Section: .. / 0802-advisories /
| /// File Name: |
sa28829.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for wml. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/28829/ | | File Size: | 4237 | | Last Modified: | Feb 11 20:03:56 2008 |
| MD5 Checksum: | 5b065e7a1d4d8ce4f2de650a06f86a04 |
|
| /// File Name: |
sa28834.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Apache Tomcat, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/28834/ | | File Size: | 2381 | | Last Modified: | Feb 11 20:03:56 2008 |
| MD5 Checksum: | bb3a0f309b09e36aab0d77d9e01436d3 |
|
| /// File Name: |
sa28855.txt |
Description:
|
Secunia Security Advisory - Laurent Gaffie has discovered a vulnerability in jetAudio, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28855/ | | File Size: | 2222 | | Last Modified: | Feb 11 20:03:56 2008 |
| MD5 Checksum: | dd3bb853221f09532faa92168cf152ea |
|
| /// File Name: |
sa28862.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has discovered some vulnerabilities in ExtremeZ-IP File and Print Server, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28862/ | | File Size: | 2889 | | Last Modified: | Feb 11 20:03:56 2008 |
| MD5 Checksum: | eeb84744883d2d18a0fc8fa87d2c76f3 |
|
| /// File Name: |
sa28873.txt |
Description:
|
Secunia Security Advisory - Iron has discovered a vulnerability in Journalness, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28873/ | | File Size: | 2519 | | Last Modified: | Feb 11 20:03:56 2008 |
| MD5 Checksum: | a8d92c5f94a5c1982d9bba7699f716be |
|
| /// File Name: |
sa28878.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to manipulate certain data or to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/28878/ | | File Size: | 2844 | | Last Modified: | Feb 11 20:03:56 2008 |
| MD5 Checksum: | 7ea42ea6fea66fe757f3feda7bdbe278 |
|
| /// File Name: |
ZDI-08-004.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file.. The specific flaw exists in the parsing of embedded JavaScript code within PDF documents. When the function printSepsWithParams() is called with certain malicious parameter values an integer overflow can occur resulting in a memory corruption. This may be subsequently leveraged to execute arbitrary code under the privileges of the current user. Adobe Reader and Acrobat versions 8.1.1 and below are affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3391 | | Last Modified: | Feb 11 18:02:18 2008 |
| MD5 Checksum: | 73dc5babd19c9a4d5a7b01ab630f35af |
|
| /// File Name: |
ZDI-08-005.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spoolss named pipe. The EnumPrinters function exposed by this DLL contains a logical flaw allowing an attacker to bypass a patch introduced to prevent the vulnerability described in ZDI-07-045. Exploitation of this vulnerability leads to arbitrary code execution in the context of the SYSTEM user.
| | Author: | Avosani Gabriele | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3352 | | Related CVE(s): | CVE-2008-0639 | | Last Modified: | Feb 11 18:01:16 2008 |
| MD5 Checksum: | ea09c47183c7cdc55b42a0c3c8a949cd |
|
| /// File Name: |
sa28835.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28835/ | | File Size: | 2754 | | Last Modified: | Feb 11 17:59:39 2008 |
| MD5 Checksum: | 8341b1c64642cedf7bde70ad3cae5489 |
|
| /// File Name: |
sa28861.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Joomla!, which can be exploited by malicious people to manipulate certain data.
| | Homepage: | http://secunia.com/advisories/28861/ | | File Size: | 2303 | | Last Modified: | Feb 11 17:59:30 2008 |
| MD5 Checksum: | 2bb04506a145a0032163fd16162c0a56 |
|
| /// File Name: |
sa28887.txt |
Description:
|
Secunia Security Advisory - SoSo H H has reported a vulnerability in ITechBids, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/28887/ | | File Size: | 2248 | | Last Modified: | Feb 11 17:59:30 2008 |
| MD5 Checksum: | 1fddd95e1e83e222dc1d96dd3251e426 |
|
| /// File Name: |
glsa-200802-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200802-04 - The Gallery developement team reported and fixed critical vulnerabilities during an internal audit (CVE-2007-6685, CVE-2007-6686, CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690, CVE-2007-6691, CVE-2007-6692, CVE-2007-6693). Versions less than 2.2.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3895 | | Related CVE(s): | CVE-2007-6685, CVE-2007-6686, CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690, CVE-2007-6691, CVE-2007-6692, CVE-2007-6693 | | Last Modified: | Feb 11 17:59:00 2008 |
| MD5 Checksum: | c889f2aa3562a4c984c769735c47ae32 |
|
| /// File Name: |
glsa-200802-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200802-03 - Ulf Harnhammar, Secunia Research discovered that the frame and frameset HTML tags are not properly filtered out. He also reported that certain HTTP requests are executed without being checked. Versions less than 4.1.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3051 | | Related CVE(s): | CVE-2007-6018 | | Last Modified: | Feb 11 17:58:38 2008 |
| MD5 Checksum: | 47a0f2adf894a8201011c42accd08a38 |
|
| /// File Name: |
cyanuro.txt |
Description:
|
The Opium OPI Server versions 4.10.1028 and below along with a large amount of cyanPrintIP products suffer from a format string vulnerability in ReportSysLogEvent as well as a server crash flaw.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | cyanuro.zip | | File Size: | 2754 | | Last Modified: | Feb 11 16:38:33 2008 |
| MD5 Checksum: | 77dd3ffbfa3f0b47980a7a287806cd06 |
|
| /// File Name: |
ezipirla.txt |
Description:
|
EztremeZ-IP File and Printer Server versions 5.1.2x15 and below suffer from crash and directory traversal vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | ezipirla.zip | | File Size: | 3173 | | Last Modified: | Feb 11 16:32:45 2008 |
| MD5 Checksum: | e8e2f8f64e5912135317b34018724271 |
|
| /// File Name: |
mercury-xss.txt |
Description:
|
Mercury version 1.1.5 suffers from a cross site scripting vulnerability.
| | Homepage: | http://aria-security.net/ | | File Size: | 599 | | Last Modified: | Feb 11 16:24:24 2008 |
| MD5 Checksum: | 1fd7e3a5c4edc9febcf82e00e36db43e |
|
| /// File Name: |
sa28874.txt |
Description:
|
Secunia Security Advisory - Iron has discovered a vulnerability in Open-Realty, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28874/ | | File Size: | 2450 | | Last Modified: | Feb 11 16:10:21 2008 |
| MD5 Checksum: | 8b5bd7a600ea4d3932949e15978268db |
|
| /// File Name: |
sa28881.txt |
Description:
|
Secunia Security Advisory - Russ McRee has reported a vulnerability in Loris Hotel Reservation System, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28881/ | | File Size: | 2291 | | Last Modified: | Feb 11 16:10:21 2008 |
| MD5 Checksum: | 910ebf94c0a6ef3ee84a80fe8b60b03f |
|
| /// File Name: |
sa28886.txt |
Description:
|
Secunia Security Advisory - GoLd_M has discovered a vulnerability in SAPID CMF, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28886/ | | File Size: | 2463 | | Last Modified: | Feb 11 16:10:21 2008 |
| MD5 Checksum: | 25f2443b1fb35ecb09c034119add9744 |
|
| /// File Name: |
firefoxurl-spoof.txt |
Description:
|
Firefox appears to suffer from another URI spoofing vulnerability when fed a missing username.
| | Author: | Carl Hardwick | | File Size: | 1553 | | Last Modified: | Feb 11 16:10:14 2008 |
| MD5 Checksum: | f285694114aeea1f576a89f64cc37851 |
|
| /// File Name: |
02.08.08-3.txt |
Description:
|
iDefense Security Advisory 02.08.08 - Remote exploitation of multiple stack-based buffer overflows in JavaScript methods in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code. iDefense has confirmed these vulnerabilities exist in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4052 | | Related CVE(s): | CVE-2007-5659 | | Last Modified: | Feb 11 14:18:35 2008 |
| MD5 Checksum: | a35ddd3374aaad131a1aa65c950f950b |
|
| /// File Name: |
02.08.08-2.txt |
Description:
|
iDefense Security Advisory 02.08.08 - Remote exploitation of an unsafe library path vulnerability in Adobe Systems Inc.'s Adobe Reader may allow attackers to execute arbitrary code as the current user. This vulnerability is due to Adobe Reader using a path for "Security Provider" libraries that contains the directory the application was started in. Security Provider libraries provide encryption and signature verification routines to applications. If the current directory contains a file with the same name as a Security Provider library, the file will be loaded into the application, potentially allowing code execution. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 installed on Windows XP and Windows Vista. Previous versions, as well as those for other platforms, may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4342 | | Related CVE(s): | CVE-2007-5666 | | Last Modified: | Feb 11 14:17:57 2008 |
| MD5 Checksum: | 38a5bc58a8ae1fc704006f3dbc4c00ed |
|
| /// File Name: |
02.08.08-1.txt |
Description:
|
iDefense Security Advisory 02.08.08 - Remote exploitation of an insecure method exposed by the JavaScript library in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4107 | | Related CVE(s): | CVE-2007-5663 | | Last Modified: | Feb 11 14:17:21 2008 |
| MD5 Checksum: | 81ae9d30d67bdd25fb243122fe848dbc |
|
| /// File Name: |
dsa-1485-1.txt |
Description:
|
Debian Security Advisory 1485-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. These allow for arbitrary code execution, privilege escalation, and more.
| | Homepage: | http://www.debian.org/security | | File Size: | 21696 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Feb 11 14:08:03 2008 |
| MD5 Checksum: | 9808eaa5313f5ec83f43e95ae08ab838 |
|
| /// File Name: |
dsa-1484-1.txt |
Description:
|
Debian Security Advisory 1484-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. These allow for arbitrary code execution, privilege escalation, and more.
| | Homepage: | http://www.debian.org/security | | File Size: | 33756 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Feb 11 14:07:00 2008 |
| MD5 Checksum: | 46ed13a4fffcd239a28416ba21d88b3d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
