Section: .. / 0802-advisories /
| /// File Name: |
sa28836.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and a weakness have been discovered in PowerNews, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting and SQL injection attacks, disclose certain information, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28836/ | | File Size: | 3863 | | Last Modified: | Feb 11 13:45:05 2008 |
| MD5 Checksum: | 696279e678e7fac0464cb6ae1d38f128 |
|
| /// File Name: |
MDVSA-2008-050.txt |
Description:
|
Mandriva Linux Security Advisory - Dave Camp at Critical Path Software discovered a buffer overflow in CUPS 1.1.23 and earlier could allow local admin users to execute arbitrary code via a crafted URI to the CUPS service. The Red Hat Security Team also found two flaws in CUPS 1.1.x where a malicious user on the local subnet could send a set of carefully crafted IPP packets to the UDP port in such a way as to cause CUPS to crash or consume memory and lead to a CUPS crash. Finally, another flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3852 | | Related CVE(s): | CVE-2007-5848, CVE-2008-0596, CVE-2008-0597, CVE-2008-0886 | | Last Modified: | Feb 26 19:21:01 2008 |
| MD5 Checksum: | 81ed5a71558215cc1fa00282444155b3 |
|
| /// File Name: |
sa28795.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Sun JRE, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28795/ | | File Size: | 3841 | | Last Modified: | Feb 6 14:35:54 2008 |
| MD5 Checksum: | f825e79aef909a8a1f423cc10fb94061 |
|
| /// File Name: |
TA08-043C.txt |
Description:
|
Technical Cyber Security Alert TA08-043C - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Visual Basic and Internet Information Services (IIS). Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, gain elevated privileges, or crash a vulnerable system. Systems affected include Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft Visual Basic, and Microsoft Internet Information Services (IIS).
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3817 | | Last Modified: | Feb 12 18:07:55 2008 |
| MD5 Checksum: | d902c4945e5dceea89f4faef71bf1477 |
|
| /// File Name: |
02.12.08-1.txt |
Description:
|
iDefense Security Advisory 02.12.08 - Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92. Previous versions may also be affected.
| | Author: | Silvio Cesare | | Homepage: | http://www.idefense.com/ | | File Size: | 3814 | | Related CVE(s): | CVE-2008-0318 | | Last Modified: | Feb 12 17:33:32 2008 |
| MD5 Checksum: | a9128520f7d7444bc6ac5e793ff7954f |
|
| /// File Name: |
sa28894.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28894/ | | File Size: | 3795 | | Last Modified: | Feb 12 17:33:42 2008 |
| MD5 Checksum: | 1df4b6e6479359e72a4fb3b2f8f1cb06 |
|
| /// File Name: |
02.07.08-1.txt |
Description:
|
iDefense Security Advisory 02.07.08 - Local exploitation of a library loading vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to gain root privileges. When the DB2INSTANCE environment variable is set, the libdb2 library will use the corresponding user's directory in place of the DB2 instance directory. This allows an unprivileged local user to control the directory structure on which several set-uid root binaries operate. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 with FixPack 2 installed on a Linux system. Other versions, including those for other UNIX systems, are also suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3749 | | Related CVE(s): | CVE-2007-5757 | | Last Modified: | Feb 7 23:26:30 2008 |
| MD5 Checksum: | b0bfa4ee621d60cb4db6c9c3e2745456 |
|
| /// File Name: |
checkpoint-disclose.txt |
Description:
|
Checkpoint SecuRemote/Secure Client NGX R60 for Windows VPN-1 suffers from an insecure credential storage vulnerability.
| | Author: | MN Vasquez | | File Size: | 3743 | | Last Modified: | Feb 7 20:22:52 2008 |
| MD5 Checksum: | e41bd165daeeb76fa9de608893a377ac |
|
| /// File Name: |
MDVSA-2008-056.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in the excel_read_HLINK function in the Microsoft Excel plugin in Gnumeric prior to version 1.8.1 that would allow for the execution of arbitrary code via a crafted XLS file containing XLS HLINK opcodes.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3628 | | Related CVE(s): | CVE-2008-0668 | | Last Modified: | Mar 3 14:34:10 2008 |
| MD5 Checksum: | 48441dc70983aa2af7d1f2f899351e60 |
|
| /// File Name: |
02.26.08-2.txt |
Description:
|
iDefense Security Advisory 02.26.08 - Remote exploitation of a stack based buffer overflow vulnerability in Symantec Scan Engine version 5.1.2 could allow an unauthenticated attacker to execute arbitrary code with the privileges of the scan engine process. Symantec Scan Engine listens on TCP port 1344 to accept files for scanning using the Internet Content Adaptation Protocol (ICAP). If the service is sent a specially malformed RAR file, a stack-based buffer overflow will occur. iDefense has confirmed this vulnerability in the Linux build of the Symantec Scan Engine version 5.1.2. This issue does not affect the Windows build of the product. Previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3619 | | Related CVE(s): | CVE-2008-0309 | | Last Modified: | Feb 26 19:37:32 2008 |
| MD5 Checksum: | 28d026ef014680041c7b0b128293e0ef |
|
| /// File Name: |
sa28973.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Hosting Controller, which can be exploited by malicious users to disclose sensitive information and manipulate certain data, and by malicious people to manipulate certain data, disclose sensitive information, conduct SQL injection attacks, and potentially to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28973/ | | File Size: | 3615 | | Last Modified: | Feb 18 21:35:08 2008 |
| MD5 Checksum: | 8b9ca436a4d0088f4f7aff0418a230f4 |
|
| /// File Name: |
sa28858.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28858/ | | File Size: | 3585 | | Last Modified: | Feb 13 16:32:17 2008 |
| MD5 Checksum: | a233de53d6cac416671961bfa133b4d6 |
|
| /// File Name: |
02.12.08-4.txt |
Description:
|
iDefense Security Advisory 02.12.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code within the context of the affected user. When certain properties are assigned malformed values, memory can be corrupted in a way that leads to Internet Explorer making a call to a member function of an already released property object. If the memory location of the released property object happens to be filled by attacker controlled content, the attacker can execute arbitrary code. iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0, with all available security patches as of October 22nd, 2007, are vulnerable. Older versions of Internet Explorer may also be vulnerable.
| | Author: | hyy | | Homepage: | http://www.idefense.com/ | | File Size: | 3583 | | Related CVE(s): | CVE-2008-0077 | | Last Modified: | Feb 12 21:51:12 2008 |
| MD5 Checksum: | 4d18eb70c0164aefaeaf8f513ab07c2e |
|
| /// File Name: |
02.26.08-1.txt |
Description:
|
iDefense Security Advisory 02.26.08 - Remote exploitation of a Denial of Service vulnerability in Symantec Scan Engine version 5.1.2 could allow an unauthenticated attacker to create a denial of service (DoS) condition. Symantec Scan Engine listens on TCP port 1344 to accept files for scanning using the Internet Content Adaptation Protocol (ICAP). If the service is sent a malformed RAR file, the service will consume massive amounts of memory. This can result in a denial of service condition for the application and operating system. iDefense confirmed the existence of this vulnerability in Symantec Scan Engine 5.1.2. This issue affects both the Windows and Linux builds of the product. Previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3570 | | Related CVE(s): | CVE-2008-0308 | | Last Modified: | Feb 26 19:36:40 2008 |
| MD5 Checksum: | 3bdef4d0c069163afa87e6e53aa82965 |
|
| /// File Name: |
sa29099.txt |
Description:
|
Secunia Security Advisory - NBBN has discovered some vulnerabilities in the Sniplets plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29099/ | | File Size: | 3545 | | Last Modified: | Feb 27 21:32:52 2008 |
| MD5 Checksum: | 365acdaff4fd41f6fcffe1ef9c4f6444 |
|
| /// File Name: |
firefox20011bmp-dos.txt |
Description:
|
Opera version 9.50 beta and FireFox versions 2.0.0.11 suffer from a vulnerability during BMP file handling.
| | Author: | Gynvael Coldwind | | File Size: | 3533 | | Last Modified: | Feb 17 21:37:33 2008 |
| MD5 Checksum: | acddcd7b30c860fcbb579020d5cd6838 |
|
| /// File Name: |
sa28849.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Internet Information Services (IIS), which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28849/ | | File Size: | 3497 | | Last Modified: | Feb 12 17:59:25 2008 |
| MD5 Checksum: | 482f0b3de47802cc3418fe100c3e078a |
|
| /// File Name: |
sa28904.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Office and Microsoft Works, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28904/ | | File Size: | 3496 | | Last Modified: | Feb 12 14:09:00 2008 |
| MD5 Checksum: | 279667295e90f8afd10ab8eb0a30e86a |
|
| /// File Name: |
02.20.08-1.txt |
Description:
|
iDefense Security Advisory 02.20.08 - Remote exploitation of a denial of service vulnerability in Symantec Corp.'s Veritas Storage Foundation scheduler service could allow an unauthenticated attacker to crash the service. iDefense Labs have confirmed Veritas Storage Foundation for Windows version 5.0 (with VxSchedService.exe version 5.0.9.298) is vulnerable. It is suspected that all previous versions are vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3492 | | Related CVE(s): | CVE-2007-4516 | | Last Modified: | Feb 21 00:40:58 2008 |
| MD5 Checksum: | 5224c4874af2a3b22c52e80f16b86220 |
|
| /// File Name: |
wincomalpd.txt |
Description:
|
WinCom LPD Total line printer daemon versions 3.0.2.623 and below suffer from buffer overflow and bypass vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | wincomalpd.zip | | File Size: | 3481 | | Last Modified: | Feb 4 19:38:04 2008 |
| MD5 Checksum: | c43c737c8bf8212ecd4dbbfbb0a0e92e |
|
| /// File Name: |
sa28793.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Textpattern, which can be exploited by malicious users to disclose sensitive information or conduct script insertion attacks, and by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28793/ | | File Size: | 3480 | | Last Modified: | Feb 5 18:02:25 2008 |
| MD5 Checksum: | 8d745659050af457dfa54ecea462f812 |
|
| /// File Name: |
sa28796.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for libcdio. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28796/ | | File Size: | 3464 | | Last Modified: | Feb 11 13:45:05 2008 |
| MD5 Checksum: | 0413b883c51dcfc76d451d930c441a57 |
|
| /// File Name: |
MDVSA-2008-053.txt |
Description:
|
Mandriva Linux Security Advisory - A buffer overflow in PCRE 7.x before 7.6 allows remote attackers to execute arbitrary code via a regular expression that contains a character class with a large number of characters with Unicode code points greater than 255.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3452 | | Related CVE(s): | CVE-2008-0674 | | Last Modified: | Feb 27 21:34:32 2008 |
| MD5 Checksum: | d60edf5bd4e16f0e3aef0e5418fdf493 |
|
| /// File Name: |
sa28838.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service), by malicious users to manipulate data, gain escalated privileges, and cause a DoS, and by malicious people to manipulate data, bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28838/ | | File Size: | 3452 | | Last Modified: | Feb 8 19:16:05 2008 |
| MD5 Checksum: | 796a257cef4909f883d5358ddba60ddb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
