Section: .. / 0712-advisories /
| /// File Name: |
sa27760.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27760/ | | File Size: | 2981 | | Last Modified: | Dec 10 16:32:21 2007 |
| MD5 Checksum: | fc5f90418d3831ec6d0d2f2cf6796cbb |
|
| /// File Name: |
sa27960.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in HttpLogger, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27960/ | | File Size: | 2505 | | Last Modified: | Dec 10 16:32:21 2007 |
| MD5 Checksum: | d035feef5d6cd4764afb0ba70479b568 |
|
| /// File Name: |
sa27986.txt |
Description:
|
Secunia Security Advisory - S.W.A.T. has discovered a vulnerability in Content Injector, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27986/ | | File Size: | 2525 | | Last Modified: | Dec 10 16:32:21 2007 |
| MD5 Checksum: | 57ee3a7533978cce40b4bda0c5998f30 |
|
| /// File Name: |
sa27990.txt |
Description:
|
Secunia Security Advisory - t0pP8uZz & xprog have reported a vulnerability in DWdirectory, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/27990/ | | File Size: | 2410 | | Last Modified: | Dec 10 16:32:21 2007 |
| MD5 Checksum: | f1b07827d6ea6bc8f71a2cb33339429d |
|
| /// File Name: |
sa27998.txt |
Description:
|
Secunia Security Advisory - SYS 49152 has discovered some vulnerabilities in 3ivx MPEG-4, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27998/ | | File Size: | 2705 | | Last Modified: | Dec 10 16:32:21 2007 |
| MD5 Checksum: | 5ae635ca65d0e8331d92ddd54cce5625 |
|
| /// File Name: |
USN-555-1.txt |
Description:
|
Ubuntu Security Notice 555-1 - Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 43267 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Dec 8 17:37:38 2007 |
| MD5 Checksum: | 2e1b49fcabda668f1da3f8f4598f05d6 |
|
| /// File Name: |
httpfileserver-traverse.txt |
Description:
|
HTTP File Server versions 2.2a and below and 2.3 beta and below suffer form a directory traversal vulnerability in file uploading.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 2003 | | Last Modified: | Dec 7 20:24:38 2007 |
| MD5 Checksum: | 146742abe7e8a4a97e9b3b8e0575afa2 |
|
| /// File Name: |
fireflyz.txt |
Description:
|
Firefly media Server (mt-daapd) versions 2.4.1 and below and SVN versions 1699 and below suffer from directory traversal, authentication bypass, and denial of service vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | fireflyz.zip | | File Size: | 3860 | | Last Modified: | Dec 7 20:21:08 2007 |
| MD5 Checksum: | 4e6960fc67c7550976c4ff69b4e9b708 |
|
| /// File Name: |
efsup.txt |
Description:
|
Easy File Sharing Web Server versions 4.5 and below suffer from upload directory traversal, download of database files, and sensitive file reading vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | efsup.zip | | File Size: | 3268 | | Last Modified: | Dec 7 20:16:48 2007 |
| MD5 Checksum: | 7b8029936acf59c68c58d727e8087c1b |
|
| /// File Name: |
sa27971.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27971/ | | File Size: | 2684 | | Last Modified: | Dec 7 20:13:59 2007 |
| MD5 Checksum: | 9fc78c0a4f9b0837f284a8079a7599c2 |
|
| /// File Name: |
sa27967.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for tetex-bin and texlive-bin. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose and manipulate sensitive information and by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27967/ | | File Size: | 16579 | | Last Modified: | Dec 7 20:13:51 2007 |
| MD5 Checksum: | a8f40851119fdd80a99057aa03701f2c |
|
| /// File Name: |
sa27970.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in IBM HMC, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/27970/ | | File Size: | 2366 | | Last Modified: | Dec 7 20:13:51 2007 |
| MD5 Checksum: | bf4b750470a7590fa54912352d0fc860 |
|
| /// File Name: |
dsa-1422-1.txt |
Description:
|
Debian Security Advisory 1422-1 - Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 33390 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Dec 7 20:12:51 2007 |
| MD5 Checksum: | eee9c81949ab778d13554c837f5bc66c |
|
| /// File Name: |
heimdal-uninit.txt |
Description:
|
Heimdal ftpd versions 0.7.2 and below suffer from an uninitialized vulnerability.
| | Author: | Venustech AD-LAB | | Homepage: | http://www.venustech.com.cn/ | | File Size: | 2187 | | Related CVE(s): | CVE-2007-5939 | | Last Modified: | Dec 7 20:04:35 2007 |
| MD5 Checksum: | a02236fe3029b7ee9a2e10824fdc7764 |
|
| /// File Name: |
CAID-brightstor.txt |
Description:
|
CA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
| | Author: | Dyon Balding, Cocoruder, Tenable Network Security, Pedram Amini, eEye Digital Security, shirkdog | | Homepage: | http://www3.ca.com/ | | File Size: | 7341 | | Related CVE(s): | CVE-2007-5326, CVE-2007-5329, CVE-2007-5327, CVE-2007-5325, CVE-2007-5328, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332 | | Last Modified: | Dec 7 20:03:25 2007 |
| MD5 Checksum: | b570156ca875e160d5434e5fb72b11c5 |
|
| /// File Name: |
R7-0031.txt |
Description:
|
Rapid7 Security Advisory - JFreeChart version 1.0.8 is susceptible to cross site scripting vulnerabilities.
| | Author: | Chad Loder | | Homepage: | http://www.rapid7.com/ | | File Size: | 3174 | | Last Modified: | Dec 7 19:55:53 2007 |
| MD5 Checksum: | 624ac6261db9a1ca5f6984808e5ba952 |
|
| /// File Name: |
ZDI-07-071.txt |
Description:
|
Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard (HP) OpenView Network Node Manager (NNM). Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the CGI applications that handle the management of the NNM server. Due to lack of bounds checking during a call to sprintf(), sending overly long arguments to the various CGI variables result in a classic stack overflow leading to compromise of the remote server. Exploitation leads to code execution running under the credentials of the web server. Further techniques can be leveraged to gain full SYSTEM access. OpenView Network Node Manager versions 7.51 and below are affected.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3372 | | Related CVE(s): | CVE-2007-6204 | | Last Modified: | Dec 7 19:54:09 2007 |
| MD5 Checksum: | 311ceae015110716c8b40553879d3e45 |
|
| /// File Name: |
ZDI-07-070.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Versions below 3.6 Gold are affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3015 | | Related CVE(s): | CVE-2007-5989 | | Last Modified: | Dec 7 19:52:36 2007 |
| MD5 Checksum: | 79876e3be8515d55bca5083fc99177ad |
|
| /// File Name: |
USN-554-1.txt |
Description:
|
Ubuntu Security Notice 554-1 - Bastien Roucaries discovered that dvips as included in tetex-bin and texlive-bin did not properly perform bounds checking. If a user or automated system were tricked into processing a specially crafted dvi file, dvips could be made to crash and execute code as the user invoking the program. Joachim Schrod discovered that the dviljk utilities created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. Joachim Schrod discovered that the dviljk utilities did not perform bounds checking in many instances. If a user or automated system were tricked into processing a specially crafted dvi file, the dviljk utilities could be made to crash and execute code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16925 | | Related CVE(s): | CVE-2007-5937, CVE-2007-5935, CVE-2007-5936 | | Last Modified: | Dec 7 19:43:18 2007 |
| MD5 Checksum: | 66e2a0f3a69dd3a6048a891fe1ea00d3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
