Section: .. / 0803-advisories /
| /// File Name: |
TA08-071A.txt |
Description:
|
Technical Cyber Security Alert TA08-071A - Microsoft has released updates to address vulnerabilities that affect Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components as part of the Microsoft Security Bulletin Summary for March 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3423 | | Last Modified: | Mar 13 00:19:58 2008 |
| MD5 Checksum: | 226d06ea1a47159a754dd82cebb4f921 |
|
| /// File Name: |
R7-0032.txt |
Description:
|
Internet Explorer 5 and 6 are vulnerable to a File Transfer Protocol (FTP) CSRF-like command injection attack, whereby an attacker could execute arbitrary commands on an unsuspecting user's authenticated or unauthenticated FTP session.
| | Author: | Derek Abdine | | Homepage: | http://www.rapid7.com/ | | File Size: | 6131 | | Last Modified: | Mar 13 00:11:33 2008 |
| MD5 Checksum: | aeaa9d97f40245e844c59f5f515ba642 |
|
| /// File Name: |
ASPR-2008-03-11-1.txt |
Description:
|
A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible.
| | Author: | Sasa Kos, Mitja Kolsek | | Homepage: | http://www.acrossecurity.com/ | | File Size: | 6623 | | Last Modified: | Mar 12 23:58:12 2008 |
| MD5 Checksum: | 1c0c907c128f61e7c8b5352956944985 |
|
| /// File Name: |
ASPR-2008-03-11-2.txt |
Description:
|
A session fixation vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible.
| | Author: | Mitja Kolsek | | Homepage: | http://www.acrossecurity.com/ | | File Size: | 5672 | | Last Modified: | Mar 12 23:56:39 2008 |
| MD5 Checksum: | dd858b117867e564a338f0a8acb59c59 |
|
| /// File Name: |
SSRT071495.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba). The vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 6570 | | Related CVE(s): | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015 | | Last Modified: | Mar 12 23:50:49 2008 |
| MD5 Checksum: | ce71fdcaa53d0b48c9b5b3619b1f003c |
|
| /// File Name: |
USN-585-1.txt |
Description:
|
Ubuntu Security Notice 585-1 - Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script. A flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 28449 | | Related CVE(s): | CVE-2007-2052, CVE-2007-4965 | | Last Modified: | Mar 12 23:42:17 2008 |
| MD5 Checksum: | 0c7215efe5f82a111877a450bcbf14d0 |
|
| /// File Name: |
acronis-traverse.txt |
Description:
|
Acronis PXE Server versions 2.0.0.1076 and below suffer from directory traversal and null pointer vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | tftpx.zip | | File Size: | 2247 | | Last Modified: | Mar 12 23:38:49 2008 |
| MD5 Checksum: | cad516eaa27415cd38d03b2280da3ceb |
|
| /// File Name: |
pt360-dos.txt |
Description:
|
The pt360 Tool Suite Pro versions 2.0.3901.0 and below suffer from a denial of service vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | tftpx.zip | | File Size: | 2820 | | Last Modified: | Mar 12 23:37:50 2008 |
| MD5 Checksum: | 42c6a1239b56b98765a4b0754a58cb5d |
|
| /// File Name: |
tftpx.txt |
Description:
|
Argon Client Management Services versions 1.31 and below suffer from a directory traversal vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | tftpx.zip | | File Size: | 1787 | | Last Modified: | Mar 12 23:21:17 2008 |
| MD5 Checksum: | e7a43b55e2c7a3ac47c2d1acb831da28 |
|
| /// File Name: |
timbuto.txt |
Description:
|
Timbuktu Pro Remote Control Software version 8.6.5 and below suffer from denial of service and limited upload directory traversal vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | timbuto.zip | | File Size: | 2500 | | Last Modified: | Mar 12 23:16:43 2008 |
| MD5 Checksum: | 763cb9596fc1721e8f2c2d09cb1741d0 |
|
| /// File Name: |
acronis-null.txt |
Description:
|
Acronis True Image Windows Agent versions 1.0.0.54 and below suffer from a null pointer vulnerability. Put ??????? in a file and nc SERVER 9876 -v -v < file.txt to test for a demonstration of the vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 1951 | | Last Modified: | Mar 12 22:59:39 2008 |
| MD5 Checksum: | 9247c779480d007e0ae9c58d8c9367c1 |
|
| /// File Name: |
glsa-200803-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-17 - poplix reported multiple boundary errors in the pdc_fsearch_fopen() function when processing overly long filenames. Versions less than 7.0.2_p8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2805 | | Related CVE(s): | CVE-2007-6561 | | Last Modified: | Mar 12 20:31:55 2008 |
| MD5 Checksum: | c71644cbb11aa3d599ea1998b544e571 |
|
| /// File Name: |
03.10.08-2.txt |
Description:
|
iDefense Security Advisory 03.10.08 - Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on both Linux and Solaris. Other versions for Unix-like systems are suspected to be vulnerable. Windows releases do not include the "sdbstarter" program.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3745 | | Related CVE(s): | CVE-2008-0306 | | Last Modified: | Mar 12 20:31:09 2008 |
| MD5 Checksum: | c5facadf7226394a03672061b153254b |
|
| /// File Name: |
03.10.08-1.txt |
Description:
|
iDefense Security Advisory 03.10.08 - Remote exploitation of a signedness error in the "vserver" component of SAP AG's MaxDB could allow attackers to execute arbitrary code. After accepting a connection, the "vserver" process forks and reads parameters from the client into various structures. When doing so, it trusts values sent from the client to be valid. By sending a specially crafted request, an attacker can cause heap corruption. This leads to a potentially exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on Linux. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3866 | | Related CVE(s): | CVE-2008-0307 | | Last Modified: | Mar 12 20:29:44 2008 |
| MD5 Checksum: | 052ff389d8811e4398c4bd663563772f |
|
| /// File Name: |
realplayer-activex.txt |
Description:
|
The Real Networks RealPlayer ActiveX controller appears to suffer from a heap corruption vulnerability.
| | Author: | Elazar Broad | | File Size: | 1605 | | Last Modified: | Mar 12 20:28:29 2008 |
| MD5 Checksum: | e3deff0c9f224a77d42d8d83eb5fec3a |
|
| /// File Name: |
f5console-xss.txt |
Description:
|
The F5 BIG-IP web management console is susceptible to a persistent cross site scripting vulnerability.
| | Author: | nnposter | | File Size: | 1289 | | Last Modified: | Mar 12 20:21:40 2008 |
| MD5 Checksum: | a88f29039406b76fe930de6bdcb83863 |
|
| /// File Name: |
sa29349.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities are reported in IBM AIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information, or to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/29349/ | | File Size: | 4601 | | Last Modified: | Mar 12 20:06:54 2008 |
| MD5 Checksum: | e06b929774548f707f7ab1610f9f9b0d |
|
| /// File Name: |
sa29288.txt |
Description:
|
Secunia Security Advisory - t0pP8uZz & xprog have discovered a vulnerability in QuickTalk forum, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29288/ | | File Size: | 2294 | | Last Modified: | Mar 12 20:06:24 2008 |
| MD5 Checksum: | b47dead369a5e1e55d3927d330cb5a90 |
|
| /// File Name: |
sa29330.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Form Designer and Form Client, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29330/ | | File Size: | 2698 | | Last Modified: | Mar 12 20:06:24 2008 |
| MD5 Checksum: | 88e58f3f3f107ac3d590cb62a3d55585 |
|
| /// File Name: |
sa29331.txt |
Description:
|
Secunia Security Advisory - Dave Lewis has reported a vulnerability in Adobe LiveCycle Workflow, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29331/ | | File Size: | 2469 | | Last Modified: | Mar 12 20:06:24 2008 |
| MD5 Checksum: | d09c2e552d44b594850a57e427fa35bd |
|
| /// File Name: |
sa29332.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and a weakness have been reported in Adobe ColdFusion, which can be exploited by malicious people to bypass certain security restrictions and to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29332/ | | File Size: | 3303 | | Last Modified: | Mar 12 20:06:24 2008 |
| MD5 Checksum: | 88c6cba703981aaa35ea3302c9fe2a34 |
|
| /// File Name: |
sa29333.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for icu. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29333/ | | File Size: | 2066 | | Last Modified: | Mar 12 20:06:24 2008 |
| MD5 Checksum: | dc3a9c1c02d46b30b7927205dbab4de5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
