Section: .. / 0704-advisories /
| /// File Name: |
USN-455-1.txt |
Description:
|
Ubuntu Security Notice 455-1 - A slew of vulnerabilities for PHP5 have been patched.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 42526 | | Related CVE(s): | CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1824, CVE-2007-1887, CVE-2007-1888, CVE-2007-1900 | | Last Modified: | May 3 02:40:45 2007 |
| MD5 Checksum: | c6010940f066f19053aea86e55037dad |
|
| /// File Name: |
webmethods-glue.txt |
Description:
|
webMethods Security Advisory - The Glue console versions 4.x, 5.x, and 6.x are susceptible to a directory traversal vulnerability.
| | Author: | Jeremy Epstein | | Homepage: | http://www.webmethods.com/ | | File Size: | 3878 | | Last Modified: | Apr 19 02:49:58 2007 |
| MD5 Checksum: | 844b3c0d6236147f7e3b7477783b3f21 |
|
| /// File Name: |
wsftp-dos.txt |
Description:
|
WS_FTP Home 2007 NetscapeFTPHandler is prone to a denial of service vulnerability. The vulnerability stems from a null pointer dereference.
| | Author: | sapheal | | File Size: | 884 | | Last Modified: | Apr 24 09:09:38 2007 |
| MD5 Checksum: | 3d99a5d058817263dd99e17d3be02b69 |
|
| /// File Name: |
ZDI-07-012.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Yahoo Messenger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2672 | | Related CVE(s): | CVE-2007-1680 | | Last Modified: | Apr 5 02:43:44 2007 |
| MD5 Checksum: | 087c20fe0dcdd0e4ca3ac5128cdbc03c |
|
| /// File Name: |
ZDI-07-013.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Kaspersky Anti-Virus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists in the engine's handling of the ARJ archive format. The Kaspersky engine copies data from scanned archives into an unchecked heap-based buffer. This results in heap corruption when a malformed ARJ archive is processed by an application that utilizes the engine. This corruption can be exploited to execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2741 | | Related CVE(s): | CVE-2007-0445 | | Last Modified: | Apr 8 01:34:15 2007 |
| MD5 Checksum: | fdc2beeaf16d503b4abd7949e28a77fc |
|
| /// File Name: |
ZDI-07-014.txt |
Description:
|
A vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3285 | | Related CVE(s): | CVE-2007-1112 | | Last Modified: | Apr 8 01:34:49 2007 |
| MD5 Checksum: | 5fb57dc785145ad453c8aab5f3152ad1 |
|
| /// File Name: |
ZDI-07-015.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2766 | | Related CVE(s): | CVE-2007-2171 | | Last Modified: | Apr 19 06:51:15 2007 |
| MD5 Checksum: | 4e3ce67379b834263e2437fa61773ffb |
|
| /// File Name: |
ZDI-07-016.txt |
Description:
|
A vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NODES package. The procedure to delete nodes does not check for a valid session thereby allowing an attacker to arbitrarily delete any node registered, including the root node.
| | Author: | Joxean Koret | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2544 | | Related CVE(s): | CVE-2007-2170 | | Last Modified: | Apr 19 06:52:28 2007 |
| MD5 Checksum: | 197d6c1d20d50bda33ff6a94e5ea6f58 |
|
| /// File Name: |
ZDI-07-017.txt |
Description:
|
A vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.
| | Author: | Joxean Koret | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2662 | | Related CVE(s): | CVE-2007-2135 | | Last Modified: | Apr 19 06:53:05 2007 |
| MD5 Checksum: | be349cccba1bb4fa66f12b2b285cc0b8 |
|
| /// File Name: |
ZDI-07-018.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express version 6.1. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Tivoli Universal Agent Primary Service (TCP 10110), Monitoring Agent for Windows OS - Primary (TCP 6014) and Tivoli Enterprise Portal Server (TCP 14206) services. When a long string is sent to these services, it will result in a heap overflow during a call to a vulnerable function in kde.dll resulting in the ability to execute arbitrary code.
| | Author: | CIRT.DK | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2304 | | Related CVE(s): | CVE-2007-2137 | | Last Modified: | Apr 19 06:53:59 2007 |
| MD5 Checksum: | 0e5cfa7de74e7b7129b6f1cf094e201e |
|
| /// File Name: |
ZDI-07-019.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe process listening by default on TCP port 10128. An attacker can influence a parameter to a memory copy operation and cause corruption of the stack and including SEH pointers. This can be leveraged to execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3599 | | Related CVE(s): | CVE-2007-2136 | | Last Modified: | Apr 19 06:54:40 2007 |
| MD5 Checksum: | 7dcfd0677f70a6f1389e9e58d34ba113 |
|
| /// File Name: |
ZDI-07-020.txt |
Description:
|
Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3659 | | Related CVE(s): | CVE-2007-1972 | | Last Modified: | Apr 19 06:55:28 2007 |
| MD5 Checksum: | feea720a2860e085bdb160f01c3816ee |
|
| /// File Name: |
ZDI-07-021.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of GraceNote's CDDBControl ActiveX Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2715 | | Related CVE(s): | CVE-2007-0443 | | Last Modified: | Apr 23 05:42:34 2007 |
| MD5 Checksum: | bdd2b2d2f6f7aed716c8b315cf37b6a6 |
|
| /// File Name: |
ZDI-07-022.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2934 | | Related CVE(s): | CVE-2007-2139 | | Last Modified: | Apr 25 07:27:39 2007 |
| MD5 Checksum: | 2e27e27253c5a55507c1f03fbdf93dad |
|
| /// File Name: |
zonealarm6.txt |
Description:
|
ZoneAlarm 6 hooks many functions in SSDT and in at least two cases it fails to validate arguments that come from the user mode. User calls to NtCreateKey and NtDeleteFile with invalid argument values can cause system crashes because of errors in ZoneAlarm driver vsdatant.sys.
| | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00001P000ZA.zip | | File Size: | 1107 | | Last Modified: | Apr 17 07:00:59 2007 |
| MD5 Checksum: | c26adcb004c7061777cbd8a4b8632ac4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
