Section: .. / 0708-advisories /
| /// File Name: |
AST-2007-021.txt |
Description:
|
Asterisk Project Security Advisory - Asterisk suffers from a crash vulnerability when passed invalid MIME bodies when using voicemail with IMAP storage.
| | Author: | Mark Michelson | | Homepage: | http://www.asterisk.org/security | | File Size: | 7835 | | Related CVE(s): | CVE-2007-4521 | | Last Modified: | Aug 25 21:18:45 2007 |
| MD5 Checksum: | 93014d535c4f78e94d23d6c9ee447326 |
|
| /// File Name: |
asurabof.txt |
Description:
|
The Asura engine included with Rogue Trooper versions 1.0 and below and Prism: Guard Shield versions 1.1.1.0 and below suffers from a buffer overflow vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | asurabof.zip | | File Size: | 3923 | | Last Modified: | Aug 24 03:25:48 2007 |
| MD5 Checksum: | 6360ebc666d1a85c52df0d4e9e69ed14 |
|
| /// File Name: |
baidu-exec.txt |
Description:
|
The ActiveX control BaiduBar.dll in Baidu Soba suffers from a remote code execution vulnerability
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 4538 | | Last Modified: | Aug 8 07:06:36 2007 |
| MD5 Checksum: | 4539f57d904fff3e42c14587fd32339e |
|
| /// File Name: |
bufferzone-escalate.txt |
Description:
|
BufferZone version 2.5 suffers from denial of service and possible privilege escalation vulnerabilities.
| | Author: | seppi | | File Size: | 1235 | | Last Modified: | Aug 25 21:16:27 2007 |
| MD5 Checksum: | be8d13d3c266ff83afc8a40151115a1a |
|
| /// File Name: |
bugzilla-xss.txt |
Description:
|
Bugzilla versions below 2.20.5 and versions below 3.0.1 are susceptible to input validation and cross site scripting vulnerabilities.
| | Homepage: | http://www.bugzilla.org/ | | File Size: | 3750 | | Last Modified: | Aug 24 23:03:20 2007 |
| MD5 Checksum: | 77205950a1a0eb807d7baf4801e610c1 |
|
| /// File Name: |
bv2x.txt |
Description:
|
Babo Violent 2 versions 2.08.00 and below suffer from multiple vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | bv2x.zip | | File Size: | 3967 | | Last Modified: | Aug 15 06:27:20 2007 |
| MD5 Checksum: | cdc86f19a3b8fc437bf33fa864d86c31 |
|
| /// File Name: |
bypassing-servlet.txt |
Description:
|
OWASP Stinger and Struts servlet input validation filters suffer from a bypass vulnerability.
| | Author: | Meder Kydyraliev | | Homepage: | http://o0o.nu/ | | File Size: | 5613 | | Last Modified: | Aug 14 05:55:50 2007 |
| MD5 Checksum: | 09b2efb70510c9796e3e1b76c2a7ee91 |
|
| /// File Name: |
cisco-sa-20070808-IOS-IPv6-leak.txt |
Description:
|
Cisco Security Advisory - Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected IOS and IOS XR devices, and may also result in a crash of the affected IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.
| | Homepage: | http://www.cisco.com/ | | File Size: | 140548 | | Last Modified: | Aug 9 03:03:58 2007 |
| MD5 Checksum: | cfe453119c8720eb63366e68931530e1 |
|
| /// File Name: |
cisco-sa-20070808-IOS-voice.txt |
Description:
|
Cisco Security Advisory - Multiple voice-related vulnerabilities have been identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities only affect devices running Cisco IOS that have voice services enabled. The only exception is the vulnerability documented as Cisco bug ID CSCsi80102, which also exists on Cisco Unified Communications Manager.
| | Homepage: | http://www.cisco.com/ | | File Size: | 185500 | | Last Modified: | Aug 9 03:06:32 2007 |
| MD5 Checksum: | 96c8d43c208678f5396b6f54691b35a3 |
|
| /// File Name: |
cisco-sa-20070808-scp.txt |
Description:
|
Cisco Security Advisory - The server side of the Secure Copy (SCP) implementation in Cisco Internetwork Operating System (IOS) contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.
| | Homepage: | http://www.cisco.com/ | | File Size: | 35520 | | Last Modified: | Aug 9 03:02:58 2007 |
| MD5 Checksum: | 11d7b0fb83fe8f96ddeb6941737729d1 |
|
| /// File Name: |
cisco-sa-20070815-vpnclient.txt |
Description:
|
Cisco Security Advisory - Two vulnerabilities exist in the Cisco VPN Client for Microsoft Windows that may allow unprivileged users to elevate their privileges to those of the LocalSystem account.
| | Homepage: | http://www.cisco.com/ | | File Size: | 20711 | | Last Modified: | Aug 16 10:43:57 2007 |
| MD5 Checksum: | 6c2a8850eb338fc8f428f12d96e27b35 |
|
| /// File Name: |
cisco-sa-20070829-ccm.txt |
Description:
|
Cisco Security Advisory - Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15768 | | Last Modified: | Aug 30 09:57:42 2007 |
| MD5 Checksum: | d9b5b4521e099a8c191e2a1814f08147 |
|
| /// File Name: |
cisco-sr-20070808-mp.txt |
Description:
|
Cisco Security Response - This is the Cisco PSIRT response to an issue discovered and reported to Cisco by Roger Jefferiss and Rob Pope of SecureTest Ltd, UK regarding cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing.
| | Homepage: | http://www.cisco.com/ | | File Size: | 7742 | | Last Modified: | Aug 9 03:01:46 2007 |
| MD5 Checksum: | edbf0f5753204684b5ed59fa311d5e14 |
|
| /// File Name: |
contentdm-xss.txt |
Description:
|
ContentDM appears to suffer from a cross site scripting vulnerability.
| | Author: | Rhys Phillips | | File Size: | 365 | | Last Modified: | Aug 8 09:00:54 2007 |
| MD5 Checksum: | b25682c0bc8b6b3a4f195e3e80022785 |
|
| /// File Name: |
CVE-2007-3382.txt |
Description:
|
Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle ' characters in cookies.
| | Author: | Mark Thomas | | Homepage: | http://tomcat.apache.org/ | | File Size: | 1199 | | Related CVE(s): | CVE-2007-3382 | | Last Modified: | Aug 14 19:49:55 2007 |
| MD5 Checksum: | e769d1ddacd3998454816444672d0674 |
|
| /// File Name: |
CVE-2007-3384.txt |
Description:
|
Tomcat versions 3.3 through 3.3.2 suffer from a cross site scripting vulnerability.
| | Author: | Tomasz Kuczynski | | Homepage: | http://tomcat.apache.org/ | | File Size: | 1059 | | Related CVE(s): | CVE-2007-3384 | | Last Modified: | Aug 8 07:08:17 2007 |
| MD5 Checksum: | e08a51b467ebfdc1f8018c1438f6b4ba |
|
| /// File Name: |
CVE-2007-3385.txt |
Description:
|
Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle \ characters in cookies.
| | Author: | Mark Thomas | | Homepage: | http://tomcat.apache.org/ | | File Size: | 1116 | | Related CVE(s): | CVE-2007-3385 | | Last Modified: | Aug 14 19:51:00 2007 |
| MD5 Checksum: | 846987ee0b172de5c9ceed8820d4d3e1 |
|
| /// File Name: |
deskpro-inject.txt |
Description:
|
DeskPRO versions 3.0.2 and below suffer from multiple HTML injection vulnerabilities.
| | Author: | Doz | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 2036 | | Last Modified: | Aug 14 19:55:08 2007 |
| MD5 Checksum: | d04763849bcb360522af9ca41540f0fd |
|
| /// File Name: |
drac-ssh.txt |
Description:
|
The SSH daemon embedded on the Dell DRAC4 is susceptible to a remote denial of service condition when being scanned.
| | Author: | ETES GmbH | | Homepage: | http://www.etes.de/ | | File Size: | 7236 | | Last Modified: | Aug 14 05:52:27 2007 |
| MD5 Checksum: | e876a09adfd0da1c650b1bc62b1ba3ae |
|
| /// File Name: |
dsa-1343-1.txt |
Description:
|
Debian Security Advisory 1343-1 - Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 15724 | | Related CVE(s): | CVE-2007-2799 | | Last Modified: | Aug 1 03:03:35 2007 |
| MD5 Checksum: | 4f5c61923795ba855bd5b53b740415b6 |
|
| /// File Name: |
dsa-1344-1.txt |
Description:
|
Debian Security Advisory 1344-1 - "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.
| | Homepage: | http://www.debian.org/security | | File Size: | 9868 | | Related CVE(s): | CVE-2007-3844, CVE-2007-3845 | | Last Modified: | Aug 8 08:41:31 2007 |
| MD5 Checksum: | 1b6b5a0421d7a7c2b6889a9caf645b64 |
|
| /// File Name: |
dsa-1345-1.txt |
Description:
|
Debian Security Advisory 1345-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.
| | Homepage: | http://www.debian.org/security | | File Size: | 28062 | | Related CVE(s): | CVE-2007-3844, CVE-2007-3845 | | Last Modified: | Aug 8 09:03:39 2007 |
| MD5 Checksum: | e81402d558540bbe4e4efe53496addb7 |
|
| /// File Name: |
dsa-1346-1.txt |
Description:
|
Debian Security Advisory 1346-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.
| | Homepage: | http://www.debian.org/security | | File Size: | 15156 | | Related CVE(s): | CVE-2007-3844, CVE-2007-3845 | | Last Modified: | Aug 8 09:04:23 2007 |
| MD5 Checksum: | 169c1a4ce7ca948b6f5c0edb44f93133 |
|
| /// File Name: |
dsa-1347-1.txt |
Description:
|
Debian Security Advisory 1347-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
| | Homepage: | http://www.debian.org/security | | File Size: | 11321 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 09:05:20 2007 |
| MD5 Checksum: | 6e81cd34eb66063cb5d67128be2c9024 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
