Section: .. / 0705-advisories /
| /// File Name: |
CAID-35330-35331.txt |
Description:
|
CA Anti-Virus for the Enterprise, CA Threat Manager, and CA Anti-Spyware contain multiple vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4855 | | Related OSVDB(s): | 34585,34586 | | Related CVE(s): | CVE-2007-2522, CVE-2007-2523 | | Last Modified: | May 12 04:38:41 2007 |
| MD5 Checksum: | abb122f45d905c9827d43ba0d53a8675 |
|
| /// File Name: |
05.08.07-1.txt |
Description:
|
iDefense Security Advisory 05.08.07 - Remote exploitation of a buffer overflow in an ActiveX control distributed with McAfee Security Center could allow for the execution of arbitrary code. iDefense confirmed the existence of this vulnerability using McAfee Virus Scan 10.0.27 running on Windows XP SP2. However, many additional McAfee products are reported to install this component.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 4695 | | Last Modified: | May 10 04:22:18 2007 |
| MD5 Checksum: | 55724073f11143b0ac7a085bacb12eb7 |
|
| /// File Name: |
ASPR-2007-05-14-1.txt |
Description:
|
ACROS Security Problem Report #2007-05-14-1 - There is a session fixation vulnerability in HP Systems Insight Manager 4.2 and 5.0 SP4/5 (IM) that allows an attacker to gain administrative access to IM console. As a result, the attacker can take complete administrative control over all managed systems, upload and execute malicious code on them, extract any information from them and disable them at her will.
| | Homepage: | http://www.acrossecurity.com/ | | File Size: | 4675 | | Last Modified: | May 21 06:01:13 2007 |
| MD5 Checksum: | e7e668d4412559a0e42a337e73fbbb1d |
|
| /// File Name: |
sa25208.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for moinmoin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25208/ | | File Size: | 4599 | | Last Modified: | May 8 11:46:47 2007 |
| MD5 Checksum: | 030a8129343c5e6270a34b2bb429ec7a |
|
| /// File Name: |
sbb-path.txt |
Description:
|
SonicBB version 1.0 suffers from multiple path disclosure vulnerabilities.
| | Author: | Jesper Jurcenoks | | Homepage: | http://www.netvigilance.com/ | | File Size: | 4525 | | Related OSVDB(s): | 33906 | | Related CVE(s): | CVE-2007-1901 | | Last Modified: | May 15 08:30:02 2007 |
| MD5 Checksum: | 66a9c93f81ab42e26b5defe14f4c428b |
|
| /// File Name: |
ow-dos.txt |
Description:
|
OpenEdge WebSpeed suffers from a denial of service vulnerability when dict.r is referenced more than five times.
| | Author: | Eelko Neven | | File Size: | 4523 | | Last Modified: | May 12 04:41:02 2007 |
| MD5 Checksum: | ffaeca4b31e0d70a564823262813215d |
|
| /// File Name: |
TA07-128A.txt |
Description:
|
Technical Cyber Security Alert TA07-128A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Exchange, Cryptographic API Component Object Model (CAPICOM), and BizTalk. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4518 | | Last Modified: | May 10 03:42:20 2007 |
| MD5 Checksum: | d3d88bcd62b8340216fb50ed8ba3fe48 |
|
| /// File Name: |
secunia-escan.txt |
Description:
|
Secunia Research has discovered a vulnerability in various eScan products, which may be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the MicroWorld Agent service (MWAGENT.EXE) when decrypting received commands. This can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp). Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. eScan version 9.0.715.1 is affected.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4514 | | Related CVE(s): | CVE-2007-2687 | | Last Modified: | May 24 03:56:35 2007 |
| MD5 Checksum: | 72d33f4f8916920c2e00262419f926ed |
|
| /// File Name: |
05.10.07-3.txt |
Description:
|
iDefense Security Advisory 05.10.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Apple Inc.'s Darwin Streaming Proxy allows attackers to execute arbitrary code with the privileges of running service, usually root. Due to insufficient sanity checking, a stack-based buffer overflow could occur while trying to extract commands from the request buffer. The "is_command" function, located in proxy.c, lacks bounds checking when filling the 'cmd' and 'server' buffers. Additionally, a heap-based buffer overflow could occur while processing the "trackID" values contained within a "SETUP" request. If a request with more than 32 values is encountered, memory corruption will occur. iDefense has confirmed the existence of these vulnerabilities in Darwin Streaming Server 5.5.4 and Darwin Streaming Proxy 4.1. It is suspected that earlier versions are also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4396 | | Related CVE(s): | CVE-2007-0749, CVE-2007-0748 | | Last Modified: | May 11 04:05:01 2007 |
| MD5 Checksum: | be68582e3d87c6ad155585a8cbd9bd2c |
|
| /// File Name: |
secunia-iehtml.txt |
Description:
|
Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of HTML objects as a CMarkup object is used in certain cases after it has been freed. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code.
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4356 | | Related CVE(s): | CVE-2007-0947 | | Last Modified: | May 11 03:49:21 2007 |
| MD5 Checksum: | 4efd4a7fac68bc08fe9f37c2d49bd11c |
|
| /// File Name: |
sa25150.txt |
Description:
|
Secunia Security Advisory - Three vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25150/ | | File Size: | 4331 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | 67b6c2f0ca918756a1ed97077eecfe09 |
|
| /// File Name: |
sa25191.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for php. This fixes some vulnerabilities, where one has an unknown impact and the others can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25191/ | | File Size: | 4214 | | Last Modified: | May 12 04:30:02 2007 |
| MD5 Checksum: | 98bf43f04b1079858dd7964e7287aaad |
|
| /// File Name: |
05.08.07-3.txt |
Description:
|
iDefense Security Advisory 05.08.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the target user. This vulnerability specifically exists in the handling of property strings of certain control words in an RTF document. In certain circumstances, these property strings can be written into a memory region which has already been deallocated and heap corruption can occur. iDefense has confirmed that winword.exe file version 11.0.8106.0, as included with a fully patched Microsoft Word 2003 SP2, is vulnerable. Previous versions of Microsoft Word are also likely to be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4203 | | Related CVE(s): | CVE-2007-1202 | | Last Modified: | May 10 05:58:15 2007 |
| MD5 Checksum: | 28fa9f14d32120f6d9bb8a85f0086f5f |
|
| /// File Name: |
sa25173.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various McAfee products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25173/ | | File Size: | 4196 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | 93d94be745fdce41be1aba873b567a2b |
|
| /// File Name: |
secunia-bearshare.txt |
Description:
|
Secunia Research has discovered a vulnerability in BearShare, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. BearShare version 6.0.2.26789 is affected.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4171 | | Related CVE(s): | CVE-2007-0018 | | Last Modified: | May 11 03:48:32 2007 |
| MD5 Checksum: | 1a25c00d76587ffa3f44aab2c375ee2b |
|
| /// File Name: |
glsa-200705-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-20 - Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK and the Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in the Sun JDK and the Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Versions less than 1.4.2.03-r14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4156 | | Related CVE(s): | CVE-2006-6731, CVE-2006-6736, CVE-2006-6737, CVE-2006-6745 | | Last Modified: | May 31 05:25:53 2007 |
| MD5 Checksum: | 000b449b02865f4a4bcf9959e52b5db0 |
|
| /// File Name: |
USN-458-1.txt |
Description:
|
Ubuntu Security Notice 458-1 - A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. Flaws were discovered in MoinMoin's ACL handling for calendars and includes. Unauthorized users would be able to read pages that would otherwise be unavailable to them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4131 | | Related CVE(s): | CVE-2007-2423 | | Last Modified: | May 10 02:56:28 2007 |
| MD5 Checksum: | e218d5152cdd15624a8e2c7f038d9ff1 |
|
| /// File Name: |
sa25123.txt |
Description:
|
Secunia Security Advisory - Several vulnerabilities and weaknesses have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to manipulate certain data, disclose potentially sensitive information, bypass certain security restrictions, or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25123/ | | File Size: | 4102 | | Last Modified: | May 4 17:30:32 2007 |
| MD5 Checksum: | aeed846ed5112aa58e7b69f851588375 |
|
| /// File Name: |
sa25095.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for qemu. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25095/ | | File Size: | 4095 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | cce878613815f28ac8ca55fe90785480 |
|
| /// File Name: |
sa25027.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for opera. This fixes two vulnerabilities, where one has unknown impacts and the other one can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/25027/ | | File Size: | 4091 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | 1d6f9e8e19d42dc0cbd7724dae5566d9 |
|
| /// File Name: |
sa25178.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25178/ | | File Size: | 4087 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | 2d7c77337885b0afabb2ac001ea01693 |
|
| /// File Name: |
sa23809.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a security issue in various eScan products, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to manipulate certain settings or gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/23809/ | | File Size: | 4078 | | Last Modified: | May 3 01:50:52 2007 |
| MD5 Checksum: | 01302d99b8e70a02b841a23fd3eca3e2 |
|
| /// File Name: |
sa24982.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for aircrack-ng. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24982/ | | File Size: | 4065 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | 860710b833c150eb7e50abc39a53cb5f |
|
| /// File Name: |
05.08.07-2.txt |
Description:
|
iDefense Security Advisory 05.08.07 - Remote exploitation of an input validation error in the handling of AutoFilter records in Excel BIFF8 format spreadsheet files by Microsoft Corp.'s Excel 2003 could allow an attacker to execute arbitrary code in the context of the current user. The AutoFilter feature of Excel allows data not matching a specified criteria to be filtered out. By creating a document containing a specially crafted filter record, an attacker is able to cause an invalid memory access leading to arbitrary code execution. iDefense has confirmed Microsoft Excel 2003 is vulnerable. Previous versions are also likely to be affected. Excel 2007 does not appear to be vulnerable.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4047 | | Related CVE(s): | CVE-2007-1214 | | Last Modified: | May 10 05:57:15 2007 |
| MD5 Checksum: | d27db40fb89a0c701dc0fca564b08c70 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
