Section: .. / 0702-advisories /
| /// File Name: |
sa24152.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows and Microsoft Office, which can be exploited by malicious people to compromise a users system.
| | Homepage: | http://secunia.com/advisories/24152/ | | File Size: | 7255 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 5158d66d71f28b7dab87a45ad67a2ab3 |
|
| /// File Name: |
sa24155.txt |
Description:
|
Secunia Security Advisory - Lostmon has reported a vulnerability in @Mail, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24155/ | | File Size: | 2506 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | a09d04f683427b4b75d7cfcdf6423a37 |
|
| /// File Name: |
sa24156.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24156/ | | File Size: | 4832 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 3f5834c3137d2084d9dc568d3c5e15fb |
|
| /// File Name: |
sa24163.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24163/ | | File Size: | 2144 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | c1054ebbbea49c1d23b3b588167eabaf |
|
| /// File Name: |
sa24164.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for snort. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24164/ | | File Size: | 2115 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 2236891fbfbe5be6ef808b3735b95bf4 |
|
| /// File Name: |
sa24165.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for rar and unrar. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24165/ | | File Size: | 2225 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 5e0371e38ca98dcd011f81fa399cc6fb |
|
| /// File Name: |
sa24166.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24166/ | | File Size: | 2386 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | b79c55959fd9be3d3def12b2165144ae |
|
| /// File Name: |
sa24168.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious, local users to gain escalated privileges or by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24168/ | | File Size: | 2917 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 61fd5f1f3a2ba84cc1fe01ff75b65a02 |
|
| /// File Name: |
sa24169.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24169/ | | File Size: | 2820 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | b55170b4c3890a7b5cbb4c50827e0e5a |
|
| /// File Name: |
sa24143.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for gd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24143/ | | File Size: | 4418 | | Last Modified: | Feb 13 04:01:47 2007 |
| MD5 Checksum: | a4f1818c7a3d6ebd304c427df133eddb |
|
| /// File Name: |
sa24120.txt |
Description:
|
Secunia Security Advisory - kcope has reported a vulnerability in Solaris, which can be exploited by malicious people to bypass certain security restrictions and gain access to a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24120/ | | File Size: | 2645 | | Last Modified: | Feb 13 04:01:28 2007 |
| MD5 Checksum: | 69002d5af8402b15fa8193e41a2397f4 |
|
| /// File Name: |
year3000.txt |
Description:
|
Microsoft Visual C++ version 8.0 suffers from a denial of service condition.
| | Author: | 3APA3A | | Homepage: | http://SecurityVulns.com/ | | File Size: | 5218 | | Related CVE(s): | CVE-2007-0842 | | Last Modified: | Feb 13 04:01:08 2007 |
| MD5 Checksum: | e7cd012fa91b331495001e288706d9b7 |
|
| /// File Name: |
jportal231-csrf.txt |
Description:
|
JPortal version 2.3.1 is susceptible to a CSRF vulnerability.
| | Author: | dzitu | | File Size: | 1880 | | Last Modified: | Feb 13 03:46:07 2007 |
| MD5 Checksum: | 2d150cc7829330face96c8ded37ad550 |
|
| /// File Name: |
firefox-file.txt |
Description:
|
There is an interesting logic flaw in Mozilla Firefox web browser. The vulnerability allows the attacker to silently redirect focus of selected key press events to an otherwise protected file upload form field.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 1621 | | Last Modified: | Feb 13 03:42:17 2007 |
| MD5 Checksum: | 42000d5f88fc6a835d6a4864a994494b |
|
| /// File Name: |
OpenPKG-SA-2007.009.txt |
Description:
|
OpenPKG Security Advisory - According to a vendor security advisory, a vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki, version up to and including 4.1.0. The vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 2739 | | Related CVE(s): | CVE-2007-0669 | | Last Modified: | Feb 13 02:52:56 2007 |
| MD5 Checksum: | bd35fb2c1d0a51753c89312576a4f3c5 |
|
| /// File Name: |
USN-421-1.txt |
Description:
|
Ubuntu Security Notice 421-1 - A flaw was discovered in MoinMoin's page name sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin page, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4990 | | Related CVE(s): | CVE-2007-0857 | | Last Modified: | Feb 13 01:50:56 2007 |
| MD5 Checksum: | 44717443417d82dc96c24f9efbfc671c |
|
| /// File Name: |
MDKSA-2007-041.txt |
Description:
|
Mandriva Security Advisory - Vladimir Nadvornik discovered a buffer overflow in GraphicsMagick and ImageMagick allows user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7112 | | Related CVE(s): | CVE-2007-0770 | | Last Modified: | Feb 13 01:31:58 2007 |
| MD5 Checksum: | 628ffe56a059bca2328160725c889212 |
|
| /// File Name: |
FreeBSD-SA-07-02.bind.txt |
Description:
|
FreeBSD Security Advisory - A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5755 | | Related CVE(s): | CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Feb 13 01:25:31 2007 |
| MD5 Checksum: | 7dd0ce5e15ea2a438e64c71a1c893c96 |
|
| /// File Name: |
USN-416-1.txt |
Description:
|
Ubuntu Security Notice 416-1 - A large quantity of Linux 2.6 kernel vulnerabilities have been discovered and fixed.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 179577 | | Related CVE(s): | CVE-2006-4572, CVE-2006-4814, CVE-2006-5749, CVE-2006-5753, CVE-2006-5755, CVE-2006-5757, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6056, CVE-2006-6057, CVE-2006-6106 | | Last Modified: | Feb 13 01:11:00 2007 |
| MD5 Checksum: | 1d62b1b3baa4783c7afe8a58fc50fbe3 |
|
| /// File Name: |
iemobile-dos.txt |
Description:
|
A denial of service condition exists in Internet Explorer for Microsoft Windows Mobile 5.0.
| | Author: | Michael Kemp | | Homepage: | http://www.clappymonkey.com | | File Size: | 1082 | | Last Modified: | Feb 13 01:05:26 2007 |
| MD5 Checksum: | 69ebbdf1c60ed96cd83a7f8e486f8287 |
|
| /// File Name: |
trendmicro-escalate.txt |
Description:
|
TmComm.sys is exposed through various Trend Micro products allowing for arbitrary code execution.
| | Author: | Ruben Santamarta | | File Size: | 3305 | | Last Modified: | Feb 13 01:01:46 2007 |
| MD5 Checksum: | 725a5887d0ddf9548ab8e3d77c976790 |
|
| /// File Name: |
MDKSA-2007-037-1.txt |
Description:
|
Mandriva Security Advisory - Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this. As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploited to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9129 | | Related CVE(s): | CVE-2007-0555, CVE-2007-0556 | | Last Modified: | Feb 13 00:57:58 2007 |
| MD5 Checksum: | 03ee161b8df333666d71a19c0f9b6f14 |
|
| /// File Name: |
ZDI-07-007.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Mercury LoadRunner Agent, Mercury Performance Center Agent and Mercury Monitor over Firewall. Authentication is not required to exploit this vulnerability.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2797 | | Related CVE(s): | CVE-2007-0446 | | Last Modified: | Feb 13 00:56:19 2007 |
| MD5 Checksum: | 4f0f6192b34b6ba3d3a90813bcad528b |
|
| /// File Name: |
sapwebas-dos.txt |
Description:
|
Multiple vulnerabilities exist in SAP Web AS version 6.40 below patch 136 and 7.00 below patch 66. These flaws allow for remote file disclosure, remote denial of service attacks, and local privilege escalation.
| | Author: | Nicob | | Related Exploit: | r3-stealer-1.0.pl.txt | | File Size: | 1636 | | Last Modified: | Feb 13 00:40:56 2007 |
| MD5 Checksum: | a51963a221e2225c0715eb86459d20a5 |
|
| /// File Name: |
SSRT071300.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Storage Data Protector running on HP-UX with PHSS_35149 or PHSS_35150 installed and Solaris with DPSOL_00229 installed. The vulnerability could be exploited by a local user to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 6147 | | Last Modified: | Feb 13 00:36:38 2007 |
| MD5 Checksum: | 2e05d8c33fca388466119fcfc16048c2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
