Section: .. / 0707-advisories /
| /// File Name: |
USN-483-1.txt |
Description:
|
Ubuntu Security Notice 483-1 - Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. Steffen Ullrich discovered that the Net::DNS Perl module did not correctly detect recursive compressed responses. A remote attacker could send a specially crafted packet, causing applications using Net::DNS to crash or monopolize CPU resources, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4124 | | Related CVE(s): | CVE-2007-3377, CVE-2007-3409 | | Last Modified: | Jul 14 01:19:24 2007 |
| MD5 Checksum: | 1ee28020e77f1222473434a7acd3442a |
|
| /// File Name: |
MSA01110707.txt |
Description:
|
By using a specially crafted "flv" video it is possible to trigger an integer overflow inside Adobe Flash interpreter which could lead to client/browser-plugin crash, arbitrary code execution or system denial of service.
| | Author: | Stefano di Paola | | Homepage: | http://www.mindedsecurity.com/ | | File Size: | 8196 | | Last Modified: | Jul 14 01:18:01 2007 |
| MD5 Checksum: | b746354064d05658a8ac2541f856ee2f |
|
| /// File Name: |
TISA2007-03-Public.pdf |
Description:
|
TeamIntell has discovered a local buffer overflow vulnerability in Poslovni Informator Republike Slovenije 2007 aka PIRS2007, a data collection of companies and active business subjects in Slovenia.
| | Author: | Edi Strosar | | Homepage: | http://www.teamintell.com/ | | File Size: | 26353 | | Last Modified: | Jul 14 00:51:10 2007 |
| MD5 Checksum: | 919831362bf3d6210792106c6233a5a2 |
|
| /// File Name: |
sa26048.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for php4 and php5. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges, and by malicious people to to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26048/ | | File Size: | 70651 | | Last Modified: | Jul 14 00:30:10 2007 |
| MD5 Checksum: | c627f109497c8821ea6e54df8ef74e0a |
|
| /// File Name: |
AL-2007-0071.txt |
Description:
|
AUSCERT ALERT - A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. The first vulnerability affects JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier. The second vulnerability affects JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier.
| | Homepage: | http://www.auscert.org/ | | File Size: | 10693 | | Related CVE(s): | CVE-2007-2788, CVE-2007-2789 | | Last Modified: | Jul 14 00:29:19 2007 |
| MD5 Checksum: | a41671b4f430da1c16c147c82f9ed593 |
|
| /// File Name: |
sa26067.txt |
Description:
|
Secunia Security Advisory - RSA has acknowledged a vulnerability in some products, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26067/ | | File Size: | 2894 | | Last Modified: | Jul 14 00:25:38 2007 |
| MD5 Checksum: | 4ea57dc5c28c2509395bb95efbc193a3 |
|
| /// File Name: |
sa26062.txt |
Description:
|
Secunia Security Advisory - FreeBSD has issued an update for libarchive. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26062/ | | File Size: | 2464 | | Last Modified: | Jul 14 00:25:38 2007 |
| MD5 Checksum: | 70419ede6ffd5fd306296e4e57f840e1 |
|
| /// File Name: |
sa26058.txt |
Description:
|
Secunia Security Advisory - Aaron Portnoy has reported a vulnerability in Progress, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26058/ | | File Size: | 2524 | | Last Modified: | Jul 14 00:25:38 2007 |
| MD5 Checksum: | a079f9adf311e6e77bb75ebf646d1bc7 |
|
| /// File Name: |
sa26050.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in libarchive, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26050/ | | File Size: | 2679 | | Last Modified: | Jul 14 00:25:38 2007 |
| MD5 Checksum: | 1572b6997243e2bde17b5ad259a14090 |
|
| /// File Name: |
sa26021.txt |
Description:
|
Secunia Security Advisory - Raphaël Marichez has reported a vulnerability in policyd, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26021/ | | File Size: | 2279 | | Last Modified: | Jul 14 00:25:38 2007 |
| MD5 Checksum: | 8544c0f247174e8b37ae9b684bb779c5 |
|
| /// File Name: |
sa26014.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for perl-Net-DNS. This fixes some vulnerabilities, which can be exploited to poison the DNS cache or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26014/ | | File Size: | 2441 | | Last Modified: | Jul 14 00:25:38 2007 |
| MD5 Checksum: | 8e09d95da712e2c2a5135aa0373426c7 |
|
| /// File Name: |
rt-sa-2007-006.txt |
Description:
|
ActiveWeb Contentserver CMS versions 5.6.2929 and below suffer from a design flaw where it performs client side content filtering to restrict javascript insertion.
| | Homepage: | http://www.redteam-pentesting.de/ | | File Size: | 3872 | | Related CVE(s): | CVE-2007-3017 | | Last Modified: | Jul 14 00:22:13 2007 |
| MD5 Checksum: | 0ddb4bcd94e3a0f8bea6da9f484240bc |
|
| /// File Name: |
ZDI-07-040.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists during the process of scanning multiple maliciously formatted CAB archives. The parsing routine implicitly trusts certain user-supplied values that can result in an exploitable heap corruption.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3106 | | Related CVE(s): | CVE-2007-0447 | | Last Modified: | Jul 13 23:59:13 2007 |
| MD5 Checksum: | be8e5cb1bb99fd0fd8db4aeca12bec60 |
|
| /// File Name: |
ZDI-07-039.txt |
Description:
|
A vulnerability allows attackers to create a denial of service condition on software with vulnerable installations of the Symantec's AntiVirus engine. Authentication is not required to exploit this vulnerability. The specific flaw resides in a forged PACK_SIZE field of a RAR file header. By setting this field to a specific value an infinite loop denial of service condition will occur when the scanner processes the file.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3099 | | Related CVE(s): | CVE-2007-3699 | | Last Modified: | Jul 13 23:58:15 2007 |
| MD5 Checksum: | ef3052215879695af8421987750c8dd3 |
|
| /// File Name: |
TPTI-07-12.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of RSA Authentication Manager and other products that include the Progress server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the Progress Server listening by default on TCP ports 5520 and 5530. The _mprosrv.exe process trusts a user-supplied DWORD size and attempts to receive that amount of data into a statically allocated heap buffer
| | Author: | Aaron Portnoy | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 3728 | | Related CVE(s): | CVE-2007-2417 | | Last Modified: | Jul 13 23:57:10 2007 |
| MD5 Checksum: | 5e0ed789c25b8e4dd5a76e87be3f6576 |
|
| /// File Name: |
MDKSA-2007-146.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw was discovered in the perl Net::DNS module in the way it generated the ID field in a DNS query. Because it is so predictable, a remote attacker could exploit this to return invalid DNS data. A denial of service vulnerability was found in how Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3978 | | Related CVE(s): | CVE-2007-3377, CVE-2007-3409 | | Last Modified: | Jul 13 23:55:31 2007 |
| MD5 Checksum: | 858a1ffee7d19abb06a54ea28e358ddb |
|
| /// File Name: |
sa26065.txt |
Description:
|
Secunia Security Advisory - Marc Ruef has reported a vulnerability in SiteScape Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26065/ | | File Size: | 2279 | | Last Modified: | Jul 13 23:43:57 2007 |
| MD5 Checksum: | 332f0eb538e93b92af05637c001aa9db |
|
| /// File Name: |
sa26063.txt |
Description:
|
Secunia Security Advisory - RedTeam Pentesting has reported some vulnerabilities in activeWeb contentserver, which can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, or conduct SQL injection and script insertion attacks, and by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26063/ | | File Size: | 3698 | | Last Modified: | Jul 13 23:43:57 2007 |
| MD5 Checksum: | b329ac1276d85aa746db23223926b411 |
|
| /// File Name: |
sa26052.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/NETM/DM Manager, which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26052/ | | File Size: | 2231 | | Last Modified: | Jul 13 23:43:57 2007 |
| MD5 Checksum: | a520af78ae19e0b0a1ff3ab5bd92e087 |
|
| /// File Name: |
sa26047.txt |
Description:
|
Secunia Security Advisory - Brad Hill has reported a vulnerability in IAIK XSECT, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26047/ | | File Size: | 2219 | | Last Modified: | Jul 13 23:43:57 2007 |
| MD5 Checksum: | eb2353ee7739063cd5783a819b449b1d |
|
| /// File Name: |
sa26045.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Hitachi TP1/Server Base, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26045/ | | File Size: | 2271 | | Last Modified: | Jul 13 23:43:57 2007 |
| MD5 Checksum: | 99b75ded6c92fe5bf5647d5b1fd11be1 |
|
| /// File Name: |
sa26040.txt |
Description:
|
Secunia Security Advisory - Justin Seitz has discovered a vulnerability in Ipswitch WS_FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26040/ | | File Size: | 2410 | | Last Modified: | Jul 13 23:43:57 2007 |
| MD5 Checksum: | 10be0bda3384f4b1e9deacd73c2c6e46 |
|
| /// File Name: |
sa26028.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in the Drupal LoginToboggan module, which can potentially be exploited by malicious users to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/26028/ | | File Size: | 2538 | | Last Modified: | Jul 13 23:43:57 2007 |
| MD5 Checksum: | 6d742e04fc22451a267aeb0cbdb1db46 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
