Section: .. / 0703-advisories /
| /// File Name: |
sa24449.txt |
Description:
|
Secunia Security Advisory - GloD_M has reported a vulnerability in netForo, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/24449/ | | File Size: | 2265 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | df5550704d91360f804078762b6e31bc |
|
| /// File Name: |
sa24441.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in CA eTrust Admin, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24441/ | | File Size: | 2371 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | 8fab67e962c16d9a71395d4e0802eacd |
|
| /// File Name: |
sa24440.txt |
Description:
|
Secunia Security Advisory - rgod has reported a vulnerability in PHP4, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24440/ | | File Size: | 2223 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | 02ec2df2e382c21d22a404ca7c0c4830 |
|
| /// File Name: |
sa24439.txt |
Description:
|
Secunia Security Advisory - DNX has discovered a vulnerability in Magic CMS, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24439/ | | File Size: | 2234 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | bc0208b0679f474e86a2ddc408e8f852 |
|
| /// File Name: |
sa24419.txt |
Description:
|
Secunia Security Advisory - Trustix has issued an update for php4. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24419/ | | File Size: | 3138 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | 781eac4b2c4b66255fe8db0eeceacad7 |
|
| /// File Name: |
sa24407.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for gnupg and gpgme. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions when applications use GnuPG in an insecure manner.
| | Homepage: | http://secunia.com/advisories/24407/ | | File Size: | 3367 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | f23f388aec7a74d847bf02daef920975 |
|
| /// File Name: |
sa24360.txt |
Description:
|
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in D-Link TFTP Server, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24360/ | | File Size: | 2172 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | 4fde5aaf1b81ffe432bc839c1d96879a |
|
| /// File Name: |
sa24340.txt |
Description:
|
Secunia Security Advisory - Hasadya Raed has discovered a vulnerability in URLshrink Free, which can be exploited by malicious people to compromise vulnerable systems.
| | Homepage: | http://secunia.com/advisories/24340/ | | File Size: | 2222 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | 5c46fd7c2843fceec2a3a10aae9b2ffb |
|
| /// File Name: |
CAID-35145.txt |
Description:
|
The CA eTrust Admin GINA component contains a privilege escalation vulnerability within the reset password interface. This vulnerability is exploitable only through physical interactive access or through Remote Desktop. Affected products include eTrust Admin 8.1 SP2 (8.1.2), eTrust Admin 8.1 SP1 (8.1.1), and eTrust Admin 8.1 (8.1.0).
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3216 | | Related OSVDB(s): | 32722 | | Related CVE(s): | CVE-2007-1345 | | Last Modified: | Mar 9 04:26:54 2007 |
| MD5 Checksum: | c6562cb4f6cf0c40deb50930f24bdb74 |
|
| /// File Name: |
msfilemanagement.txt |
Description:
|
Article discussing file management security issues in Microsoft Windows Vista/2003/XP/2000.
| | Author: | 3APA3A | | Homepage: | http://securityvulns.com/ | | File Size: | 9725 | | Last Modified: | Mar 9 04:23:22 2007 |
| MD5 Checksum: | 60fcecd6b876c994b1fd5658afc80a4f |
|
| /// File Name: |
MDKSA-2007-057.txt |
Description:
|
Mandriva Linux Security Advisory - The DMO_VideoDecoder_Open function in dmo/DMO_VideoDecoder.c in xine-lib does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6201 | | Related CVE(s): | CVE-2007-1246 | | Last Modified: | Mar 9 04:18:35 2007 |
| MD5 Checksum: | 562e47f8063bed302281781b8b55331b |
|
| /// File Name: |
MDKSA-2007-056.txt |
Description:
|
Mandriva Linux Security Advisory - Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3709 | | Related CVE(s): | CVE-2007-1218 | | Last Modified: | Mar 9 04:17:57 2007 |
| MD5 Checksum: | 23e9227a2dcc706ff24062c147a89876 |
|
| /// File Name: |
MDKSA-2007-055.txt |
Description:
|
Mandriva Linux Security Advisory - The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4249 | | Related CVE(s): | CVE-2007-1246 | | Last Modified: | Mar 9 04:16:56 2007 |
| MD5 Checksum: | 06eeabeee1d7b3c4dcad4dc31f13e7c8 |
|
| /// File Name: |
MDKSA-2007-054.txt |
Description:
|
Mandriva Linux Security Advisory - ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4251 | | Related CVE(s): | CVE-2007-1308 | | Last Modified: | Mar 9 04:16:16 2007 |
| MD5 Checksum: | a77962f885d2c63b82cb3cbfea4a21b7 |
|
| /// File Name: |
USN-432-1.txt |
Description:
|
Ubuntu Security Notice 432-1 - Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7467 | | Related CVE(s): | CVE-2007-1263 | | Last Modified: | Mar 9 04:13:23 2007 |
| MD5 Checksum: | d76fe00ba7ed0901c41309e218dcf780 |
|
| /// File Name: |
dynaliens-xss.txt |
Description:
|
dynaliens versions 2.0 and 2.1 suffer from admin bypass and cross site scripting vulnerabilities.
| | Author: | sn0oPy | | File Size: | 1990 | | Last Modified: | Mar 9 03:58:22 2007 |
| MD5 Checksum: | dc59cafd849865443635ea2b98d3af1b |
|
| /// File Name: |
MU-200703-01.txt |
Description:
|
Asterisk crashes when handed an otherwise valid request message but with no URI and no SIP-version in the request-line of the message. Asterisk versions 1.2.15 and 1.4.0, along with prior versions, are affected.
| | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 2191 | | Last Modified: | Mar 9 03:55:31 2007 |
| MD5 Checksum: | 6121b1df2013a98c7d28e32af079e4af |
|
| /// File Name: |
conquest-overflow.txt |
Description:
|
Conquest versions 8.2a (svn 691) and below suffer from buffer overflow and memory corruption vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 5032 | | Last Modified: | Mar 9 03:54:06 2007 |
| MD5 Checksum: | 3da5d084d52b1e3a07f772753d604e34 |
|
| /// File Name: |
ZDI-07-010.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on Apple QuickTime Player version 7.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of forged size fields in user-defined data atoms (UDTA). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. Successful exploitation results in code execution under the context of the running user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2640 | | Related CVE(s): | CVE-2007-0714 | | Last Modified: | Mar 9 03:32:27 2007 |
| MD5 Checksum: | fa5eb46c403649874472d707ec4b66a1 |
|
| /// File Name: |
ZDI-07-009.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on Novell NetMail version 3.5.2. Authentication is not required to exploit this vulnerability. The specific flaw exists in the webadmin.exe process bound by default on TCP port 89. During HTTP Basic authentication, a long username of at least 213 bytes will trigger a stack based buffer overflow due to a vulnerable sprintf() call. Exploitation of this issue can result in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2548 | | Related CVE(s): | CVE-2007-1350 | | Last Modified: | Mar 9 03:30:20 2007 |
| MD5 Checksum: | 37113389bf6ad945a40bce9599763946 |
|
| /// File Name: |
03.07.07.txt |
Description:
|
iDefense Security Advisory 03.07.07 - Remote exploitation of several ActiveX control buffer overflow vulnerabilities in Ipswitch Inc.'s IMail Server 2006 could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. Multiple stack and heap based buffer overflows caused be unsafe strcpy and wsprintf calls could corrupt memory in a way that leads to code execution. iDefense has confirmed this vulnerability in IMail Server 2006.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3646 | | Last Modified: | Mar 9 03:24:20 2007 |
| MD5 Checksum: | 2adcb0140082805996e36e8038b8e9fd |
|
| /// File Name: |
MDKSA-2007-053.txt |
Description:
|
Mandriva Linux Security Advisory - Umount allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4349 | | Related CVE(s): | CVE-2007-0822 | | Last Modified: | Mar 9 03:22:11 2007 |
| MD5 Checksum: | 317e67816e96f61c41a485f70e42cf34 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
