Section: .. / 0708-advisories /
| /// File Name: |
asurabof.txt |
Description:
|
The Asura engine included with Rogue Trooper versions 1.0 and below and Prism: Guard Shield versions 1.1.1.0 and below suffers from a buffer overflow vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | asurabof.zip | | File Size: | 3923 | | Last Modified: | Aug 24 03:25:48 2007 |
| MD5 Checksum: | 6360ebc666d1a85c52df0d4e9e69ed14 |
|
| /// File Name: |
08.07.07-1.txt |
Description:
|
iDefense Security Advisory 08.07.07 - Remote exploitation of a buffer overflow vulnerability in ldcconn allows attackers to execute arbitrary code with root privileges. By sending a long string to the TCP port that ldcconn listens on, a buffer overflow is triggered. No authentication or data validation is performed. iDefense confirmed the existence of this vulnerability in HP-UX 11.11i. It is suspected that other versions are also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3903 | | Last Modified: | Aug 8 10:00:40 2007 |
| MD5 Checksum: | 74d1ebba3dba3848decd2b5aede69fa5 |
|
| /// File Name: |
08.16.07-1.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of multiple race condition vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. In each case, a race condition exists between a check to see if an existing file is a symbolic link and modifying it. By quickly and repeatedly removing and recreating the file as a symbolic link, an attacker could modify arbitrary files with root privileges. iDefense confirmed the existence of these vulnerabilities in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3900 | | Related CVE(s): | CVE-2007-4270 | | Last Modified: | Aug 17 08:17:05 2007 |
| MD5 Checksum: | 515807fc57dc8ba1f64372577e80ee74 |
|
| /// File Name: |
08.27.07-1.txt |
Description:
|
iDefense Security Advisory 08.27.07 - Remote exploitation of a directory traversal vulnerability in Motorola Inc.'s Timbuktu Pro allows attackers to delete or create files with SYSTEM privileges. iDefense confirmed the existence of this vulnerability in version 8.6.3.1367 of Motorola Inc.'s Timbuktu Pro for Windows. Other versions, including those for other operating systems are suspected to be vulnerable.
| | Author: | Titon | | Homepage: | http://www.idefense.com/ | | File Size: | 3890 | | Related CVE(s): | CVE-2007-4220 | | Last Modified: | Aug 27 17:26:47 2007 |
| MD5 Checksum: | b05606c0d244cd6c03b5e12a4c142899 |
|
| /// File Name: |
sa26631.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in JRockit, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, to cause a DoS (Denial of Service), or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26631/ | | File Size: | 3848 | | Last Modified: | Aug 30 02:11:25 2007 |
| MD5 Checksum: | 8b66fa11e45ef07a872587e85686eaf4 |
|
| /// File Name: |
glsa-200708-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-05 - Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file. An integer overflow has been discovered in the gdImageCreateTrueColor() function. An error has been discovered in the function gdImageCreateXbm() function. Unspecified vulnerabilities have been discovered in the GIF reader. An error has been discovered when processing a GIF image that has no global color map. An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index. An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values. A race condition has been discovered in the gdImageStringFTEx() function. Versions less than 2.0.35 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3843 | | Related CVE(s): | CVE-2007-2756, CVE-2007-3472, CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 | | Last Modified: | Aug 10 05:16:58 2007 |
| MD5 Checksum: | ef5b7a4d0bdacff83b141f10984ea08e |
|
| /// File Name: |
08.16.07-3.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of multiple file creation vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. By setting certain combinations of environment variables, an attacker is able to create or append to arbitrary files on the system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3842 | | Related CVE(s): | CVE-2007-4272 | | Last Modified: | Aug 17 08:20:42 2007 |
| MD5 Checksum: | fa67305bc50f5d281ebe6e85e267c4ce |
|
| /// File Name: |
sa26423.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26423/ | | File Size: | 3827 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | 1d2af7a899cb5bcc67d76ae10792266d |
|
| /// File Name: |
sa26341.txt |
Description:
|
Secunia Security Advisory - Seth Fogie has reported some vulnerabilities and security issues in EZPhotoSales, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions, and by malicious users to conduct script insertion attacks and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26341/ | | File Size: | 3819 | | Last Modified: | Aug 14 19:37:33 2007 |
| MD5 Checksum: | d2804f17b449f6ca2c6e91c977f4e155 |
|
| /// File Name: |
sa26557.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Trend Micro products, which can be exploited by malicious, local users to gain escalated privileges or potentially by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26557/ | | File Size: | 3805 | | Last Modified: | Aug 23 17:47:08 2007 |
| MD5 Checksum: | 65149a0d2850427e51e1e2fdfa361194 |
|
| /// File Name: |
08.16.07-6.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability specifically exists due to insufficient validation of the length of attacker supplied data. When an attacker specifies a specially crafted string via certain environment variables, the string is copied into a static sized buffer stored on the stack. By supplying too much data, an attacker can overflow the buffer and overwrite stack-stored execution control structures resulting in arbitrary code execution. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3797 | | Related CVE(s): | CVE-2007-4276 | | Last Modified: | Aug 17 08:25:10 2007 |
| MD5 Checksum: | c5b91aebbfaea50b067a3bd8179c060e |
|
| /// File Name: |
bugzilla-xss.txt |
Description:
|
Bugzilla versions below 2.20.5 and versions below 3.0.1 are susceptible to input validation and cross site scripting vulnerabilities.
| | Homepage: | http://www.bugzilla.org/ | | File Size: | 3750 | | Last Modified: | Aug 24 23:03:20 2007 |
| MD5 Checksum: | 77205950a1a0eb807d7baf4801e610c1 |
|
| /// File Name: |
08.20.07-2.txt |
Description:
|
iDefense Security Advisory 08.20.07 - Local exploitation of multiple input validation vulnerabilities within multiple Check Point Zone Alarm products could allow an attacker to execute arbitrary code in kernel (ring0) context. The problems specifically exist within the IOCTL handling code in the vsdatant.sys device driver. The device driver fails to validate user-land supplied addresses passed to IOCTL 0x8400000F and IOCTL 0x84000013. Since the Irp parameters are not correctly validated, an attacker could utilize these IOCTLs to overwrite arbitrary memory with the constant double-word value of 0x60001 or the contents of a buffer returned from ZwQuerySystemInformation. This includes kernel memory as well as the code segments of running processes. iDefense has confirmed the existence of these vulnerabilities within version 6.5.737.0 of vsdatant.sys as installed with Check Point Zone Labs Zone Alarm Free. All other products within the Zone Alarm product line are suspected to be vulnerable. Previous versions are also suspected to be vulnerable.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 3747 | | Related CVE(s): | CVE-2007-4216 | | Last Modified: | Aug 21 22:09:51 2007 |
| MD5 Checksum: | e676ae3a6bc4dafa566b3d839c9776ca |
|
| /// File Name: |
08.21.07-2.txt |
Description:
|
iDefense Security Advisory 08.21.07 - Remote exploitation of an integer overflow vulnerability in Trend Micro Inc.'s ServerProtect anti-virus software could allow attackers to execute arbitrary code with system level privilege. iDefense has confirmed the existence of this vulnerability in ServerProtect for Windows 5.58 Build 1176 (Security Patch 3). Previous versions, as well as versions for other platforms, are suspected to be vulnerable.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 3729 | | Related CVE(s): | CVE-2007-4219 | | Last Modified: | Aug 22 05:30:11 2007 |
| MD5 Checksum: | 8fd467dd35cd0eb802b69ada8af66951 |
|
| /// File Name: |
as3socket.txt |
Description:
|
Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS.
| | Author: | David Neu, fukami | | Homepage: | http://sektioneins.de/ | | File Size: | 3700 | | Last Modified: | Aug 10 05:09:19 2007 |
| MD5 Checksum: | df08ea5923024e057f69b27d240723ee |
|
| /// File Name: |
sa26588.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Timbuktu Pro, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26588/ | | File Size: | 3686 | | Last Modified: | Aug 29 06:20:48 2007 |
| MD5 Checksum: | b28a395f7fb666ed9b7111d84c68ca1c |
|
| /// File Name: |
sa26634.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26634/ | | File Size: | 3672 | | Last Modified: | Aug 30 02:11:25 2007 |
| MD5 Checksum: | 815be2a72b59df370f10e6582bcb6238 |
|
| /// File Name: |
08.30.07-1.txt |
Description:
|
iDefense Security Advisory 08.30.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Yahoo Inc.'s Yahoo! Messenger 8.1 allows attackers to execute arbitrary code with the privileges of the currently logged in user. iDefense has confirmed the existence of this vulnerability in version 8.1 of Yahoo Instant Messenger. Previous versions are suspected to be vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3649 | | Related CVE(s): | CVE-2007-4515 | | Last Modified: | Aug 31 18:58:05 2007 |
| MD5 Checksum: | 44bf2944288480d2f88cd559b0d9ab27 |
|
| /// File Name: |
sa26145.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26145/ | | File Size: | 3646 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | bbd18f69253375cd6a8b7fae764869d2 |
|
| /// File Name: |
sa26507.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has reported some vulnerabilities in Toribash, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26507/ | | File Size: | 3634 | | Last Modified: | Aug 21 05:18:38 2007 |
| MD5 Checksum: | 555e9f3932df3812032c6378f36539bd |
|
| /// File Name: |
TPTI-07-14.txt |
Description:
|
Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.
| | Author: | Cody Pierce, Pedram Amini, Aaron Portnay | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 3620 | | Related CVE(s): | CVE-2007-1676 | | Last Modified: | Aug 15 06:11:14 2007 |
| MD5 Checksum: | 42bec810b1475c3040bb5b97899fc85d |
|
| /// File Name: |
sa26635.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for opera. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise vulnerable system.
| | Homepage: | http://secunia.com/advisories/26635/ | | File Size: | 3616 | | Last Modified: | Aug 31 05:45:27 2007 |
| MD5 Checksum: | 0087c1229ea59f81299a397f3cd18a75 |
|
| /// File Name: |
enterprisedb-pointer.txt |
Description:
|
EnterpriseDB Advanced Server version 8.2 suffers from an uninitialized pointer vulnerability that may allow for remote code execution.
| | Author: | Joxean Koret | | File Size: | 3616 | | Last Modified: | Aug 30 09:56:13 2007 |
| MD5 Checksum: | da54cbb2e122235868424854d9d11ac9 |
|
| /// File Name: |
sa26403.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for poppler. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26403/ | | File Size: | 3612 | | Last Modified: | Aug 14 19:37:33 2007 |
| MD5 Checksum: | 1d15b47d8c01c94342cff2d739c93743 |
|
| /// File Name: |
sa26524.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has reported some vulnerabilities in Doomsday, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26524/ | | File Size: | 3610 | | Last Modified: | Aug 31 05:45:27 2007 |
| MD5 Checksum: | 9332c883dec2cfd2946b56bc1d7d8f40 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
