Section: .. / 0704-advisories /
| /// File Name: |
ZDI-07-020.txt |
Description:
|
Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3659 | | Related CVE(s): | CVE-2007-1972 | | Last Modified: | Apr 19 06:55:28 2007 |
| MD5 Checksum: | feea720a2860e085bdb160f01c3816ee |
|
| /// File Name: |
ZDI-07-019.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe process listening by default on TCP port 10128. An attacker can influence a parameter to a memory copy operation and cause corruption of the stack and including SEH pointers. This can be leveraged to execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3599 | | Related CVE(s): | CVE-2007-2136 | | Last Modified: | Apr 19 06:54:40 2007 |
| MD5 Checksum: | 7dcfd0677f70a6f1389e9e58d34ba113 |
|
| /// File Name: |
ZDI-07-018.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Monitoring Express version 6.1. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Tivoli Universal Agent Primary Service (TCP 10110), Monitoring Agent for Windows OS - Primary (TCP 6014) and Tivoli Enterprise Portal Server (TCP 14206) services. When a long string is sent to these services, it will result in a heap overflow during a call to a vulnerable function in kde.dll resulting in the ability to execute arbitrary code.
| | Author: | CIRT.DK | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2304 | | Related CVE(s): | CVE-2007-2137 | | Last Modified: | Apr 19 06:53:59 2007 |
| MD5 Checksum: | 0e5cfa7de74e7b7129b6f1cf094e201e |
|
| /// File Name: |
ZDI-07-017.txt |
Description:
|
A vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.
| | Author: | Joxean Koret | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2662 | | Related CVE(s): | CVE-2007-2135 | | Last Modified: | Apr 19 06:53:05 2007 |
| MD5 Checksum: | be349cccba1bb4fa66f12b2b285cc0b8 |
|
| /// File Name: |
ZDI-07-016.txt |
Description:
|
A vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NODES package. The procedure to delete nodes does not check for a valid session thereby allowing an attacker to arbitrarily delete any node registered, including the root node.
| | Author: | Joxean Koret | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2544 | | Related CVE(s): | CVE-2007-2170 | | Last Modified: | Apr 19 06:52:28 2007 |
| MD5 Checksum: | 197d6c1d20d50bda33ff6a94e5ea6f58 |
|
| /// File Name: |
ZDI-07-015.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists in the GWINTER.exe process bound by default on TCP ports 7205 and 7211. During the handling of an HTTP Basic authentication request, the process copies user-supplied base64 data into a fixed length stack buffer. Sending at least 336 bytes will trigger a stack based buffer overflow due to a vulnerable base64_decode() call. Exploitation of this issue can result in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2766 | | Related CVE(s): | CVE-2007-2171 | | Last Modified: | Apr 19 06:51:15 2007 |
| MD5 Checksum: | 4e3ce67379b834263e2437fa61773ffb |
|
| /// File Name: |
ods-overflow.txt |
Description:
|
Oracle Database Server version 8i, 9i, and 10gR1 suffer from buffer overflow vulnerabilities in DBMS_SNAP_INTERNAL.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2236 | | Last Modified: | Apr 19 06:49:24 2007 |
| MD5 Checksum: | f135f4a0c24a28e808cc3d0d4ad7c9fc |
|
| /// File Name: |
04.17.07-2.txt |
Description:
|
iDefense Security Advisory 04.17.07 - Remote exploitation of a denial of service (DoS) vulnerability in McAfee Inc.'s E-Business Server could allow an attacker to crash the administration server. Prior to authentication, an attacker can crash the server by sending a malformed authentication packet. The server will read in a length from the packet header, and then attempt to read that many bytes from the buffer. By specifying a large length value and sending a small packet, the server can be caused to read off the end of mapped heap memory. This will trigger an exception that is not handled, and the server will exit. iDefense has confirmed the existence of this vulnerability in McAfee E-Business Server version 8.5.1.101 for Windows. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3733 | | Last Modified: | Apr 19 04:18:44 2007 |
| MD5 Checksum: | cba7c6f6d0ff05eb5392429c569cd019 |
|
| /// File Name: |
04.17.07-1.txt |
Description:
|
iDefense Security Advisory 04.17.07 - Remote exploitation of a buffer overflow vulnerability in McAfee's VirusScan Antivirus application allows attackers to disable the On-Access scanner or potentially execute arbitrary code with SYSTEM privileges. The McAfee On-Access scanner component contains a common software flaw that leads to heap corruption when dealing with overly long file names that contain multi-byte characters. This flaw only manifests itself when the target system has East Asia language files installed and the default Unicode codepage is set to a language which contains multi-byte characters such as Chinese. iDefense has confirmed this vulnerability in McAfee VirusScan 8.0 Enterprise. Previous versions are suspected vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3722 | | Last Modified: | Apr 19 04:18:11 2007 |
| MD5 Checksum: | 3d715bcec5a7afe04fbae672439ff82c |
|
| /// File Name: |
n.runs-SA-2007.007.txt |
Description:
|
A remote exploitable format string vulnerability has been identified in the in the Sun Java Web Console. According to the Sun Security Coordination Team, Solaris 10 Operating System, Sun Java Web Console 2.2.2, Sun Java Web Console 2.2.3, Sun Java Web Console 2.2.4 and Sun Java Web Console 2.2.5 are affected.
| | Author: | Frank Dick | | Homepage: | http://www.nruns.com/ | | File Size: | 4191 | | Related CVE(s): | CVE-2007-1681 | | Last Modified: | Apr 19 04:17:19 2007 |
| MD5 Checksum: | f683ae2fcf22380124bf98ce1d61b2a3 |
|
| /// File Name: |
ietool-dos.txt |
Description:
|
The Netsprint Toolbar version 1.1 suffers from a denial of service vulnerability.
| | Author: | sapheal | | File Size: | 1231 | | Last Modified: | Apr 19 02:56:51 2007 |
| MD5 Checksum: | a41fce87276355eef152df7d0b58757d |
|
| /// File Name: |
glsa-200704-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-15 - The driver does not properly process Channel Switch Announcement Information Elements, allowing for an abnormal channel change. The ieee80211_input() function does not properly handle AUTH frames and the driver sends unencrypted packets before WPA authentication succeeds. Versions less than 0.9.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3160 | | Related CVE(s): | CVE-2007-7178, CVE-2007-7179, CVE-2007-7180 | | Last Modified: | Apr 19 02:55:18 2007 |
| MD5 Checksum: | 127ed596013007509cc3053231c1f37e |
|
| /// File Name: |
glsa-200704-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-14 - The Coverity Scan project has discovered a memory leak within the handling of certain malformed Diameter format values inside an EAP-TTLS tunnel. Versions less than 1.1.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2554 | | Related CVE(s): | CVE-2007-2028 | | Last Modified: | Apr 19 02:54:45 2007 |
| MD5 Checksum: | 8596a06cdbf5c0c48a23fb0f0ab0577f |
|
| /// File Name: |
glsa-200704-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-13 - Conor Edberg discovered an error in the way file processes a specific regular expression. Versions 4.20 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2538 | | Related CVE(s): | CVE-2007-2026 | | Last Modified: | Apr 19 02:54:30 2007 |
| MD5 Checksum: | 3692c7508110928086101ca43096b6ed |
|
| /// File Name: |
webmethods-glue.txt |
Description:
|
webMethods Security Advisory - The Glue console versions 4.x, 5.x, and 6.x are susceptible to a directory traversal vulnerability.
| | Author: | Jeremy Epstein | | Homepage: | http://www.webmethods.com/ | | File Size: | 3878 | | Last Modified: | Apr 19 02:49:58 2007 |
| MD5 Checksum: | 844b3c0d6236147f7e3b7477783b3f21 |
|
| /// File Name: |
SYMSA-2007-003.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-003 - Macrovision InstallAnywhere packages include an XML project configuration file named InstallScript.iap_xml. This file controls the behavior of the installation process, including verification of a password and/or serial number (if applicable). Upon starting an installer, a directory is created in temporary disk space. This directory contains multiple files, including a ZIP archive that contains the XML project file. A LaunchAnywhere executable is also created during the installation process and is used to launch the actual Java application installer. It is possible to bypass serial number and password controls by creating a copy of this temporary directory, extracting a copy of the XML project file from the ZIP archive, deleting the relevant serial number or password verification sections from the XML project file, replacing the modifiedXML project file in the ZIP archive, and then manually starting the installation process via the included LaunchAnywhere executable.
| | Author: | Brian Reilly | | Homepage: | http://www.symantec.com/research | | File Size: | 5567 | | Related CVE(s): | CVE-2007-1009 | | Last Modified: | Apr 19 02:43:00 2007 |
| MD5 Checksum: | 35052e0bca8a0f09eec13aa887d65791 |
|
| /// File Name: |
sa24950.txt |
Description:
|
Secunia Security Advisory - HP has acknowledged some vulnerabilities in HP Insight Management Agents, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24950/ | | File Size: | 2216 | | Last Modified: | Apr 19 02:36:06 2007 |
| MD5 Checksum: | c29fe1f806ebac2772e867f222cc1ee1 |
|
| /// File Name: |
sa24943.txt |
Description:
|
Secunia Security Advisory - the_Edit0r has reported some vulnerabilities in Wabbit PHP Gallery Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24943/ | | File Size: | 2264 | | Last Modified: | Apr 19 02:36:06 2007 |
| MD5 Checksum: | dff9bcaca467c48e57cc65a981321a5a |
|
| /// File Name: |
sa24942.txt |
Description:
|
Secunia Security Advisory - the_Edit0r has discovered a vulnerability in my little weblog, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24942/ | | File Size: | 2246 | | Last Modified: | Apr 19 02:36:06 2007 |
| MD5 Checksum: | 155a2715085d2c35279f3fb8e64d92b6 |
|
| /// File Name: |
sa24939.txt |
Description:
|
Secunia Security Advisory - Gammarays has discovered a vulnerability in ShoutPro, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24939/ | | File Size: | 2038 | | Last Modified: | Apr 19 02:36:06 2007 |
| MD5 Checksum: | a044781e09ceb85636cad5e9290a29fd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
