Section: .. / 0708-advisories /
| /// File Name: |
dsa-1348-1.txt |
Description:
|
Debian Security Advisory 1348-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
| | Homepage: | http://www.debian.org/security | | File Size: | 14745 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 09:05:49 2007 |
| MD5 Checksum: | c29f5ddaed452ea9e3bf1f8e5ae1bd15 |
|
| /// File Name: |
dsa-1349-1.txt |
Description:
|
Debian Security Advisory 1349-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. libextractor includes a copy of the xpdf code and required an update as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 8753 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 09:17:12 2007 |
| MD5 Checksum: | 4e547b20a0fce299ec88f2efd0304a27 |
|
| /// File Name: |
dsa-1350-1.txt |
Description:
|
Debian Security Advisory 1350-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. tetex-bin includes a copy of the xpdf code and required an update as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 9195 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 09:28:34 2007 |
| MD5 Checksum: | cad9e69d6d7884146a02903695c20b11 |
|
| /// File Name: |
dsa-1351-1.txt |
Description:
|
Debian Security Advisory 1351-1 - Tavis Ormandy discovered that bochs, a highly portable IA-32 PC emulator, is vulnerable to a buffer overflow in the emulated NE2000 network device driver, which may lead to privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 27508 | | Related CVE(s): | CVE-2007-2893 | | Last Modified: | Aug 8 10:02:47 2007 |
| MD5 Checksum: | b355f33b1d184bfa2fc585b248dcfb59 |
|
| /// File Name: |
dsa-1352-1.txt |
Description:
|
Debian Security Advisory 1352-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. pdfkit.framework includes a copy of the xpdf code and required an update as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 5172 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 10:03:21 2007 |
| MD5 Checksum: | 3cabb4059d5c1c5a9dee2614e03a023a |
|
| /// File Name: |
dsa-1353-1.txt |
Description:
|
Debian Security Advisory 1353-1 - It was discovered that an integer overflow in the BGP dissector of tcpdump, a powerful tool for network monitoring and data acquisition, may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 7350 | | Related CVE(s): | CVE-2007-3798 | | Last Modified: | Aug 14 02:35:58 2007 |
| MD5 Checksum: | ea0580ab837c6465107dbc49ab891f73 |
|
| /// File Name: |
dsa-1354-1.txt |
Description:
|
Debian Security Advisory 1354-1 - It was discovered that an integer overflow in xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. gpdf includes a copy of the xpdf code and requires an update as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 4892 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 14 05:56:53 2007 |
| MD5 Checksum: | 384f933d79e8b6c3baa52f221484a866 |
|
| /// File Name: |
dsa-1355-1.txt |
Description:
|
Debian Security Advisory 1355-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. kpdf includes a copy of the xpdf code and required an update as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 79455 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 14 05:57:55 2007 |
| MD5 Checksum: | 91a396238a3cacdc49e9df321b4f2d15 |
|
| /// File Name: |
dsa-1357-1.txt |
Description:
|
Debian Security Advisory 1357-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. koffice includes a copy of the xpdf code and required an update as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 27108 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 20 03:50:30 2007 |
| MD5 Checksum: | 205d12d4ce1b7d0eb7e1dca887c5f079 |
|
| /// File Name: |
dsa-1359-1.txt |
Description:
|
Debian Security Advisory 1359-1 - It was discovered that dovecot, a secure mail server that supports mbox and maildir mailboxes, when configured to use non-system-user spools and compressed folders, may allow directory traversal in mailbox names.
| | Homepage: | http://www.debian.org/security | | File Size: | 8016 | | Related CVE(s): | CVE-2007-2231 | | Last Modified: | Aug 29 06:32:31 2007 |
| MD5 Checksum: | 3792aaa1f9e025b0d53212d5c628ad5e |
|
| /// File Name: |
dsa-1360-1.txt |
Description:
|
Debian Security Advisory 1360-1 - Sebastian Krahmer discovered that rsync, a fast remote file copy program, contains an off-by-one error which might allow remote attackers to execute arbitrary code via long directory names.
| | Homepage: | http://www.debian.org/security | | File Size: | 4596 | | Related CVE(s): | CVE-2007-4091 | | Last Modified: | Aug 29 06:33:45 2007 |
| MD5 Checksum: | 16831192015d1de8b4117eff0870d5ef |
|
| /// File Name: |
dsa-1361-1.txt |
Description:
|
Debian Security Advisory 1361-1 - It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly bounds-test incoming SMTP commands potentially allowing the remote exploitation of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4818 | | Related CVE(s): | CVE-2007-3791 | | Last Modified: | Aug 30 10:01:42 2007 |
| MD5 Checksum: | 67f04b1d8cd694776f64781a246197ba |
|
| /// File Name: |
dumsdei.txt |
Description:
|
Doomsday versions 1.9.0-beta5.1 and below suffer from buffer overflow and format string vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | dumsdei.zip | | File Size: | 8349 | | Last Modified: | Aug 30 10:15:31 2007 |
| MD5 Checksum: | 3f4767bc7e6e053246ecf8f765f81257 |
|
| /// File Name: |
dynamic-xss.txt |
Description:
|
Dynamic Picture Frame is susceptible to a cross site scripting vulnerability.
| | Author: | Josh Morin | | File Size: | 522 | | Last Modified: | Aug 28 04:18:30 2007 |
| MD5 Checksum: | 626654db2637a97b19df70bf8b8644e7 |
|
| /// File Name: |
EEYE-META.txt |
Description:
|
eEye Digital Security has discovered a heap overflow vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows metafiles. If an application attempts to display a malicious metafile in a particular way, a heap overflow will occur and result in the execution of arbitrary code, with the privileges of the user who ran the application.
| | Author: | Yuji Ukai | | Homepage: | http://www.eeye.com/ | | File Size: | 3545 | | Last Modified: | Aug 15 05:52:25 2007 |
| MD5 Checksum: | 9e707c6278e188ec419fcf7199605bd1 |
|
| /// File Name: |
EEYE-VGX.txt |
Description:
|
eEye Digital Security has discovered a heap overflow vulnerability in VGX.DLL's processing of compressed content referenced from VML. VGX.DLL is the Microsoft component responsible for rendering VML (Vector Markup Language) within Internet Explorer.
| | Author: | Ben Nagy, Derek Soeder | | Homepage: | http://www.eeye.com/ | | File Size: | 4904 | | Last Modified: | Aug 15 05:51:30 2007 |
| MD5 Checksum: | fea740cde6f8973d252aea667a630098 |
|
| /// File Name: |
enterprisedb-pointer.txt |
Description:
|
EnterpriseDB Advanced Server version 8.2 suffers from an uninitialized pointer vulnerability that may allow for remote code execution.
| | Author: | Joxean Koret | | File Size: | 3616 | | Last Modified: | Aug 30 09:56:13 2007 |
| MD5 Checksum: | da54cbb2e122235868424854d9d11ac9 |
|
| /// File Name: |
exv2decms.txt |
Description:
|
eXV2.de CMS versions 2.0.5 and below suffer from a cross site scripting vulnerability via an improperly sanitized cookie.
| | Author: | n-tier | | Homepage: | http://www.i-s-o.org/ | | File Size: | 1515 | | Last Modified: | Aug 14 05:38:50 2007 |
| MD5 Checksum: | 47c378c339ca2bc7258de4e40a417a83 |
|
| /// File Name: |
eyeOS-checksum.txt |
Description:
|
eyeOS suffers from a checksum predictability vulnerability.
| | Author: | Andrej Komarov | | File Size: | 4648 | | Last Modified: | Aug 28 04:21:07 2007 |
| MD5 Checksum: | b679667bb4a822fc8e2a149c7b83dba9 |
|
| /// File Name: |
ezphotosales-multi.txt |
Description:
|
EZPhotoSales version 1.9.3 suffers from cross site scripting and php shell upload vulnerabilities.
| | Author: | Seth Fogie | | Homepage: | http://www.airscanner.com | | File Size: | 2428 | | Last Modified: | Aug 8 09:33:46 2007 |
| MD5 Checksum: | cfe5e3a790d009e0a0861f78666dae22 |
|
| /// File Name: |
fileinfo-multi.txt |
Description:
|
Fileinfo version 2.0.9, the lister plugin for Total Commander, suffers from input validation vulnerabilities. Prior versions may also be affected.
| | Author: | Gynvael Coldwind | | File Size: | 3561 | | Last Modified: | Aug 21 22:17:10 2007 |
| MD5 Checksum: | 2803367de07306144f6b3c62e2f01195 |
|
| /// File Name: |
FreeBSD-SA-07-01.jail.txt |
Description:
|
FreeBSD Security Advisory - Due to the lack of handling of potential symbolic links the host's jail rc.d(8) script is vulnerable to "symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 8186 | | Related CVE(s): | CVE-2007-0166 | | Last Modified: | Aug 8 06:59:47 2007 |
| MD5 Checksum: | 91c3bba6bc61df9f97171190e093fef4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
