hyper.txt |
Description:
|
Microsoft Office 2007 fails to protect hyperlinks with the use of digital signatures on a document.
| | Author: | Henrich C. Poehls, Dong Tran, Finn Petersen, Frederic Pscheid | | File Size: | 3261 | | Last Modified: | Dec 13 17:59:43 2007 |
| MD5 Checksum: | b42a0e224039a164607a3c80d634dcbc |
|
| /// File Name: |
sa28229.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has reported some vulnerabilities in Feng, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28229/ | | File Size: | 3260 | | Last Modified: | Dec 28 19:47:16 2007 |
| MD5 Checksum: | 8ca6b22013b2ea432a44f906990dddca |
|
| /// File Name: |
sa27935.txt |
Description:
|
Secunia Security Advisory - A weakness has been reported in Citrix EdgeSight, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/27935/ | | File Size: | 3255 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | f25083c126b74e278a496237ef5e8431 |
|
| /// File Name: |
sa27949.txt |
Description:
|
Secunia Security Advisory - KiNgOfThEwOrLd has discovered some vulnerabilities in SineCms, which can be exploited by malicious people to conduct script insertion and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27949/ | | File Size: | 3243 | | Last Modified: | Dec 7 11:22:07 2007 |
| MD5 Checksum: | bcc7815a500dad4890ca75c8d797f357 |
|
| /// File Name: |
sa28004.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for xorg-x11-xfs. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28004/ | | File Size: | 3228 | | Last Modified: | Dec 11 21:35:59 2007 |
| MD5 Checksum: | c187f46b487e9805845f03f732913dbf |
|
| /// File Name: |
dsa-1439-1.txt |
Description:
|
Debian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.
| | Homepage: | http://www.debian.org/security | | File Size: | 3213 | | Related CVE(s): | CVE-2007-6381 | | Last Modified: | Dec 28 20:19:15 2007 |
| MD5 Checksum: | e6a6d67fe7190ab1580b7f1d8cb23e1d |
|
| /// File Name: |
ZDI-07-075.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. By storing references to document nodes, then removing them by a separate reference, the document model in memory becomes unstable. Accessing the tags property while the document is in this unstable condition results in a heap corruption, allowing the execution of arbitrary code. Affected versions are 6 and 7.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3211 | | Related CVE(s): | CVE-2007-5344 | | Last Modified: | Dec 11 23:40:00 2007 |
| MD5 Checksum: | 8cb065228f52501f33ed8e57b6ede1fd |
|
| /// File Name: |
sa27933.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27933/ | | File Size: | 3204 | | Last Modified: | Dec 5 22:48:33 2007 |
| MD5 Checksum: | bd196fe0a81bb3ab98a3909a4e773472 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
