Section: .. / 0710-advisories /
| /// File Name: |
webhack.txt |
Description:
|
Latest additions to the Web Hacking Incidents Database (WHID) detailing major recent incidents.
| | Homepage: | http://www.webappsec.org/projects/whid/ | | File Size: | 3586 | | Last Modified: | Oct 22 16:52:27 2007 |
| MD5 Checksum: | c764a798af3d07b29ce37d7debe3ae1e |
|
| /// File Name: |
webroot-dns.txt |
Description:
|
Webroot Desktop Firewall versions 5.5.10.20 and below suffer from a DNS recursion vulnerability.
| | Author: | Komarov Andrej | | Homepage: | http://www.itdefence.ru/ | | File Size: | 1837 | | Last Modified: | Oct 29 15:59:44 2007 |
| MD5 Checksum: | 5ae6500d265b91b0b373b2c94c15a782 |
|
| /// File Name: |
wic1000-null.txt |
Description:
|
World in Conflict versions 1.000 and below suffer from a denial of service vulnerability due to allowing access to a NULL pointer.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 1947 | | Last Modified: | Oct 10 02:18:43 2007 |
| MD5 Checksum: | e5168a17c53e687db9c39bd88f1f5fd9 |
|
| /// File Name: |
xscript-sql.txt |
Description:
|
X-Script GuestBook suffers from a SQL injection vulnerability.
| | Homepage: | http://www.security-news.ws/ | | File Size: | 893 | | Last Modified: | Oct 2 20:16:03 2007 |
| MD5 Checksum: | 513692d846b931846eacb14233789323 |
|
| /// File Name: |
ZDI-07-055.txt |
Description:
|
A vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.dll during the parsing of RPC-level authentication messages. When parsing packets with the authentication type of NTLMSSP and the authentication level of PACKET, an invalid memory dereference can occur if the verification trailer signature is initialized to 0 as opposed to the standard NTLM signature. Successful exploitation crashes the RPC service and subsequently the entire operating system.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3384 | | Related CVE(s): | CVE-2007-2228 | | Last Modified: | Oct 11 00:22:06 2007 |
| MD5 Checksum: | 8bc0b6bda857bf489e188ca6910a1499 |
|
| /// File Name: |
ZDI-07-056.txt |
Description:
|
Multiple vulnerabilities including a stack overflow and some denial of service issues exist in the IBM DB2 Universal Database versions 8.1 and 8.2.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3402 | | Related CVE(s): | CVE-2007-5324 | | Last Modified: | Oct 11 00:24:10 2007 |
| MD5 Checksum: | 7c162f9c28d01305de933fd6f76e4a7e |
|
| /// File Name: |
ZDI-07-057.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firebird SQL server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service fbserver.exe, which binds to TCP port 3050. When processing an overly long request, a stack buffer can be overflowed through a vulnerable call to sprintf() within the function process_packet(). If properly exploited, remote control of the affected system can be attained with SYSTEM credentials.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3203 | | Related CVE(s): | CVE-2007-4992 | | Last Modified: | Oct 11 00:24:54 2007 |
| MD5 Checksum: | b5735efeaeed792730317961bd7ea7bf |
|
| /// File Name: |
ZDI-07-058.txt |
Description:
|
This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. E-Business Suite 11 and 12 are affected.
| | Author: | Joxean Koret | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3304 | | Related CVE(s): | CVE-2007-5766 | | Last Modified: | Oct 31 20:07:11 2007 |
| MD5 Checksum: | 6a128b61e3baa27426a685bf715462aa |
|
| /// File Name: |
ZDI-07-059.txt |
Description:
|
Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of the currently logged in user. The problem lies when copying user supplied data to a stack based buffer without any boundary conditions.
| | Author: | Eric DETOISIEN | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3161 | | Last Modified: | Oct 31 20:08:53 2007 |
| MD5 Checksum: | d3b624150690115c6237f1905a92f447 |
|
| /// File Name: |
ZDI-07-060.txt |
Description:
|
A vulnerability allows remote attackers to access arbitrary files on systems with vulnerable installations of Hewlett-Packard OpenView Radia Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server bound by default to TCP port 3465. Insufficient checks on URLs containing paths such as '~root' allows attackers to access arbitrary files in the underlying OS. Accessing configuration files that contain LDAP and database credentials can lead to further compromise.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3344 | | Related CVE(s): | CVE-2007-5413 | | Last Modified: | Oct 31 20:10:18 2007 |
| MD5 Checksum: | 081c864866913feed72bad6c5a358666 |
|
| /// File Name: |
ZDI-07-061.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's parsing of SWF files. The SWF rendering DLL RealPlayer uses fails to properly handle malformed record headers leading to an exploitable overflow. An attacker could exploit this vulnerability using an ActiveX control {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} and embedding the malicious swf file in the page or by convincing an affected user to directly open a SWF file using RealPlayer. RealPlayer version 10.5 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3607 | | Related CVE(s): | CVE-2007-2263 | | Last Modified: | Oct 31 20:11:35 2007 |
| MD5 Checksum: | aee68c9f10d9fae163e4bcacb449810e |
|
| /// File Name: |
ZDI-07-062.txt |
Description:
|
A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .pls file or visit a malicious web site. The specific flaw exists during the parsing of corrupted playlist files. Malicious corruption causes RealPlayer to call into a static heap address which can be leveraged by an attacker resulting in arbitrary code execution under the context of the logged in user. RealPlayer version 10.5 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3358 | | Related CVE(s): | CVE-2007-4599 | | Last Modified: | Oct 31 20:12:32 2007 |
| MD5 Checksum: | 074f8d8d9055f0f6f4efb9f23aa9e401 |
|
| /// File Name: |
ZDI-07-063.txt |
Description:
|
A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined size field in the RA header. Specifying a large unsigned value data can trigger a heap corruption and further result in arbitrary code execution under the context of the logged in user. RealPlayer version 6.x is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3369 | | Related CVE(s): | CVE-2007-2264 | | Last Modified: | Oct 31 20:15:43 2007 |
| MD5 Checksum: | eb5b90fccb5533e1ccebb7834eb7d15e |
|
| /// File Name: |
ZDI-07-064.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell software which utilize the Novell Client Trust. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Novell Client Trust application, clntrust.exe, which listens by default on UDP port 3024 on Novell client machines. During a validation request, the Client Trust process copies a user-supplied Novell tree name until a wide-character backslash or a NULL is encountered. If neither is found within the data, the process will copy excess data which later overflows a static buffer during a call to wsprintfA. BorderManager version 3.8 is affected.
| | Author: | uvinc | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3126 | | Related CVE(s): | CVE-2007-5767 | | Last Modified: | Oct 31 20:19:23 2007 |
| MD5 Checksum: | b12384a86483796d2e8e69ed87d769bb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
