Section: .. / 0803-advisories /
| /// File Name: |
03.11.08-2.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel 2003 could allow attackers to execute arbitrary code in the context of the currently logged on user. This vulnerability specifically exists due to the improper handling of malformed formulas. By creating a document containing a specially crafted formula, an attacker is able to cause memory corruption that leads to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Excel 2003 SP2. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3240 | | Related CVE(s): | CVE-2008-0115 | | Last Modified: | Mar 13 01:27:41 2008 |
| MD5 Checksum: | 21b457751f6f41a127dcdbc087383750 |
|
| /// File Name: |
dsa-1529-1.txt |
Description:
|
Debian Security Advisory 1529-1 - Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service. This Debian security advisory is a bit unusual. While it's normally their strict policy to backport security bugfixes to older releases, this turned out to be infeasible for Firebird 1.5 due to large infrastructural changes necessary to fix these issues.
| | Homepage: | http://www.debian.org/security | | File Size: | 3228 | | Related CVE(s): | CVE-2008-0387, CVE-2008-0467, CVE-2006-7211, CVE-2007-4664, CVE-2007-4665, CVE-2007-4666, CVE-2007-4667, CVE-2007-4668, CVE-2007-4669, CVE-2007-3527, CVE-2007-3181, CVE-2007-2606, CVE-2006-7212, CVE-2006-7213, CVE-2006-7214 | | Last Modified: | Mar 27 14:42:24 2008 |
| MD5 Checksum: | bda9e699a247ea6096d7dfe6c766f038 |
|
| /// File Name: |
sa29252.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Access Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29252/ | | File Size: | 3218 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | bc92c03ca49f584020cdb3e37f06aba3 |
|
| /// File Name: |
ZDI-08-013.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. This results in a situation allowing the execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3185 | | Related CVE(s): | CVE-2008-0924 | | Last Modified: | Mar 26 18:20:54 2008 |
| MD5 Checksum: | e35e7ad52a9e2a0a6d71048d250a4a7b |
|
| /// File Name: |
sa29262.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for moin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass security restrictions, manipulate certain data, or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29262/ | | File Size: | 3125 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | af832d22587acbe38b0588674b77971d |
|
| /// File Name: |
TA08-079B.txt |
Description:
|
Technical Cyber Security Alert TA08-079B - The MIT Kerberos implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, compromise the key database or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3103 | | Last Modified: | Mar 19 18:59:32 2008 |
| MD5 Checksum: | 0bdbfca5096257849c0e7fcc3b6f5e97 |
|
| /// File Name: |
sa29286.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Horde products, which can be exploited by malicious users to disclose sensitive information and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29286/ | | File Size: | 3101 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 458f04dee6d8730bdf2623875721ee91 |
|
| /// File Name: |
glsa-200803-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-23 - Temporary files are handled insecurely in the files wml_backend/p1_ipp/ipp.src, wml_contrib/wmg.cgi, and wml_backend/p3_eperl/eperl_sys.c, allowing users to overwrite or delete arbitrary files with the privileges of the user running the program. Versions less than 2.0.11-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3090 | | Related CVE(s): | CVE-2008-0665, CVE-2008-0666 | | Last Modified: | Mar 17 14:29:51 2008 |
| MD5 Checksum: | 44fed14f5744d1d1bba3fe39892b8e4e |
|
| /// File Name: |
sa29421.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has discovered some vulnerabilities in MG-SOFT Net Inspector, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29421/ | | File Size: | 3090 | | Last Modified: | Mar 17 19:54:28 2008 |
| MD5 Checksum: | 05de1e7c8a15d5844c09a3f449c29612 |
|
| /// File Name: |
sa29399.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in Gallarific, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29399/ | | File Size: | 3087 | | Last Modified: | Mar 20 16:39:31 2008 |
| MD5 Checksum: | c779bae19525824bb742b395a68ec3d7 |
|
| /// File Name: |
03.11.08-1.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Excel spreadsheet application allows attackers to execute arbitrary code in the context of the user who started Excel. The vulnerability exists in the handling of DVAL records in BIFF8 format spreadsheet files. When certain fields are set to invalid values, heap corruption occurs. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 and Excel 2007. Previous versions may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3086 | | Related CVE(s): | CVE-2008-0111 | | Last Modified: | Mar 13 01:26:35 2008 |
| MD5 Checksum: | 1c71a5cca97e7d7714ca5a12198093ca |
|
| /// File Name: |
sa29439.txt |
Description:
|
Secunia Security Advisory - Shachar Bar (Berezniski) has reported a vulnerability in Imperva SecureSphere, which can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/29439/ | | File Size: | 3079 | | Last Modified: | Mar 22 14:31:57 2008 |
| MD5 Checksum: | 6d22be65b9bf89aa2f93d8b083be3a85 |
|
| /// File Name: |
glsa-200803-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-22 - Luigi Auriemma reported a signedness error in the parseRTSPRequestString() function when processing short RTSP queries. Versions less than 2008.02.08 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3076 | | Related CVE(s): | CVE-2007-6036 | | Last Modified: | Mar 13 19:17:24 2008 |
| MD5 Checksum: | 3f3b2a67d06191bdcd33f49cfaedb27a |
|
| /// File Name: |
sa29463.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in SILC Client, Server, and Toolkit, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29463/ | | File Size: | 3067 | | Last Modified: | Mar 27 02:24:42 2008 |
| MD5 Checksum: | e16d525aac0cadaeabf8827f30180eb2 |
|
| /// File Name: |
glsa-200803-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-06 - Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the range parameter before processing it. Versions less than 1.5.8-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3063 | | Related CVE(s): | CVE-2008-0932 | | Last Modified: | Mar 3 16:13:56 2008 |
| MD5 Checksum: | 6af4daeebe05c22de986923daf879240 |
|
| /// File Name: |
sa29566.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in the HP TCP/IP services for OpenVMS, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29566/ | | File Size: | 3054 | | Last Modified: | Mar 29 15:46:13 2008 |
| MD5 Checksum: | 4063252afbf711414252495bc44cae13 |
|
| /// File Name: |
glsa-200803-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-04 - seiji reported that the filename for the uploaded file in bug_report.php is not properly sanitized before being stored. Versions less than 1.0.8-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3048 | | Related CVE(s): | CVE-2007-6611 | | Last Modified: | Mar 3 16:13:22 2008 |
| MD5 Checksum: | aaf87384be6c3e2fa49a02dba098df76 |
|
| /// File Name: |
glsa-200803-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-02 - Firebird does not properly handle certain types of XDR requests, resulting in an integer overflow (CVE-2008-0387). Furthermore, it is vulnerable to a buffer overflow when processing usernames (CVE-2008-0467). Versions less than 2.0.3.12981.0-r5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3042 | | Related CVE(s): | CVE-2008-0387, CVE-2008-0467 | | Last Modified: | Mar 3 16:12:42 2008 |
| MD5 Checksum: | e091b565563607edd66074a21f9593b1 |
|
| /// File Name: |
sa29553.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for policyd-weight. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/29553/ | | File Size: | 3032 | | Last Modified: | Mar 28 17:29:21 2008 |
| MD5 Checksum: | 8a3a97421cb892c5166ef407df788ff4 |
|
| /// File Name: |
VMSA-2008-0006.txt |
Description:
|
VMware Security Advisory - VMware has released an updated libxml2 package that addresses a security issue.
| | Homepage: | http://www.vmware.com/ | | File Size: | 3028 | | Related CVE(s): | CVE-2007-6284 | | Last Modified: | Mar 29 15:50:19 2008 |
| MD5 Checksum: | 2a723fe9cc3a345fee9423b599fb6de1 |
|
| /// File Name: |
sa29502.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for serendipity. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and script-insertion attacks or to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29502/ | | File Size: | 3023 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 843f5201e1243c69c94de0a9bab68203 |
|
| /// File Name: |
sa29323.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29323/ | | File Size: | 3020 | | Last Modified: | Mar 17 19:54:28 2008 |
| MD5 Checksum: | af57e27db4a7fe3d5ac01c48f3ddfc66 |
|
| /// File Name: |
sa29285.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for vdccm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29285/ | | File Size: | 3019 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 849d9d859a4cd2c70e6351e7e363677a |
|
| /// File Name: |
03.11.08-3.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of an input validation error in the handling of "mailto" URIs by Microsoft Corp.'s Outlook may allow arbitrary code execution. It is possible to construct a "mailto" URI which causes the web browser to pass extra command line switches to Outlook. These switches can modify Outlook's account configuration. iDefense has confirmed the existence of this vulnerability in Microsoft Outlook 2007 on Windows XP SP2. Previous versions may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3012 | | Related CVE(s): | CVE-2008-0110 | | Last Modified: | Mar 13 01:28:43 2008 |
| MD5 Checksum: | 3a1dfceb0f15cb2f4c8b70699b4e23c8 |
|
| /// File Name: |
glsa-200803-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-07 - Dwayne C. Litzenberger reported that the file common.py does not properly use RandomPool when using threads or forked processes. Versions less than 1.7.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2994 | | Related CVE(s): | CVE-2008-0299 | | Last Modified: | Mar 3 16:20:38 2008 |
| MD5 Checksum: | 4a5a6c224a680c4d83aed4a5b825bcde |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
