Section: .. / 0803-advisories /
| /// File Name: |
sa27885.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to overwrite arbitrary files or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27885/ | | File Size: | 3491 | | Last Modified: | Mar 3 13:30:08 2008 |
| MD5 Checksum: | 9e2b5d9e26e0b79f43d7f15d5563c960 |
|
| /// File Name: |
dsa-1531-2.txt |
Description:
|
Debian Security Advisory 1531-2 - The previous update for policyd-weight was unfortunately not complete. Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitrary files from the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 3453 | | Last Modified: | Mar 31 16:55:43 2008 |
| MD5 Checksum: | f69ebe8422823d5faa23ca41ef6eb780 |
|
| /// File Name: |
TA08-071A.txt |
Description:
|
Technical Cyber Security Alert TA08-071A - Microsoft has released updates to address vulnerabilities that affect Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components as part of the Microsoft Security Bulletin Summary for March 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3423 | | Last Modified: | Mar 13 00:19:58 2008 |
| MD5 Checksum: | 226d06ea1a47159a754dd82cebb4f921 |
|
| /// File Name: |
sa29320.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Outlook, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29320/ | | File Size: | 3415 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 8327a59b5536559d38df351e534efcf5 |
|
| /// File Name: |
glsa-200803-24-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-24:02 - PCRE contains a buffer overflow vulnerability when processing a character class containing a very large number of characters with codepoints greater than 255. Versions less than 7.6-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3411 | | Related CVE(s): | CVE-2008-0674 | | Last Modified: | Mar 18 21:43:24 2008 |
| MD5 Checksum: | 2e890d70d0956a2904ab3874722f1435 |
|
| /// File Name: |
03.18.08-1.txt |
Description:
|
iDefense Security Advisory 03.18.08 - Remote exploitation of a heap based buffer overflow vulnerability in CUPS, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.5. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3384 | | Related CVE(s): | CVE-2008-0047 | | Last Modified: | Mar 18 22:41:26 2008 |
| MD5 Checksum: | c2e5a25c6026dfd6fb7f133b0d26623e |
|
| /// File Name: |
sa29554.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29554/ | | File Size: | 3365 | | Last Modified: | Mar 27 17:28:31 2008 |
| MD5 Checksum: | 3aee6431cc369f496110ccaca688b994 |
|
| /// File Name: |
glsa-200803-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-20 - Will Drewry (Google Security) reported a vulnerability in the regular expression engine when using back references to capture \0 characters (CVE-2007-4770). He also found that the backtracking stack size is not limited, possibly allowing for a heap-based buffer overflow (CVE-2007-4771). Versions less than 3.8.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3361 | | Related CVE(s): | CVE-2007-4770, CVE-2007-4771 | | Last Modified: | Mar 13 00:54:32 2008 |
| MD5 Checksum: | eaf7de4e9d22e760b2e1a5d10e3173f9 |
|
| /// File Name: |
VMSA-2008-0004.txt |
Description:
|
VMware Security Advisory - An updated service console package for e2fsprogs has been released for ESX Server versions 2.5.5 and 2.5.4.
| | Homepage: | http://www.vmware.com/ | | File Size: | 3342 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Mar 3 17:45:14 2008 |
| MD5 Checksum: | 8e4aad71756e9ab0a3cd93ac097bc1fb |
|
| /// File Name: |
glsa-200803-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-25 - Dovecot uses the group configured via the mail_extra_groups setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape TAB characters in passwords when saving them, which might allow for argument injection in blocking passdbs such as MySQL, PAM or shadow (CVE-2008-1218). Versions less than 1.0.13-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3325 | | Related CVE(s): | CVE-2008-1199, CVE-2008-1218 | | Last Modified: | Mar 18 21:49:51 2008 |
| MD5 Checksum: | 76e43260116a23ea2d999c1d92295e87 |
|
| /// File Name: |
ZDI-08-009.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while checking xml based JNLP files for UTF8 characters. When a user downloads a malicious JNLP file, the data immediately preceding the opening of the xml tag is read into a static buffer. If an overly long key name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3323 | | Related CVE(s): | CVE-2008-1188 | | Last Modified: | Mar 13 01:45:20 2008 |
| MD5 Checksum: | d8d717d09ec7deffd5ccca6cbd673ae4 |
|
| /// File Name: |
sa29612.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in CuteFlow, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29612/ | | File Size: | 3321 | | Last Modified: | Mar 31 20:47:53 2008 |
| MD5 Checksum: | 7384f098ac1b55a7967ab83f1edf1949 |
|
| /// File Name: |
sa29232.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Ruby, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29232/ | | File Size: | 3315 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 095b3147cfb2e93b4485984536f2baa7 |
|
| /// File Name: |
sa29290.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Sun Java Web Console, which can be exploited by malicious people to disclose certain information.
| | Homepage: | http://secunia.com/advisories/29290/ | | File Size: | 3313 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 62ff9a825c91779ffb8b1bae2d003f56 |
|
| /// File Name: |
sa29332.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and a weakness have been reported in Adobe ColdFusion, which can be exploited by malicious people to bypass certain security restrictions and to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29332/ | | File Size: | 3303 | | Last Modified: | Mar 12 20:06:24 2008 |
| MD5 Checksum: | 88c6cba703981aaa35ea3302c9fe2a34 |
|
| /// File Name: |
ZDI-08-008.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. A flaw in this rebuilding process allows the user to specify critical data offsets eventually leading to code execution under the logged in users credentials.
| | Author: | Arnaud Dovi | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3286 | | Related CVE(s): | CVE-2008-0113 | | Last Modified: | Mar 13 00:21:49 2008 |
| MD5 Checksum: | fad9ca3fbd2db4d159a2d0d8c46e7a60 |
|
| /// File Name: |
ZDI-08-010.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while parsing the xml header character encoding attribute. When a user downloads a malicious JNLP file, the charset value is read into a static buffer. If an overly charset name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3284 | | Related CVE(s): | CVE-2008-1188 | | Last Modified: | Mar 13 01:46:04 2008 |
| MD5 Checksum: | 5a74d23adc6e1b3e991f4b6243651b6f |
|
| /// File Name: |
sa29496.txt |
Description:
|
Secunia Security Advisory - Daniel Martin Gomez has reported some vulnerabilities in Elastic Path, which can be exploited by malicious users to disclose sensitive information or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29496/ | | File Size: | 3280 | | Last Modified: | Mar 27 14:33:55 2008 |
| MD5 Checksum: | 93c3b8df56eafa2593b7d8f349c9ee63 |
|
| /// File Name: |
dsa-1517-1.txt |
Description:
|
Debian Security Advisory 1517-1 - Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing.
| | Homepage: | http://www.debian.org/security | | File Size: | 3279 | | Related CVE(s): | CVE-2007-5373 | | Last Modified: | Mar 17 14:30:49 2008 |
| MD5 Checksum: | 9f386c0c1a74afd9d6e15b20adcd5245 |
|
| /// File Name: |
sa29488.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and a security issue have been reported in DotNetNuke, which can be exploited by malicious users to gain escalated privileges or to compromise a vulnerable system, and by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29488/ | | File Size: | 3271 | | Last Modified: | Mar 25 20:09:25 2008 |
| MD5 Checksum: | 947c09d6aa1e00addda852345bf7607e |
|
| /// File Name: |
sa29535.txt |
Description:
|
Secunia Security Advisory - Digital Security Research Group have discovered some vulnerabilities in BolinOS, which can be exploited by malicious people to conduct cross-site scripting attacks and to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29535/ | | File Size: | 3270 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | e2aac28ab8615e6434bce2d27469d17c |
|
| /// File Name: |
dsa-1531-1.txt |
Description:
|
Debian Security Advisory 1531-1 - Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitrary files from the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 3261 | | Last Modified: | Mar 27 14:43:16 2008 |
| MD5 Checksum: | 6556119dc52143adcdf2995ad20f00a1 |
|
| /// File Name: |
dsa-1528-1.txt |
Description:
|
Debian Security Advisory 1528-1 - Peter Huwe and Hanno Boeck discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed for cross site scripting.
| | Homepage: | http://www.debian.org/security | | File Size: | 3253 | | Related CVE(s): | CVE-2007-6205, CVE-2008-0124 | | Last Modified: | Mar 24 18:36:47 2008 |
| MD5 Checksum: | 959f44d15f7d2b0d973b0d31b8c7fcfa |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
