Section: .. / 0804-advisories /
| /// File Name: |
04.03.08-2.txt |
Description:
|
iDefense Security Advisory 04.03.08 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s Alert Notification Service may allow an authenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense confirmed the existence of these vulnerabilities with Computer Associates' Threat Manager for the Enterprise version 8.1. Other products that contain the Alert Notification Service are suspected to be vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3319 | | Related CVE(s): | CVE-2007-4620 | | Last Modified: | Apr 4 19:55:55 2008 |
| MD5 Checksum: | cc1671ff27d2d45ed90d7e7995b9b75a |
|
| /// File Name: |
04.03.08-1.txt |
Description:
|
iDefense Security Advisory 04.03.08 - Local exploitation of a directory traversal vulnerability within the pkgadd program distributed with SCO Group Inc's UnixWare operating system allows attackers to gain root privileges. iDefense confirmed the existence of this vulnerability within version 7.1.4 of UnixWare with all patches available as of August 27th, 2007 installed. Previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3099 | | Related CVE(s): | CVE-2008-0310 | | Last Modified: | Apr 4 19:54:59 2008 |
| MD5 Checksum: | 54a6b6775305fc5d7841e82a9879ee16 |
|
| /// File Name: |
ZDI-08-019.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the QuickTime VR 'obji' atom. When the size of the atom is set to 0, a stack overflow condition occurs resulting in the execution of arbitrary code. Version 7.4.1 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3094 | | Related CVE(s): | CVE-2008-1022 | | Last Modified: | Apr 4 19:53:54 2008 |
| MD5 Checksum: | 415cd4d63c1fe26974238ae00be12600 |
|
| /// File Name: |
ZDI-08-018.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Animation codec. A lack of proper length checks can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3171 | | Related CVE(s): | CVE-2008-1021 | | Last Modified: | Apr 4 19:51:11 2008 |
| MD5 Checksum: | fe8354f74872ddc5dccc2455a6d692b7 |
|
| /// File Name: |
ZDI-08-017.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library responsible for parsing Kodak encoded images. A lack of proper error checking can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2935 | | Related CVE(s): | CVE-2008-1020 | | Last Modified: | Apr 4 19:49:41 2008 |
| MD5 Checksum: | 71f08357b01b38db42fb821eaa3dce66 |
|
| /// File Name: |
ZDI-08-016.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the parsing of the QuickTime Channel Compositor atom. When the movie file contains a malformed 'chan' atom, a heap corruption occurs resulting in the execution of arbitrary code. Version 7.4.1 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3095 | | Related CVE(s): | CVE-2008-1018 | | Last Modified: | Apr 4 19:48:34 2008 |
| MD5 Checksum: | ce95497bee97f6b5779de8557aa8055e |
|
| /// File Name: |
ZDI-08-015.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library. The vulnerability resides in the component's parsing of 'crgn' atoms. A lack of proper sanity checks on the region size field can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
| | Author: | Sanbin Li | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3223 | | Related CVE(s): | CVE-2008-1017 | | Last Modified: | Apr 4 19:47:18 2008 |
| MD5 Checksum: | 9c6642a80f757742c14a9e01a910ccbf |
|
| /// File Name: |
ZDI-08-014.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the quickTime.qts while parsing corrupted .pict files. The module contains a vulnerable memory copy loop which searches for a terminator value. When this value is changed or omitted, a heap corruption occurs allowing the execution of arbitrary code. Version 7.4.1 is affected.
| | Author: | bugfree | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2901 | | Related CVE(s): | CVE-2008-1019 | | Last Modified: | Apr 4 19:46:25 2008 |
| MD5 Checksum: | a58d7e9471769f1cf1501b1e61d2c73c |
|
| /// File Name: |
sa29498.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29498/ | | File Size: | 2377 | | Last Modified: | Apr 4 18:56:42 2008 |
| MD5 Checksum: | 05d050f13738fef13b00d630f7b7841a |
|
| /// File Name: |
sa29604.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to compromse a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29604/ | | File Size: | 6227 | | Last Modified: | Apr 4 18:56:42 2008 |
| MD5 Checksum: | 37502967b0486304b7fb04ee6fff41e7 |
|
| /// File Name: |
sa29657.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in SCO UnixWare, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/29657/ | | File Size: | 2833 | | Last Modified: | Apr 4 18:56:42 2008 |
| MD5 Checksum: | 707110437162ca8b4ab6a704a62db2cc |
|
| /// File Name: |
sa29669.txt |
Description:
|
Secunia Security Advisory - Diego Juarez has reported a vulnerability in Orbit Downloader, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29669/ | | File Size: | 2366 | | Last Modified: | Apr 4 18:56:42 2008 |
| MD5 Checksum: | 8a0cb27aba6df6bf3e1464ed4888e5fa |
|
| /// File Name: |
sa29670.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29670/ | | File Size: | 2893 | | Last Modified: | Apr 4 18:56:42 2008 |
| MD5 Checksum: | 0d850cc8def2a46d6afde8d374e04eda |
|
| /// File Name: |
sa29674.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Webwasher, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29674/ | | File Size: | 2599 | | Last Modified: | Apr 4 18:56:42 2008 |
| MD5 Checksum: | dd83b9661681c396e190a3440154c6e0 |
|
| /// File Name: |
04.02.08-3.txt |
Description:
|
iDefense Security Advisory 04.02.08 - Remote exploitation of a design error in an ActiveX control installed with Symantec Norton Internet Security 2008 could allow for the execution of arbitrary code. iDefense confirmed that this vulnerability exists in version 2.7.0.1 of the control that is installed with the 2008 version of Norton Internet Security. Other versions may also be available.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3655 | | Related CVE(s): | CVE-2008-0313 | | Last Modified: | Apr 4 18:56:33 2008 |
| MD5 Checksum: | c63a4b10122d61c0886a3797d862f1e5 |
|
| /// File Name: |
04.02.08-2.txt |
Description:
|
iDefense Security Advisory 04.02.08 - Remote exploitation of a buffer overflow vulnerability in an ActiveX control installed by Symantec Norton Internet Security 2008 could allow for the execution of arbitrary code. iDefense confirmed that this vulnerability exists in version 2.7.0.1 of the control that is installed with the 2008 version of Norton Internet Security. Other versions may also be available.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3584 | | Related CVE(s): | CVE-2008-0312 | | Last Modified: | Apr 4 18:55:41 2008 |
| MD5 Checksum: | a0998a74f1cfaf08d9aee600fca2915b |
|
| /// File Name: |
04.02.08-1.txt |
Description:
|
iDefense Security Advisory 04.02.08 - Remote exploitation of a buffer overflow vulnerability in Borland Software Corp.'s CaliberRM enterprise software requirements management system could allow attackers to execute arbitrary code with SYSTEM level privileges. iDefense confirmed that the trial version of Borland CaliberRM 2006 (file version 9.0.809.000) is vulnerable. The actual vulnerable component is StarTeam Multicast Service 6.4. Other Borland products containing StarTeam Multicast Service component, such as Borland StarTeam, may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4927 | | Related CVE(s): | CVE-2008-0311 | | Last Modified: | Apr 4 18:53:10 2008 |
| MD5 Checksum: | 4e3ea5589c83878f0b1b738b83c55cd6 |
|
| /// File Name: |
CORE-2008-0314.txt |
Description:
|
Core Security Technologies Advisory - Orbit Downloader is vulnerable to a buffer overflow attack which can be exploited to execute arbitrary code. Versions 2.6.3 and 2.6.4 are verified vulnerable.
| | Author: | Diego Juarez | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7486 | | Related CVE(s): | CVE-2008-1602 | | Last Modified: | Apr 4 18:03:17 2008 |
| MD5 Checksum: | 3cb9c129e128a6f459b5ce8739aaf7a1 |
|
| /// File Name: |
TA08-094A.txt |
Description:
|
Technical Cyber Security Alert TA08-094A - Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3628 | | Last Modified: | Apr 4 17:57:46 2008 |
| MD5 Checksum: | 60f2970d4d83177489a7d4ebb3c8d958 |
|
| /// File Name: |
cisco-sa-20080403-drf.txt |
Description:
|
Cisco Security Advisory - Several products in the Cisco Unified Communications family of products contain a command execution vulnerability in the Disaster Recovery Framework (DRF) feature. A remote, unauthenticated user could exploit this vulnerability to execute arbitrary commands that may allow full administrative access to affected systems. There is a workaround for this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12435 | | Related CVE(s): | CVE-2008-1154 | | Last Modified: | Apr 4 17:56:55 2008 |
| MD5 Checksum: | 9d04ddfdd8879fbb50747c67c1fb4a86 |
|
| /// File Name: |
webwasher-dos.txt |
Description:
|
It appears that Secure Computing Webwasher versions 6.6.3 and below suffer form a denial of service vulnerability.
| | Author: | National Australia Bank Security Assurance | | File Size: | 2198 | | Last Modified: | Apr 4 17:52:34 2008 |
| MD5 Checksum: | 76689687b007ad966776a162e45fd28c |
|
| /// File Name: |
virtuozzo-xsrf.txt |
Description:
|
Virtuozzo from Parallels suffers from cross site request forgery vulnerabilities.
| | Author: | poplix | | Homepage: | http://px.dynalias.org/ | | File Size: | 1756 | | Last Modified: | Apr 4 17:43:35 2008 |
| MD5 Checksum: | fecc08d75ae7ba875e668dc7dabf3479 |
|
| /// File Name: |
dsa-1537-1.txt |
Description:
|
Debian Security Advisory 1537-1 - Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files.
| | Homepage: | http://www.debian.org/security | | File Size: | 7172 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Apr 4 17:36:47 2008 |
| MD5 Checksum: | d48aae6288a7f069b72300c4ff33fcda |
|
| /// File Name: |
ksesfilter.txt |
Description:
|
kses-based HTML filters for projects like WordPress, Moodle, Drupal, eGroupWare, Dokeos, PHP-Nuke, Geeklog, etc, have been found vulnerable to cross site scripting and code execution vulnerabilities.
| | Author: | Lukas Pilorz | | Homepage: | http://allegro.pl/ | | File Size: | 4498 | | Last Modified: | Apr 4 17:36:05 2008 |
| MD5 Checksum: | 84dffd73915467fb43f6eb8e2af5244f |
|
| /// File Name: |
sa29543.txt |
Description:
|
Secunia Security Advisory - Duong Thanh has reported a vulnerability in Blackboard Academic Suite, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29543/ | | File Size: | 3038 | | Last Modified: | Apr 4 16:56:23 2008 |
| MD5 Checksum: | 1431986b28ea0b5205d65bd8051bee39 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
