Section: .. / 0803-advisories /
| /// File Name: |
sa29393.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29393/ | | File Size: | 4404 | | Last Modified: | Mar 19 20:11:50 2008 |
| MD5 Checksum: | 37d5f0027145f84a1f0740655f69db58 |
|
| /// File Name: |
sa29526.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29526/ | | File Size: | 4355 | | Last Modified: | Mar 27 02:24:42 2008 |
| MD5 Checksum: | 2781a28d1c26741c26da39e984d44e45 |
|
| /// File Name: |
MDVSA-2008-068.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4354 | | Related CVE(s): | CVE-2008-0888 | | Last Modified: | Mar 18 22:44:25 2008 |
| MD5 Checksum: | e36b7227b79e870237a7f130fb16e0fa |
|
| /// File Name: |
dsa-1518-1.txt |
Description:
|
Debian Security Advisory 1518-1 - Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing.
| | Homepage: | http://www.debian.org/security | | File Size: | 4281 | | Related CVE(s): | CVE-2007-4656 | | Last Modified: | Mar 17 14:31:17 2008 |
| MD5 Checksum: | bb5289b17ba664f960328ba943d15ff5 |
|
| /// File Name: |
sa29570.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions and disclose potentially sensitive information, and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29570/ | | File Size: | 4250 | | Last Modified: | Mar 28 16:26:02 2008 |
| MD5 Checksum: | 9bafd1de702f744e17cedeffc50ba936 |
|
| /// File Name: |
MDVSA-2008-073.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4243 | | Related CVE(s): | CVE-2007-6341 | | Last Modified: | Mar 20 17:13:06 2008 |
| MD5 Checksum: | fa03a5b781a22077ba0450c3dad3c1cd |
|
| /// File Name: |
sa29507.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29507/ | | File Size: | 4156 | | Last Modified: | Mar 28 16:26:02 2008 |
| MD5 Checksum: | c4248a92beba13af1f31716d7b8cdacd |
|
| /// File Name: |
MSA02240108.txt |
Description:
|
Internet Explorer 7 allows the overwrite of headers such as Content-Length, Host and Referer, exposing the browser to HTTP request splitting attacks.
| | Author: | Stefano Di Paola | | Homepage: | http://www.mindedsecurity.com/ | | File Size: | 4114 | | Last Modified: | Mar 21 18:24:17 2008 |
| MD5 Checksum: | 0ba0b74eea72c57621a0aad45af45c2f |
|
| /// File Name: |
MU-200803-01.txt |
Description:
|
The Mu Security Research team has found two security issues in the SDP parser in Asterisk 1.4.18. One is an invalid write to an attacker-controllable, almost arbitrary memory location and the other is a stack buffer overflow with limited attacker-controllable values.
| | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 4075 | | Related CVE(s): | CVE-2008-1289 | | Last Modified: | Mar 19 19:27:01 2008 |
| MD5 Checksum: | 1acd9d2850c2a2dd67e09664685f20d1 |
|
| /// File Name: |
sa29452.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xwine. This fixes two security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/29452/ | | File Size: | 4073 | | Last Modified: | Mar 22 14:31:57 2008 |
| MD5 Checksum: | cd33f8d80536c42b4796a0fced72ad09 |
|
| /// File Name: |
MDVSA-2008-061.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple cross-site scripting (XSS) vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via editing templates and the list's info attribute in the web administrator interface.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4069 | | Related CVE(s): | CVE-2008-0564 | | Last Modified: | Mar 12 17:38:54 2008 |
| MD5 Checksum: | 6630467d76b59eee278cf3330ed32fa6 |
|
| /// File Name: |
glsa-200803-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-08 - Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Versions less than 20071007-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3981 | | Related CVE(s): | CVE-2006-4382, CVE-2006-4384, CVE-2006-4385, CVE-2006-4386, CVE-2006-4388, CVE-2006-4389, CVE-2007-4674, CVE-2007-6166 | | Last Modified: | Mar 4 17:49:07 2008 |
| MD5 Checksum: | ed1bd085d95103e6d32a610802391f72 |
|
| /// File Name: |
MDVSA-2008-063.txt |
Description:
|
Mandriva Linux Security Advisory - Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3976 | | Related CVE(s): | CVE-2008-0072 | | Last Modified: | Mar 12 17:40:36 2008 |
| MD5 Checksum: | 6fbf265b975e2c247be78137ec719cad |
|
| /// File Name: |
xinehof.txt |
Description:
|
xine-lib versions 1.1.11 and below suffer from six heap overflow vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | xinehof.zip | | File Size: | 3966 | | Last Modified: | Mar 20 17:17:19 2008 |
| MD5 Checksum: | 2cfe9d6e272a5f0691aaff6313456fda |
|
| /// File Name: |
sa29328.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Office Web Components, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29328/ | | File Size: | 3955 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 94026d6aae5871068fbead3fb5c52888 |
|
| /// File Name: |
dsa-1520-1.txt |
Description:
|
Debian Security Advisory 1520-1 - It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string.
| | Homepage: | http://www.debian.org/security | | File Size: | 3951 | | Related CVE(s): | CVE-2008-1066 | | Last Modified: | Mar 17 14:45:43 2008 |
| MD5 Checksum: | e00f85ef1eec65997414270a5403e8ef |
|
| /// File Name: |
MDVSA-2008-079.txt |
Description:
|
Mandriva Linux Security Advisory - A stack-based buffer overflow in sarg (Squid Analysis Report Generator) allowed remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. A cross-site scripting vulnerability in sarg version 2.x prior to 2.2.5 allowed remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. In addition, a number of other fixes have been made such as making the getword() function more robust which should prevent any overflows, other segfaults have been fixed, and the useragent report is now more consistent with the other reports.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3896 | | Related CVE(s): | CVE-2008-1168, CVE-2008-1167 | | Last Modified: | Mar 28 17:12:30 2008 |
| MD5 Checksum: | 6af2f57b4645d90a917e19aa7812867a |
|
| /// File Name: |
dsa-1519-1.txt |
Description:
|
Debian Security Advisory 1519-1 - It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 3880 | | Related CVE(s): | CVE-2008-1284 | | Last Modified: | Mar 17 14:31:43 2008 |
| MD5 Checksum: | febf3fc9da978819bacce868470c9661 |
|
| /// File Name: |
TA08-087A.txt |
Description:
|
Technical Cyber Security Alert TA08-087A - New versions of Firefox, Thunderbird, and SeaMonkey address several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3879 | | Last Modified: | Mar 27 17:31:04 2008 |
| MD5 Checksum: | 03f79e5e0d87463f7cf7655be23f8e49 |
|
| /// File Name: |
03.10.08-1.txt |
Description:
|
iDefense Security Advisory 03.10.08 - Remote exploitation of a signedness error in the "vserver" component of SAP AG's MaxDB could allow attackers to execute arbitrary code. After accepting a connection, the "vserver" process forks and reads parameters from the client into various structures. When doing so, it trusts values sent from the client to be valid. By sending a specially crafted request, an attacker can cause heap corruption. This leads to a potentially exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on Linux. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3866 | | Related CVE(s): | CVE-2008-0307 | | Last Modified: | Mar 12 20:29:44 2008 |
| MD5 Checksum: | 052ff389d8811e4398c4bd663563772f |
|
| /// File Name: |
versantcmd.txt |
Description:
|
Vershant Object Database versions 7.0.1.3 and below suffer from an arbitrary command execution vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | versantcmd.zip | | File Size: | 3865 | | Last Modified: | Mar 4 17:40:05 2008 |
| MD5 Checksum: | 1127c7a25aa511f58d5c9ab916106e52 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
