Section: .. / 0706-advisories /
| /// File Name: |
SYM07-012.txt |
Description:
|
Symantec Security Advisory - Files created by a Reporting Server may be accessible to an unauthorized user.
| | Author: | Ertunga Arsal | | Homepage: | http://www.symantec.com/ | | File Size: | 4052 | | Related CVE(s): | CVE-2007-3021 | | Last Modified: | Jun 7 02:06:31 2007 |
| MD5 Checksum: | 39d2e38125f383b441c4affa80337add |
|
| /// File Name: |
06.12.07-1.txt |
Description:
|
iDefense Security Advisory 06.12.07 - Remote exploitation of an invalid memory access vulnerability in various Microsoft products, including Internet Explorer, while creating certain COM objects may allow an attacker to execute arbitrary code. When creating certain COM objects in Internet Explorer, memory corruption can occur, which may allow an attacker to execute arbitrary code. When calling the IObjectSafety function, uninitialized memory is accessed in a way that can allow code execution to occur. The IObjectSafety function is used by COM objects to determine if an object is safe to load in a particular context. iDefense confirmed the existence of this vulnerability using Internet Explorer 6 on Windows XP SP2 and Windows Server 2000 SP4. Although Windows Server 2003 contains an affected version, the Enhanced Security Configuration mitigates exposure to this vulnerability. Microsoft reports that Internet Explorer 7 is not affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4017 | | Related CVE(s): | CVE-2007-0218 | | Last Modified: | Jun 12 21:31:51 2007 |
| MD5 Checksum: | 0d736098f00a2d86c0569d008d377a9a |
|
| /// File Name: |
TA07-151A.txt |
Description:
|
Technical Cyber Security Alert TA07-151A - The Mozilla web browser and derived products contain several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3962 | | Last Modified: | Jun 6 18:35:44 2007 |
| MD5 Checksum: | 41d2ea34cf7de2fee6e21671e3c26969 |
|
| /// File Name: |
orkut-mgmt.txt |
Description:
|
Orkut fails to expire or disable the session associated with the 'orkut_state' cookie when the user logs out or fails to authenticate himself during a session.
| | Author: | Susam Pal, Vipul Agarwal | | Homepage: | http://susam.in/ | | File Size: | 3904 | | Last Modified: | Jun 26 17:36:28 2007 |
| MD5 Checksum: | ebca9200ec76ca4d7f8e208ea9705875 |
|
| /// File Name: |
06.21.07-1.txt |
Description:
|
iDefense Security Advisory 06.21.07 - Remote exploitation of multiple heap overflow vulnerabilities in Ingres Database Server as distributed with Computer Associates International Inc.'s (CA) products may allow attackers to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in Ingres Database 3.0.3 as included with CA eTrust Secure Content Manager r8 on Windows. Previous versions may also be affected. In addition, any application that uses the Ingres Database may be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3897 | | Related CVE(s): | CVE-2007-3334 | | Last Modified: | Jun 26 16:06:58 2007 |
| MD5 Checksum: | e033fbe06445e035163720fa22acc31b |
|
| /// File Name: |
06.14.07-1.txt |
Description:
|
iDefense Security Advisory 06.14.07 - Remote exploitation of an input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting (XSS) attack. The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted. iDefense has confirmed the existence of this vulnerability in MyFaces Tomahawk version 1.1.5. Previous versions may also be affected.
| | Author: | Rajat Swarup | | Homepage: | http://www.idefense.com/ | | File Size: | 3774 | | Related CVE(s): | CVE-2007-3101 | | Last Modified: | Jun 14 23:07:45 2007 |
| MD5 Checksum: | e872f4db6ae74a07dc365aa79ad418d6 |
|
| /// File Name: |
fusetalk-sql.txt |
Description:
|
FuseTalk version 2.0 suffers from a SQL injection vulnerability.
| | Author: | Charles H. Kim | | File Size: | 3715 | | Last Modified: | Jun 20 00:27:18 2007 |
| MD5 Checksum: | 4e99df24fc4578088e34bba914c63324 |
|
| /// File Name: |
AS07062901.txt |
Description:
|
Airscanner Mobile Security Advisory - FlexiSpy.com's user administration web application contains a critical bug that allows anyone to view anyone else's captured voice, SMS, email, or location.
| | Author: | Seth Fogie | | Homepage: | http://www.airscanner.com | | File Size: | 3667 | | Last Modified: | Jun 29 23:02:58 2007 |
| MD5 Checksum: | 74fb23ba69e3f83513553654b75d2f0b |
|
| /// File Name: |
NDSA20070524.txt |
Description:
|
Nth Dimension Security Advisory (NDSA20070524) - The JFFNMS application has high risk issues with its authentication mechanism. These can lead to SQL injection allowing authentication bypass and Javascript injection. There is also a potential backdoor although this is unlikely to be exploitable. The JFFNMS application has default PHP scripts which can lead to information disclosure as an unauthenticated user.
| | Author: | Tim Brown | | Homepage: | http://www.nth-dimension.org.uk/ | | File Size: | 3665 | | Last Modified: | Jun 10 20:48:10 2007 |
| MD5 Checksum: | 8ba0bfa90bad93ca9fdbd752844bbe86 |
|
| /// File Name: |
06.05.07-1.txt |
Description:
|
iDefense Security Advisory 06.05.07 - Remote exploitation of multiple denial of service vulnerabilities in Symantec Corp.'s Ghost could allow remote attackers to crash the Ghost service. These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively. By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference. This condition can be caused by any of several unique requests. In each case, the particular cause for the access violation varies. iDefense confirmed the existence of these vulnerabilities using Symantec Ghost version 8.0.992 (as supplied with Ghost Solution Suite). Other versions may be vulnerable as well.
| | Author: | Pravus | | Homepage: | http://www.idefense.com/ | | File Size: | 3657 | | Last Modified: | Jun 7 03:01:21 2007 |
| MD5 Checksum: | 53a57d6339bb6433560202f42206587e |
|
| /// File Name: |
MDKSA-2007-117.txt |
Description:
|
Mandriva Linux Security Advisory - lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3503 | | Related CVE(s): | CVE-2007-2030 | | Last Modified: | Jun 7 02:42:12 2007 |
| MD5 Checksum: | 5b301778c715d84384ed44f8ff4f76a7 |
|
| /// File Name: |
MDKSA-2007-135.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple cross site scripting vulnerabilities were discovered in pam_login.cgi in webmin prior to version 1.350, which could allow a remote attacker to inject arbitrary web scripts or HTML.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3379 | | Related CVE(s): | CVE-2007-3156 | | Last Modified: | Jun 26 17:46:05 2007 |
| MD5 Checksum: | ca5a4ca83594aaf21023b540f65d8435 |
|
| /// File Name: |
ZDI-07-037.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in routines responsible for the on-demand installation of Internet Explorer language packs. A race condition may occur when a web page contains several pieces of content written in a language not currently supported by any of the installed language packs. In some cases, this race condition results in exploitable memory corruption that can be leveraged to execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3366 | | Related CVE(s): | CVE-2007-3027 | | Last Modified: | Jun 12 21:26:56 2007 |
| MD5 Checksum: | a0968401dcc420aa0d12a0a9b67b8bd3 |
|
| /// File Name: |
06.12.07-2.txt |
Description:
|
iDefense Security Advisory 06.12.07 - Remote exploitation of an input validation error within version 2.1 of YaBB Forum allows attackers to register with forum Administrator privileges. The problem specifically exists due to insufficient validation when writing to the "vars" file for each user. By setting the values of certain variables to contain certain characters, attackers can elevate their privileges to that of the forum Administrator. iDefense confirmed the existence of this vulnerability within version 2.1 of YaBB Forum.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3330 | | Last Modified: | Jun 12 21:33:20 2007 |
| MD5 Checksum: | 6d920acc6c0d7d8ef9d3e8e10602216c |
|
| /// File Name: |
ZDI-07-034.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists in the parsing of .CAB archives. When a long filename contained in the .CAB is processed by vete.dll an exploitable stack overflow may occur.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3302 | | Related CVE(s): | CVE-2007-2863 | | Last Modified: | Jun 7 02:14:35 2007 |
| MD5 Checksum: | cef1d956fd82ec9a47b70161d2cf255c |
|
| /// File Name: |
MDKSA-2007-134.txt |
Description:
|
Mandriva Linux Security Advisory - xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3165 | | Related CVE(s): | CVE-2007-2654 | | Last Modified: | Jun 26 16:44:28 2007 |
| MD5 Checksum: | 578426dbad18f764f6cd2fd8dd3f751d |
|
| /// File Name: |
glsa-200706-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-07 - Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code using an unrestricted file upload (CVE-2007-1639), cross-site request forgeries using different modules (CVE-2007-1638), and a cross-site scripting attack using unknown vectors (CVE-2007-1576). Versions less than 5.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3159 | | Related CVE(s): | CVE-2007-1575, CVE-2007-1576, CVE-2007-1638, CVE-2007-1639 | | Last Modified: | Jun 21 14:37:43 2007 |
| MD5 Checksum: | 968e9959aa4eb7d59e528a545d790d4b |
|
| /// File Name: |
ZDI-07-038.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw is specifically exposed when a prototype variable points to a table cell and then that table cell is removed. This results in an invalid pointer dereference which can be leveraged to result in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3156 | | Related CVE(s): | CVE-2007-1751 | | Last Modified: | Jun 12 21:28:14 2007 |
| MD5 Checksum: | 887b2592e09075e1f07bb057bbb8bcef |
|
| /// File Name: |
06.18.07-1.txt |
Description:
|
iDefense Security Advisory 06.18.07 - Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. The vulnerability specifically exists due to improper handling of UTF-8 sequences. When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.5.1. Previous versions are suspected to be vulnerable.
| | Author: | blurredlogic.com | | Homepage: | http://www.idefense.com/ | | File Size: | 3090 | | Last Modified: | Jun 20 00:40:08 2007 |
| MD5 Checksum: | 4aa4fa081c88b36634a6a56d03402567 |
|
| /// File Name: |
sa25894.txt |
Description:
|
Secunia Security Advisory - SGI has issued multiple updates for SGI Advanced Linux Environment. These fix some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions or to perform certain actions with escalated privileges, by malicious users to bypass certain security restrictions or to compromise a vulnerable system, and by malicious people to disclose potentially sensitive information, to cause a DoS (Denial of Service), or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25894/ | | File Size: | 3059 | | Last Modified: | Jun 29 20:49:08 2007 |
| MD5 Checksum: | 1aa58daedc145566bdce3042b39eca1d |
|
| /// File Name: |
06.13.07-1.txt |
Description:
|
iDefense Security Advisory 06.13.07 - Remote exploitation of a integer overflow vulnerability in libexif, as included in various vendors' operating system distributions, could allow attackers to crash the process or execute arbitrary code. The problem exists while parsing a tagged image with a large number of Exif components. Applications using this library are susceptible to a heap overflow when an integer overflow is triggered in the exif_data_load_data_entry function. iDefense confirmed the existence of this vulnerability in versions 0.6.13 through 0.6.15 of libexif.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3046 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 14 00:43:10 2007 |
| MD5 Checksum: | ba5c5901b97e512fe7f59298c3d3fee4 |
|
| /// File Name: |
glsa-200706-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-04 - Md Sohail Ahmad from AirTight Networks has discovered a division by zero in the ath_beacon_config() function (CVE-2007-2830). The vendor has corrected an input validation error in the ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() functions(CVE-207-2831), and an input sanitization error when parsing nested 802.3 Ethernet frame lengths (CVE-2007-2829). Versions less than 0.9.3.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3036 | | Related CVE(s): | CVE-2007-2829, CVE-2007-2830, CVE-2007-2831 | | Last Modified: | Jun 12 20:31:03 2007 |
| MD5 Checksum: | 3af3b5a0a95eb9ccb94dcdf88753de7c |
|
| /// File Name: |
ZDI-07-035.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists within the processing of an improperly defined "coffFiles" field in .CAB archives. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3016 | | Related CVE(s): | CVE-2007-2864 | | Last Modified: | Jun 7 02:15:45 2007 |
| MD5 Checksum: | 566251f43a6cf08208def587e465ad08 |
|
| /// File Name: |
dsa-1315-1.txt |
Description:
|
Debian Security Advisory 1315-1 - Thor Larholm discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validation if configured to use Sendmail. This allows the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 3016 | | Related CVE(s): | CVE-2007-3215 | | Last Modified: | Jun 21 14:33:39 2007 |
| MD5 Checksum: | 692f0bc4b19f0e5ec187abf3effdab85 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
