Section: .. / 0708-advisories /
| /// File Name: |
MDKSA-2007-161.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause poppler to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6200 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 14 19:46:34 2007 |
| MD5 Checksum: | 1ddfb844a0e010bc390fc82cfa167984 |
|
| /// File Name: |
MDKSA-2007-162.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause kpdf to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 27449 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 16 10:34:59 2007 |
| MD5 Checksum: | 55cf063d551c12a226c033fbf592a01f |
|
| /// File Name: |
MDKSA-2007-163.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause koffice to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16106 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 15 06:09:17 2007 |
| MD5 Checksum: | c03879506124d8aec6fa9fbbf84a69a8 |
|
| /// File Name: |
MDKSA-2007-165.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause cups to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7172 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 16 10:47:55 2007 |
| MD5 Checksum: | 99560061e62852f302dc418de9ecbe74 |
|
| /// File Name: |
MDKSA-2007-166.txt |
Description:
|
Mandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered an off-by-one buffer overflow within rsync. It is not clear if this problem is exploitable, however updates are available to correct the issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3306 | | Related CVE(s): | CVE-2007-4091 | | Last Modified: | Aug 20 03:47:03 2007 |
| MD5 Checksum: | 427c05c108ba9ee5b67aed86140e0fc1 |
|
| /// File Name: |
MDKSA-2007-167-1.txt |
Description:
|
Mandriva Linux Security Advisory - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could possibly cause a denial of service or execute arbitrary code with the user's privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3238 | | Related CVE(s): | CVE-2007-3106, CVE-2007-4029 | | Last Modified: | Aug 21 22:14:33 2007 |
| MD5 Checksum: | c20786b35d77d28552cf809628bf4b16 |
|
| /// File Name: |
MDKSA-2007-167.txt |
Description:
|
Mandriva Linux Security Advisory - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could possibly cause a denial of service or execute arbitrary code with the user's privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6817 | | Related CVE(s): | CVE-2007-3106, CVE-2007-4029 | | Last Modified: | Aug 20 03:48:15 2007 |
| MD5 Checksum: | b4bd12856430c6ad4b005b1447ea5561 |
|
| /// File Name: |
MDKSA-2007-168.txt |
Description:
|
Mandriva Linux Security Advisory - A format string vulnerability in the helptags support in vim allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4980 | | Related CVE(s): | CVE-2007-2953 | | Last Modified: | Aug 22 05:31:06 2007 |
| MD5 Checksum: | c3ef468b317e1dd205b98f09d03ae37f |
|
| /// File Name: |
MDKSA-2007-169.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was discovered in how gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to gdm's unix domain socket.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3064 | | Related CVE(s): | CVE-2007-3381 | | Last Modified: | Aug 23 22:57:06 2007 |
| MD5 Checksum: | f105e8be1501b268010e0ec8fa798cab |
|
| /// File Name: |
MDKSA-2007-170.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5954 | | Related CVE(s): | CVE-2006-4519, CVE-2007-2949, CVE-2007-3741 | | Last Modified: | Aug 24 03:29:59 2007 |
| MD5 Checksum: | 3ee48811019713081fecf6422a0eb892 |
|
| /// File Name: |
MDKSA-2007-171.txt |
Description:
|
Mandriva Linux Security Advisory - Some vulnerabilities have been discovered and corrected in the Linux 2.6 kernel.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9877 | | Related CVE(s): | CVE-2006-5755, CVE-2006-7203, CVE-2007-1496, CVE-2007-1497, CVE-2007-1861, CVE-2007-2172, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876 | | Last Modified: | Aug 29 06:36:35 2007 |
| MD5 Checksum: | 02cc4798552436a0a839fc77777adec4 |
|
| /// File Name: |
minimofirefox.txt |
Description:
|
Minimo version 0.2 and below and Firefox 2.0.0.6 suffer from an abuse vulnerability in their password manager feature.
| | Author: | Seth Fogie | | Homepage: | http://www.airscanner.com | | File Size: | 4458 | | Last Modified: | Aug 8 08:33:47 2007 |
| MD5 Checksum: | 39f2cf54e87ed4ee6ec40272a72b0097 |
|
| /// File Name: |
mplayer11.txt |
Description:
|
Microsoft Media Player 11 on Win XP SP2 suffers from a denial of service condition when handling a specially crafted .au file.
| | Author: | Abed Adonis | | Homepage: | http://www.safehack.com/ | | File Size: | 5016 | | Last Modified: | Aug 9 02:55:29 2007 |
| MD5 Checksum: | b6ab386592e7a8e53ffb3adc1ca29185 |
|
| /// File Name: |
MU-200708-01.txt |
Description:
|
A remote heap overflow condition in Real Helix's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of an RTSP command with multiple 'Require' headers. Versions prior to 11.1.4 are affected.
| | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 2051 | | Last Modified: | Aug 25 21:12:26 2007 |
| MD5 Checksum: | 67fe2b2e68e92eda812d78c24dcbd78f |
|
| /// File Name: |
multi-vulns.txt |
Description:
|
Windows Calendar (Vista) ICS file handling suffers from a denial of service vulnerability. Toolbar suffers from multiple vulnerabilities. OpenOffice version 2.2 suffers from a denial of service vulnerability when handling multiple file extensions.
| | Author: | Michal Bucko | | Homepage: | http://www.eleytt.com/ | | File Size: | 5729 | | Last Modified: | Aug 8 09:08:45 2007 |
| MD5 Checksum: | 7fab78447f051e2bad6df0cfd775b884 |
|
| /// File Name: |
n.runs-SA-2007.025.txt |
Description:
|
A remote exploitable vulnerability exists in clamav-milter when used with sendmail due to an insecure call to popen(). ClamAV versions prior to 0.91.2 are affected.
| | Author: | Nikolaos Rangos | | Homepage: | http://www.nruns.com/ | | File Size: | 3027 | | Last Modified: | Aug 25 20:59:46 2007 |
| MD5 Checksum: | e2590c3ab6651e4eb81d85e33b4a03ff |
|
| /// File Name: |
n.runs-SA-2007.026.txt |
Description:
|
A remotely exploitable vulnerability has been discovered in the file parsing engine of Sophos AntiVirus versions prior to 2.48.0. The bug exists during the file parsing of GZIP packed files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3336 | | Last Modified: | Aug 25 21:08:49 2007 |
| MD5 Checksum: | 6d3d292b053123433e13560f96dea207 |
|
| /// File Name: |
n.runs-SA-2007.027.txt |
Description:
|
A remotely exploitable vulnerability has been discovered in the file parsing engine of Sophos AntiVirus versions prior to 2.48.0. The bug exists during the file parsing of UPX packed files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3290 | | Last Modified: | Aug 25 21:09:38 2007 |
| MD5 Checksum: | b0835afbe5caf8f5efb6789787aef3df |
|
| /// File Name: |
neuron-bypass.txt |
Description:
|
Neuron Blog version 1.1 suffers from administrative bypass and remote file upload vulnerabilities.
| | Author: | Rizgar | | File Size: | 1574 | | Last Modified: | Aug 14 05:36:47 2007 |
| MD5 Checksum: | cd2bc3b7fdeed7d2fa3fd4acbb1c8d2a |
|
| /// File Name: |
NGS-cvpnd.txt |
Description:
|
NGS has discovered a local privilege escalation vulnerability in the Cisco VPN client. Versions below 5.0.01.0600 are affected.
| | Author: | Dominic Beecher | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 4035 | | Last Modified: | Aug 17 07:45:46 2007 |
| MD5 Checksum: | 2a2d3b20b94c9d2a58e8b903bfeab3bf |
|
| /// File Name: |
NS-072307-XSS.pdf |
Description:
|
A cross site scripting vulnerability existed in http://research.microsoft.com/. This has been fixed.
| | Author: | Amish Shah | | Homepage: | http://net-square.com/ | | File Size: | 94432 | | Last Modified: | Aug 31 18:53:10 2007 |
| MD5 Checksum: | 9956c839a73047e0ea608902bdcd1dc1 |
|
| /// File Name: |
NSFOCUS-0701.txt |
Description:
|
The NSFocus Security Team has discovered a memory corruption vulnerability in Internet Explorer 5 that allows arbitrary code execution when parsing a malicious CSS file.
| | Author: | Hu Qianwei | | Homepage: | http://www.nsfocus.com/ | | File Size: | 2650 | | Related CVE(s): | CVE-2007-0943 | | Last Modified: | Aug 16 10:40:38 2007 |
| MD5 Checksum: | 78b66138c5a9c2f8b17a6c7accc0ccf0 |
|
| /// File Name: |
nullsoftwinamp-dos.txt |
Description:
|
Nullsoft's Winamp Lite versions 5.35 and below suffer from a denial of service condition.
| | Author: | destructor, nait | | File Size: | 5714 | | Last Modified: | Aug 1 02:42:23 2007 |
| MD5 Checksum: | 22aa002b26d39874f531c9e80a058aaa |
|
| /// File Name: |
olate-bypass.txt |
Description:
|
Olate Download version 3.4.1 suffers from an authentication bypass vulnerability in admin.php.
| | Author: | imei addmimistrator | | Homepage: | http://myimei.com/ | | File Size: | 1593 | | Last Modified: | Aug 17 07:56:15 2007 |
| MD5 Checksum: | 9cc0fc74d7fbd26518b8dcf63db8bd78 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
