Section: .. / 0707-advisories /
| /// File Name: |
CAID-35527.txt |
Description:
|
Multiple CA products that utilize CA Message Queuing (CAM / CAFT) software contain a buffer overflow vulnerability. The vulnerability is a buffer overflow that can allow a remote attacker to execute arbitrary code by sending a specially crafted message to TCP port 3104.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5771 | | Related CVE(s): | CVE-2007-0060 | | Last Modified: | Jul 25 06:52:10 2007 |
| MD5 Checksum: | ab501b46991f1fab5eb58cd640e9f5c4 |
|
| /// File Name: |
sa26190.txt |
Description:
|
Secunia Security Advisory - IBM ISS X-Force has reported a vulnerability in CA Message Queuing (CAM/CAFT), which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26190/ | | File Size: | 5699 | | Last Modified: | Jul 26 06:26:32 2007 |
| MD5 Checksum: | 9c4645ebf62e78f17e0ea33437f171a2 |
|
| /// File Name: |
FreeBSD-SA-07-05.libarchive.txt |
Description:
|
FreeBSD Security Advisory - Several problems have been found in the libarchive code used to parse the tar and pax interchange formats. These include entering an infinite loop if an archive prematurely ends within a pax extension header or if certain types of corruption occur in pax extension headers, dereferencing a NULL pointer if an archive prematurely ends within a tar header immediately following a pax extension header or if certain other types of corruption occur in pax extension headers, and miscomputing the length of a buffer resulting in a buffer overflow if yet another type of corruption occurs in a pax extension header.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5653 | | Related CVE(s): | CVE-2007-3641, CVE-2007-3644, CVE-2007-3645 | | Last Modified: | Jul 13 03:40:27 2007 |
| MD5 Checksum: | ccfe3e5ce2b9a60cc760a202eb9b789a |
|
| /// File Name: |
sa26023.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Web Server and Application Server, which can be exploited by malicious, local users to perform actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/26023/ | | File Size: | 5561 | | Last Modified: | Jul 12 01:06:45 2007 |
| MD5 Checksum: | d680096ca47ad596835d1f673cfd2e59 |
|
| /// File Name: |
msdirectx-heap.txt |
Description:
|
Microsoft DirectX is prone to a heap overflow vulnerability due to the improper handling of targa files.
| | Author: | Ruben Santamarta | | Homepage: | http://www.reversemode.com/ | | File Size: | 5324 | | Last Modified: | Jul 19 07:06:23 2007 |
| MD5 Checksum: | bb5803ba2e354d2239ac11ee93edc562 |
|
| /// File Name: |
MDKSA-2007-143.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long album title or category.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5280 | | Related CVE(s): | CVE-2007-2948 | | Last Modified: | Jul 11 09:03:52 2007 |
| MD5 Checksum: | cb31c9dd1e9358a920a966e22797417b |
|
| /// File Name: |
sa26231.txt |
Description:
|
Secunia Security Advisory - Trustix has issued an update for multiple packages. This fixes some vulnerabilities and a weakness, which can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions, gain escalated privileges, poison the DNS cache, cause a DoS (Denial of Service), and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26231/ | | File Size: | 5241 | | Last Modified: | Jul 31 05:45:08 2007 |
| MD5 Checksum: | 73d6f550880f44eb4f0b07ac3c907c9c |
|
| /// File Name: |
zencart-fixation.txt |
Description:
|
Zen Cart version 1.3.7 suffers from a session fixation issue in its backend administration interface.
| | Author: | Tomaz Bratusa | | Homepage: | http://www.teamintell.com/ | | File Size: | 5126 | | Last Modified: | Jul 7 06:48:39 2007 |
| MD5 Checksum: | 51fbe0f53ba148f62706b43478709dec |
|
| /// File Name: |
07.09.07-2.txt |
Description:
|
iDefense Security Advisory 07.09.07 - Remote exploitation of multiple integer overflow vulnerabilities in several of the image loader plug-ins included with distributions of 'The GIMP' allow attackers to crash The GIMP or potentially execute arbitrary code with the privileges of the user. iDefense has confirmed that version 2.2.15 of The GIMP is vulnerable on both Linux and Windows platforms. It is suspected that all previous versions of the GIMP are also affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4913 | | Related CVE(s): | CVE-2006-4519 | | Last Modified: | Jul 10 05:13:12 2007 |
| MD5 Checksum: | 0bed7c854f7e51ca02e6f60a08783965 |
|
| /// File Name: |
sa26226.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26226/ | | File Size: | 4901 | | Last Modified: | Jul 27 05:17:23 2007 |
| MD5 Checksum: | 5500646ae2cab49df51e2f0acfd25693 |
|
| /// File Name: |
TA07-193A.txt |
Description:
|
Technical Cyber Security Alert TA07-193A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime version 7.2 resolves these vulnerabilities.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4813 | | Last Modified: | Jul 13 03:43:24 2007 |
| MD5 Checksum: | 27e5a3bcf326cbe5b068abcda1c72fef |
|
| /// File Name: |
dsa-1328-1.txt |
Description:
|
Debian Security Advisory 1328-1 - Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4786 | | Related CVE(s): | CVE-2007-2835 | | Last Modified: | Jul 1 23:11:21 2007 |
| MD5 Checksum: | e1be834a44c2f4bf8691d003a8d8c104 |
|
| /// File Name: |
sa26099.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26099/ | | File Size: | 4757 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | faadf104b90e71ad03bf28a2a740305a |
|
| /// File Name: |
sa26012.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for libnet-dns-perl. This fixes two vulnerabilities, which can be exploited to poison the DNS cache or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26012/ | | File Size: | 4666 | | Last Modified: | Jul 17 03:59:39 2007 |
| MD5 Checksum: | 233bde8a7a1ba29c157bc5452077d230 |
|
| /// File Name: |
dsa-1342-1.txt |
Description:
|
Debian Security Advisory 1342-1 - It was discovered that a race condition in the init.d script of the X Font Server allows the modification of file permissions of arbitrary files if the local administrator can be tricked into restarting the X font server.
| | Homepage: | http://www.debian.org/security | | File Size: | 4663 | | Related CVE(s): | CVE-2007-3103 | | Last Modified: | Jul 31 08:19:18 2007 |
| MD5 Checksum: | dcfee0c9d0bf3d013082cf2ace2e6fad |
|
| /// File Name: |
EEYE-Java.txt |
Description:
|
eEye Digital Security has discovered a stack buffer overflow in Java WebStart, a utility installed with Java Runtime Environment for the purpose of managing the download of Java applications. By opening a malicious JNLP file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Systems affected are Java Runtime Environment 6 update 1 and below and Java Runtime Environment 5 update 11 and below.
| | Author: | Daniel Soeder | | Homepage: | http://www.eeye.com/ | | File Size: | 4623 | | Last Modified: | Jul 10 05:10:09 2007 |
| MD5 Checksum: | 3e976378e3500569323acb831bebdede |
|
| /// File Name: |
sa25946.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for mysql. This fixes some vulnerabilities and a security issue, which can be exploited by malicious users to cause a DoS (Denial of Service) or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25946/ | | File Size: | 4614 | | Last Modified: | Jul 6 04:01:35 2007 |
| MD5 Checksum: | 8e8e8914e92daed6ecf800d5a7b62e44 |
|
| /// File Name: |
sa26034.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26034/ | | File Size: | 4603 | | Last Modified: | Jul 13 02:55:11 2007 |
| MD5 Checksum: | 3e7f71f53681dcf254950f72b1cafd6b |
|
| /// File Name: |
sa26219.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in IBM AIX, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26219/ | | File Size: | 4601 | | Last Modified: | Jul 28 03:09:41 2007 |
| MD5 Checksum: | 7f9f39e837470129cda47c694955aeb2 |
|
| /// File Name: |
dsa-1327-1.txt |
Description:
|
Debian Security Advisory 1327-1 - Steve Kemp from the Debian Security Audit project discovered that gsambad, a GTK+ configuration tool for samba, uses temporary files in an unsafe manner which may be exploited to truncate arbitrary files from the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 4586 | | Related CVE(s): | CVE-2007-2838 | | Last Modified: | Jul 1 23:10:01 2007 |
| MD5 Checksum: | f20aefeef139899c4b2f1e2d981acb5a |
|
| /// File Name: |
sa25912.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for unicon-imc2. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25912/ | | File Size: | 4510 | | Last Modified: | Jul 3 01:11:38 2007 |
| MD5 Checksum: | b8d2844c8399727cfc2dceb16ec9d14e |
|
| /// File Name: |
sa26118.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26118/ | | File Size: | 4502 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | e24a91df2a13f5656c2f5115e3b075e8 |
|
| /// File Name: |
centericq_421_bo_06_063.txt |
Description:
|
Centericq version 4.21 on FreeBSD as well as the official sources have been found vulnerable to multiple buffer overflows.
| | Author: | Nico Leidecker | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 4456 | | Last Modified: | Jul 11 10:41:46 2007 |
| MD5 Checksum: | b55568551bdb25dc83172c91c617cca3 |
|
| /// File Name: |
CAID-35524.txt |
Description:
|
eTrust Intrusion Detection contains a vulnerability associated with the caller.dll ActiveX control. The vulnerability is due to the caller.dll ActiveX control being marked safe for scripting. An attacker, who can lure a user into visiting a malicious website, can potentially gain complete control of an affected installation.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4401 | | Related CVE(s): | CVE-2007-3302 | | Last Modified: | Jul 25 06:49:01 2007 |
| MD5 Checksum: | 0f81f87e5fb0e8acadbc9da84286310e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
