Section: .. / 0804-advisories /
| /// File Name: |
sa29954.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for phpgedview. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29954/ | | File Size: | 3530 | | Last Modified: | Apr 28 18:26:27 2008 |
| MD5 Checksum: | 4d262040400ce73dc2640e4deb5b826e |
|
| /// File Name: |
MDVSA-2008-093.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library. The ogg123 application in vorbis-tools is similarly affected by this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3524 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | Apr 29 20:24:49 2008 |
| MD5 Checksum: | c6dba30f19bdce266467d0eb81876aeb |
|
| /// File Name: |
sa29763.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29763/ | | File Size: | 3518 | | Last Modified: | Apr 15 13:23:16 2008 |
| MD5 Checksum: | 7fdc7f7669da4315bb317be02a4f5092 |
|
| /// File Name: |
sa29778.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in EMC DiskXtender, which can be exploited by malicious people to bypass certain security restrictions or by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29778/ | | File Size: | 3515 | | Last Modified: | Apr 15 13:23:16 2008 |
| MD5 Checksum: | 7f4b732d3783c6f37a3c2ccc14447958 |
|
| /// File Name: |
USN-600-1.txt |
Description:
|
Ubuntu Security Notice 600-1 - Sebastian Krahmer discovered that rsync could overflow when handling ACLs. An attacker could construct a malicious set of files that when processed by rsync could lead to arbitrary code execution or a crash.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3474 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 11 14:51:50 2008 |
| MD5 Checksum: | d2c9ff7066ca61f4e637585d5c630a1e |
|
| /// File Name: |
04.17.08-2.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of an integer overflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the code responsible for parsing the EMR_STRETCHBLT record in an EMF file. This code reads in two 32-bit integers from the file, and then uses them in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This calculation can overflow, resulting in an insufficiently sized buffer being allocated. Subsequently, this buffer is overflowed with data from the file. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3470 | | Related CVE(s): | CVE-2007-5746 | | Last Modified: | Apr 17 18:32:20 2008 |
| MD5 Checksum: | 89042174d6abaa20543881003162702f |
|
| /// File Name: |
TA08-099A.txt |
Description:
|
Technical Cyber Security Alert TA08-099A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for April 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3469 | | Last Modified: | Apr 8 23:18:10 2008 |
| MD5 Checksum: | 82069bfe7ab0decef2056f8cf30cc852 |
|
| /// File Name: |
04.09.08-1.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of an authentication bypass vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code. Each of the main components of the DiskXtender suite is vulnerable to an authentication bypass vulnerability. Specifically, the authentication code contains a hard-coded login and password. By connecting to the RPC interface, and logging on with these credentials, it is possible to bypass the normal authentication process. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3447 | | Related CVE(s): | CVE-2008-0961 | | Last Modified: | Apr 11 14:48:00 2008 |
| MD5 Checksum: | dbf348e8b2d22a48dd9a267fca454033 |
|
| /// File Name: |
sa29660.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29660/ | | File Size: | 3444 | | Last Modified: | Apr 4 16:56:23 2008 |
| MD5 Checksum: | 90e2743b260f02a3d9be8b9bb9fb87b5 |
|
| /// File Name: |
sa29691.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Visio, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29691/ | | File Size: | 3435 | | Last Modified: | Apr 8 22:22:39 2008 |
| MD5 Checksum: | 24c4d07ebbed56a1580572e6205eeb4f |
|
| /// File Name: |
sa29867.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29867/ | | File Size: | 3428 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | f8c76db2006120d4a2692c824eb4de06 |
|
| /// File Name: |
04.17.08-1.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of a heap based buffer overflow vulnerability in OpenOffice.org's OpenOffice, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the importer for files stored using the OLE format. When parsing the "DocumentSummaryInformation" stream, the vulnerable code does not correctly verify the size of a destination buffer before copying data from the file into it. This results in an exploitable heap overflow. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3.1. Other versions may also be affected.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 3409 | | Related CVE(s): | CVE-2008-0320 | | Last Modified: | Apr 17 18:31:05 2008 |
| MD5 Checksum: | 624877933491e6bd0d3012daf6ac2b07 |
|
| /// File Name: |
glsa-200804-29.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-29 - Comix does not properly sanitize filenames containing shell metacharacters when they are passed to the rar, unrar, or jpegtran programs (CVE-2008-1568). Comix also creates directories with predictable names (CVE-2008-1796). Versions less than 3.6.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3382 | | Related CVE(s): | CVE-2008-1568, CVE-2008-1796 | | Last Modified: | Apr 25 20:03:20 2008 |
| MD5 Checksum: | 8ce89de703f5399b083a9db761aa6539 |
|
| /// File Name: |
ZDI-08-022.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3372 | | Related CVE(s): | CVE-2008-1026 | | Last Modified: | Apr 16 18:08:34 2008 |
| MD5 Checksum: | 8c59082cde3c46c9f1624a17dd595252 |
|
| /// File Name: |
sa29927.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29927/ | | File Size: | 3360 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 9e0a43c3b13e5ffaee0438124b3e0d99 |
|
| /// File Name: |
sa29729.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for m4. This fixes a security issue and a vulnerability, which can be exploited by malicious people to manipulate certain data or to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29729/ | | File Size: | 3357 | | Last Modified: | Apr 8 22:22:39 2008 |
| MD5 Checksum: | e1b502763dd7ef9f05a59682fe7ae87c |
|
| /// File Name: |
sa29796.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to disclose certain information or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29796/ | | File Size: | 3357 | | Last Modified: | Apr 14 17:48:17 2008 |
| MD5 Checksum: | 9c9f8d207bca67b6152fa6be70e7981a |
|
| /// File Name: |
sa29676.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29676/ | | File Size: | 3352 | | Last Modified: | Apr 7 22:57:36 2008 |
| MD5 Checksum: | fe132394016b98283d6dde340697da42 |
|
| /// File Name: |
sa29841.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in BEA JRockit, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29841/ | | File Size: | 3335 | | Last Modified: | Apr 18 14:12:52 2008 |
| MD5 Checksum: | c82feee2c0b75ff6de57b5cb430f29e9 |
|
| /// File Name: |
sa29655.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29655/ | | File Size: | 3326 | | Last Modified: | Apr 4 16:56:23 2008 |
| MD5 Checksum: | b3377d7402373776055b092687c6c034 |
|
| /// File Name: |
sa29807.txt |
Description:
|
Secunia Security Advisory - AmnPardaz Security Research Team have discovered some vulnerabilities in cpCommerce, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29807/ | | File Size: | 3320 | | Last Modified: | Apr 14 16:22:44 2008 |
| MD5 Checksum: | b03d822249d81bdf9a020672e9ccd23e |
|
| /// File Name: |
04.03.08-2.txt |
Description:
|
iDefense Security Advisory 04.03.08 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s Alert Notification Service may allow an authenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense confirmed the existence of these vulnerabilities with Computer Associates' Threat Manager for the Enterprise version 8.1. Other products that contain the Alert Notification Service are suspected to be vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3319 | | Related CVE(s): | CVE-2007-4620 | | Last Modified: | Apr 4 19:55:55 2008 |
| MD5 Checksum: | cc1671ff27d2d45ed90d7e7995b9b75a |
|
| /// File Name: |
glsa-200804-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-13 - Multiple vulnerabilities have been found in Asterisk allowing for SQL injection, session hijacking and unauthorized usage. Versions less than 1.2.27 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3318 | | Related CVE(s): | CVE-2007-6170, CVE-2007-6430, CVE-2008-1332 | | Last Modified: | Apr 14 19:00:49 2008 |
| MD5 Checksum: | 8b5069d31ac6bad4492d0e424adcf705 |
|
| /// File Name: |
04.09.08-2.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of a buffer overflow vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. The File System Manager is prone to a stack-based buffer overflow vulnerability. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the length of a string in the request. By making a specially crafted request, a stack based buffer overflow occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3295 | | Related CVE(s): | CVE-2008-0962 | | Last Modified: | Apr 11 14:48:42 2008 |
| MD5 Checksum: | 6bf48ca72b6e0a4c486fac37e6e7c96a |
|
| /// File Name: |
sa29677.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29677/ | | File Size: | 3295 | | Last Modified: | Apr 8 22:22:39 2008 |
| MD5 Checksum: | 0211e5749ef382d4e7ca10c01c059498 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
