Section: .. / 0805-advisories /
| /// File Name: |
ZDI-08-023.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.
| | Author: | wushi | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3266 | | Related CVE(s): | CVE-2008-1091 | | Last Modified: | May 13 15:38:28 2008 |
| MD5 Checksum: | 3a4c70d8165cb815e52e832667c68280 |
|
| /// File Name: |
dsa-1569-2.txt |
Description:
|
Debian Security Advisory 1569-2 - The original update for cacti unfortunately introduced a regression. Updated packages have been created to address this. It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.
| | Homepage: | http://www.debian.org/security | | File Size: | 3253 | | Related CVE(s): | CVE-2008-0783, CVE-2008-0785 | | Last Modified: | May 6 16:39:48 2008 |
| MD5 Checksum: | 14da4de45a7965759e35ce4984df344d |
|
| /// File Name: |
sa30202.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix some vulnerabilities, which can be exploited by malicious, local users to disclose and manipulate sensitive information, cause a DoS (Denial of Service), and gain escalated privileges, malicious users to cause a DoS and compromise a vulnerable system, and malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, cause a DoS, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30202/ | | File Size: | 3247 | | Last Modified: | May 12 18:24:40 2008 |
| MD5 Checksum: | 2bfbd6ec67c455900bfaf85d02888a8b |
|
| /// File Name: |
sa30256.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for phpgedview. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30256/ | | File Size: | 3247 | | Last Modified: | May 21 21:31:45 2008 |
| MD5 Checksum: | 7d06124ee7a1a74ab1a480e60bc59f5a |
|
| /// File Name: |
glsa-200805-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-20 - Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS. Versions less than 2.2.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3216 | | Related CVE(s): | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 | | Last Modified: | May 22 01:48:49 2008 |
| MD5 Checksum: | ae1a27497ffdfe649bb414d13d8d7955 |
|
| /// File Name: |
ZDI-08-033.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS. The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3211 | | Last Modified: | May 27 19:45:22 2008 |
| MD5 Checksum: | 127b1780fcc83af434196ea8d141b60e |
|
| /// File Name: |
glsa-200805-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-10 - It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption (GLSA 200804-15). Versions less than 1.6.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3170 | | Related CVE(s): | CVE-2008-1382 | | Last Modified: | May 12 10:41:29 2008 |
| MD5 Checksum: | 7cfec10bfa57130b88afb7bff74c84e3 |
|
| /// File Name: |
dsa-1554-2.txt |
Description:
|
Debian Security Advisory 1554-2 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.
| | Homepage: | http://www.debian.org/security | | File Size: | 3142 | | Related CVE(s): | CVE-2008-1474 | | Last Modified: | May 6 16:40:22 2008 |
| MD5 Checksum: | 23546650cebe54b7719fbd4c9d712eed |
|
| /// File Name: |
sa30447.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in various HiFi products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30447/ | | File Size: | 3139 | | Last Modified: | May 30 14:30:56 2008 |
| MD5 Checksum: | 2442facb2806348082b4dbb96bf8d7be |
|
| /// File Name: |
sa30300.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in CA ARCserve Backup, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30300/ | | File Size: | 3127 | | Last Modified: | May 20 19:13:12 2008 |
| MD5 Checksum: | b37b188c91c2b5cafa2751b368509993 |
|
| /// File Name: |
dsa-1568-1.txt |
Description:
|
Debian Security Advisory 1568-1 - "unsticky" discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting.
| | Homepage: | http://www.debian.org/security | | File Size: | 3120 | | Related CVE(s): | CVE-2007-0175 | | Last Modified: | May 5 14:20:54 2008 |
| MD5 Checksum: | f9e73cec816de809b3aa14a1a0c1a5ce |
|
| /// File Name: |
sa30118.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in rdesktop, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30118/ | | File Size: | 3103 | | Last Modified: | May 8 13:30:50 2008 |
| MD5 Checksum: | 58ad392870dcc436c40f31e2fc98dd03 |
|
| /// File Name: |
dsa-1569-1.txt |
Description:
|
Debian Security Advisory 1569-1 - It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitizing, leading to cross site scripting and SQL injection being possible.
| | Homepage: | http://www.debian.org/security | | File Size: | 3076 | | Related CVE(s): | CVE-2008-0783, CVE-2008-0785 | | Last Modified: | May 5 14:21:38 2008 |
| MD5 Checksum: | 7e570d1ee38f5fd86083687cc05921e8 |
|
| /// File Name: |
glsa-200805-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-11 - Chicken includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruption vulnerabilities (GLSA 200711-30). Versions less than 3.1.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3061 | | Last Modified: | May 12 18:26:45 2008 |
| MD5 Checksum: | d9d22fd1973d39963760ae4fd6fe5097 |
|
| /// File Name: |
glsa-200805-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-14 - Alfredo Ortega (Core Security Technologies) reported a boundary error within the Read32s_64() function when processing CDF files. Versions less than 3.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3057 | | Related CVE(s): | CVE-2008-2080 | | Last Modified: | May 13 17:42:27 2008 |
| MD5 Checksum: | fb60597d6c2b729facceb809547eadbd |
|
| /// File Name: |
bthub-password.txt |
Description:
|
The BT Home Hub has now changed the default access password from admin to the serial number of the device, but allows retrieval of the number via a simple MDAP request in the same network.
| | Author: | Adrian Pastor | | Homepage: | http://www.gnucitizen.org/ | | File Size: | 3012 | | Last Modified: | May 22 19:36:52 2008 |
| MD5 Checksum: | 56e81d68bde3ea672d5c9fc490ad1054 |
|
| /// File Name: |
sa30287.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30287/ | | File Size: | 3012 | | Last Modified: | May 21 21:31:45 2008 |
| MD5 Checksum: | cbf1915fc2162d3331cddbe0161ada15 |
|
| /// File Name: |
sa30246.txt |
Description:
|
Secunia Security Advisory - shinnai has discovered some vulnerabilities in various IDAutomation Barcode ActiveX controls, which can be exploited by malicious people to overwrite arbitrary files.
| | Homepage: | http://secunia.com/advisories/30246/ | | File Size: | 2989 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 29776e38f37c80800045e01fcff8ade5 |
|
| /// File Name: |
sa30194.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in PhotoStore, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/30194/ | | File Size: | 2984 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 5eb7a374d870237490f679d85055e64e |
|
| /// File Name: |
sa30044.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious people to cause a DoS (Denial of Service), and by malicious, local users to cause a DoS or to potentially gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/30044/ | | File Size: | 2978 | | Last Modified: | May 8 13:30:50 2008 |
| MD5 Checksum: | 9e591ce7863a3608578451777382d691 |
|
| /// File Name: |
sa30327.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued updates for mozilla-firefox, mozilla-firefox-bin, seamonkey, seamonkey-bin, mozilla-thunderbird, mozilla-thunderbird-bin, and xulrunner. These fix some weaknesses and vulnerabilities, which can be exploited by malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30327/ | | File Size: | 2962 | | Last Modified: | May 21 21:31:45 2008 |
| MD5 Checksum: | 94b23d244bb2bc88bce141f96c1ccf53 |
|
| /// File Name: |
glsa-200805-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-09 - It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Versions less than 1.6.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2956 | | Related CVE(s): | CVE-2008-1937 | | Last Modified: | May 12 10:37:50 2008 |
| MD5 Checksum: | f5912af55302350b385b5dd9c8aea1a1 |
|
| /// File Name: |
sa30045.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for cacti. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30045/ | | File Size: | 2949 | | Last Modified: | May 7 20:31:38 2008 |
| MD5 Checksum: | 087ffb35c805b4d3cd13d676ea746b27 |
|
| /// File Name: |
glsa-200805-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-17 - Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Versions less than 5.8.8-r5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2946 | | Related CVE(s): | CVE-2008-1927 | | Last Modified: | May 20 16:44:10 2008 |
| MD5 Checksum: | c61ac53f0481c399e80995f4f0c77a11 |
|
| /// File Name: |
sa30001.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for KDE4. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30001/ | | File Size: | 2892 | | Last Modified: | May 8 13:30:50 2008 |
| MD5 Checksum: | 3c4a36ea7401351483e43effab62afea |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
