Section: .. / 0702-advisories /
| /// File Name: |
simbin.txt |
Description:
|
Games developed by SimBin suffer from a denial of service flaw where a UDP packet of zero bytes sent to the server disconnects all clients.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org | | File Size: | 2583 | | Last Modified: | Feb 23 20:36:29 2007 |
| MD5 Checksum: | 180ee019c82b7c82f13f445595084e3f |
|
| /// File Name: |
cisco-sa-20070221-supplicant.txt |
Description:
|
Cisco Security Advisory - The Cisco Secure Services Client (CSSC) is a software client that enables customers to deploy a single authentication framework using the 802.1X authentication standard across multiple device types to access both wired and wireless networks. A lightweight version of the CSSC client is also a component of the Cisco Trust Agent (CTA) within the Cisco Network Admission Control (NAC) Framework solution. These products are affected by multiple vulnerabilities including privilege escalations and information disclosure.
| | Homepage: | http://www.cisco.com/ | | File Size: | 18702 | | Last Modified: | Feb 23 19:15:19 2007 |
| MD5 Checksum: | b030fad2ee8b30943ebf8516146868fc |
|
| /// File Name: |
cisco-sa-20070221-phone.txt |
Description:
|
Cisco Security Advisory - Certain Cisco Unified IP Conference Station and IP Phone devices contain vulnerabilities which may allow unauthorized users to gain administrative access to vulnerable devices.
| | Homepage: | http://www.cisco.com/ | | File Size: | 18821 | | Last Modified: | Feb 23 19:14:27 2007 |
| MD5 Checksum: | 50aae22a39a331a4524510ead2dc1b4c |
|
| /// File Name: |
USN-424-1.txt |
Description:
|
Ubuntu Security Notice 424-1 - Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server. The sapi_header_op() function had a buffer underflow that could be exploited to crash the PHP interpreter. The wddx unserialization handler did not correctly check for some buffer boundaries and had an uninitialized variable. By unserializing untrusted data, this could be exploited to expose memory regions that were not meant to be accessible. Depending on the PHP application this could lead to disclosure of potentially sensitive information. On 64 bit systems (the amd64 and sparc platforms), various print functions and the odbc_result_all() were susceptible to a format string vulnerability. A remote attacker could exploit this to execute arbitrary code with the privileges of the web server. Under certain circumstances it was possible to overwrite superglobal variables (like the HTTP GET/POST arrays) with crafted session data. When unserializing untrusted data on 64-bit platforms the zend_hash_init() function could be forced to enter an infinite loop, consuming CPU resources, for a limited length of time, until the script timeout alarm aborts the script.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 40014 | | Related CVE(s): | CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 | | Last Modified: | Feb 23 19:13:23 2007 |
| MD5 Checksum: | c167c44b2f1ce8a0e863337ae113fd61 |
|
| /// File Name: |
MDKSA-2007-046.txt |
Description:
|
Mandriva Security Advisory - Gnucash versions 2.0.4 and earlier allow local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3245 | | Related CVE(s): | CVE-2007-0007 | | Last Modified: | Feb 23 19:10:06 2007 |
| MD5 Checksum: | 8d141b4bf9618a03f0f4c24f90e06cd4 |
|
| /// File Name: |
MDKSA-2007-045.txt |
Description:
|
Mandriva Security Advisory - A format string flaw was discovered in how GnomeMeeting processes certain messages, which could permit a remote attacker that can connect to GnomeMeeting to potentially execute arbitrary code with the privileges of the user running GnomeMeeting.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2447 | | Related CVE(s): | CVE-2007-1007 | | Last Modified: | Feb 23 19:09:11 2007 |
| MD5 Checksum: | 7019454b07654452610ad31eebd0139c |
|
| /// File Name: |
MDKSA-2007-044.txt |
Description:
|
Mandriva Security Advisory - A format string flaw was discovered in how ekiga processes certain messages, which could permit a remote attacker that can connect to ekiga to potentially execute arbitrary code with the privileges of the user running ekiga.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2376 | | Related CVE(s): | CVE-2007-1006 | | Last Modified: | Feb 23 19:08:36 2007 |
| MD5 Checksum: | b04da0ad9b3113a0763d2af567e505e3 |
|
| /// File Name: |
ls-setgid.txt |
Description:
|
It appears that /bin/ls has slipped into the linux-ftpd distribution for Debian as setgid 0. This could possibly be used to leverage root group access.
| | Author: | Paul Szabo | | Homepage: | http://www.maths.usyd.edu.au/u/psz/ | | File Size: | 691 | | Last Modified: | Feb 23 19:00:05 2007 |
| MD5 Checksum: | 1c1ac6b027563fb2b5c07a86e4ae4302 |
|
| /// File Name: |
TSRT-07-02.txt |
Description:
|
These vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the eng50.dll library.
| | Author: | Pedram Amini | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 4074 | | Related CVE(s): | CVE-2007-1070 | | Last Modified: | Feb 23 18:56:09 2007 |
| MD5 Checksum: | dc02c0f8ffc95794928a507aa5b120a0 |
|
| /// File Name: |
TSRT-07-01.txt |
Description:
|
Multiple vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the StCommon.dll library and are reachable remotely through a DCE/RPC endpoint on TCP port 5168 bound to by the service SpntSvc.exe.
| | Author: | Pedram Amini | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 4470 | | Related CVE(s): | CVE-2007-1070 | | Last Modified: | Feb 23 18:54:34 2007 |
| MD5 Checksum: | 408c2a0760febb98645392abc3554f7e |
|
| /// File Name: |
USN-423-1.txt |
Description:
|
Ubuntu Security Notice 423-1 - A flaw was discovered in MoinMoin's debug reporting sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. Only Ubuntu Breezy was vulnerable. An information leak was discovered in MoinMoin's debug reporting, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "show_traceback=0" to their site configurations to disable debug tracebacks.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5311 | | Related CVE(s): | CVE-2007-0901, CVE-2007-0902 | | Last Modified: | Feb 23 18:53:28 2007 |
| MD5 Checksum: | 07b66a34ef51b949f22c2112f560164c |
|
| /// File Name: |
jbossvuln.txt |
Description:
|
JBoss suffers from a flaw that allows for unauthenticated access to the backend application that controls related data.
| | Author: | Ben Dexter | | File Size: | 1076 | | Last Modified: | Feb 23 18:00:39 2007 |
| MD5 Checksum: | fabf0bdec3eec553d4c785dd2b18d3d9 |
|
| /// File Name: |
XD100099.txt |
Description:
|
A vulnerability has been identified in Microsoft Internet Explorer, in Windows XP SP2 which could be exploited by malicious users to obtain a victim's local files.
| | Author: | Rajesh Sethumadhavan | | File Size: | 14429 | | Last Modified: | Feb 23 17:53:14 2007 |
| MD5 Checksum: | eb9bbae2d092c210693c0e46dfdad241 |
|
| /// File Name: |
sa23014.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar.
| | Homepage: | http://secunia.com/advisories/23014/ | | File Size: | 2834 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | 8456339862c7d8ef6b3d1ec86424691b |
|
| /// File Name: |
sa24183.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for clamav. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24183/ | | File Size: | 4593 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | d1483027baa2160f91ed77ca81c736b7 |
|
| /// File Name: |
sa24201.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24201/ | | File Size: | 2135 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | c0896b5d26a80375637eafbc463698ab |
|
| /// File Name: |
sa24207.txt |
Description:
|
Secunia Security Advisory - A vulnerability is reported in TYPO3, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24207/ | | File Size: | 2430 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | 95a9ff1f6ecd2f0d538d546e7832f405 |
|
| /// File Name: |
sa24223.txt |
Description:
|
Secunia Security Advisory - Doz has reported some vulnerabilities in Kayako eSupport, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24223/ | | File Size: | 2741 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | b796a01a53ac87b6d155f4645949a11f |
|
| /// File Name: |
sa24227.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities with unknown impact have been reported in web-app.org WebAPP.
| | Homepage: | http://secunia.com/advisories/24227/ | | File Size: | 2143 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | 2ef459e26ae7b6b5db5f1dd7816ad957 |
|
| /// File Name: |
sa24236.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24236/ | | File Size: | 6516 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | 6a11eb71cfb3c62d2cbce0a1688a92af |
|
| /// File Name: |
sa24245.txt |
Description:
|
Secunia Security Advisory - 3APA3A has discovered a weakness in Microsoft Windows, which can be exploited by malicious, local users to gain knowledge of certain information.
| | Homepage: | http://secunia.com/advisories/24245/ | | File Size: | 3458 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | f4e2244cfe788bf979cf1c351cc0ba94 |
|
| /// File Name: |
sa24246.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24246/ | | File Size: | 2642 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | 4372032d31a9290773b1e36735b5b9da |
|
| /// File Name: |
sa24249.txt |
Description:
|
Secunia Security Advisory - David D. Rude II has reported a vulnerability in VeriSign's ConfigChk ActiveX control, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24249/ | | File Size: | 2707 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | 4edc8f166508d7f10fc52b7f926f88ea |
|
| /// File Name: |
sa24251.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various SupportSoft ActiveX controls, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24251/ | | File Size: | 2965 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | 02b2c623320763252cf3e2ef47e22990 |
|
| /// File Name: |
sa24255.txt |
Description:
|
Secunia Security Advisory - DarkFig has discovered some vulnerabilities in Connectix Boards, which can be exploited by malicious users to conduct SQL injection attacks or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24255/ | | File Size: | 2823 | | Last Modified: | Feb 23 17:44:59 2007 |
| MD5 Checksum: | 435996845d5b2432bb033c67fa6823a0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
