Section: .. / 0710-advisories /
| /// File Name: |
sa27431.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for opera. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27431/ | | File Size: | 2223 | | Last Modified: | Oct 31 22:12:46 2007 |
| MD5 Checksum: | 65c2d22bff07dd9839cdb8d76e5d26a1 |
|
| /// File Name: |
sa26372.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in McAfee E-Business Server, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26372/ | | File Size: | 2648 | | Last Modified: | Oct 31 22:12:35 2007 |
| MD5 Checksum: | 6e01bcd28ab562dae28d61d2aadc134d |
|
| /// File Name: |
sa27421.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in the Hitachi Web Server, which can be exploited by malicious people to bypass certain security restrictions or conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27421/ | | File Size: | 3008 | | Last Modified: | Oct 31 22:12:35 2007 |
| MD5 Checksum: | 3779c93b89c1caaaa8e4d1cd47a63ddc |
|
| /// File Name: |
sa27423.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Mozilla 1.7 for Sun Solaris, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27423/ | | File Size: | 2476 | | Last Modified: | Oct 31 22:12:35 2007 |
| MD5 Checksum: | 95cac8e0eaf2aeb67674e0ff6e3d9251 |
|
| /// File Name: |
sa27434.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27434/ | | File Size: | 2218 | | Last Modified: | Oct 31 22:12:35 2007 |
| MD5 Checksum: | abd3974ca207fecc715dac3d1c9f4410 |
|
| /// File Name: |
ZDI-07-064.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell software which utilize the Novell Client Trust. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Novell Client Trust application, clntrust.exe, which listens by default on UDP port 3024 on Novell client machines. During a validation request, the Client Trust process copies a user-supplied Novell tree name until a wide-character backslash or a NULL is encountered. If neither is found within the data, the process will copy excess data which later overflows a static buffer during a call to wsprintfA. BorderManager version 3.8 is affected.
| | Author: | uvinc | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3126 | | Related CVE(s): | CVE-2007-5767 | | Last Modified: | Oct 31 20:19:23 2007 |
| MD5 Checksum: | b12384a86483796d2e8e69ed87d769bb |
|
| /// File Name: |
sa27441.txt |
Description:
|
Secunia Security Advisory - Apple has acknowledged some vulnerabilities in Apple Xcode, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27441/ | | File Size: | 2617 | | Last Modified: | Oct 31 20:17:02 2007 |
| MD5 Checksum: | d18e5ffdf4cbf990198ea17aaabf05e5 |
|
| /// File Name: |
ZDI-07-063.txt |
Description:
|
A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined size field in the RA header. Specifying a large unsigned value data can trigger a heap corruption and further result in arbitrary code execution under the context of the logged in user. RealPlayer version 6.x is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3369 | | Related CVE(s): | CVE-2007-2264 | | Last Modified: | Oct 31 20:15:43 2007 |
| MD5 Checksum: | eb5b90fccb5533e1ccebb7834eb7d15e |
|
| /// File Name: |
ZDI-07-062.txt |
Description:
|
A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .pls file or visit a malicious web site. The specific flaw exists during the parsing of corrupted playlist files. Malicious corruption causes RealPlayer to call into a static heap address which can be leveraged by an attacker resulting in arbitrary code execution under the context of the logged in user. RealPlayer version 10.5 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3358 | | Related CVE(s): | CVE-2007-4599 | | Last Modified: | Oct 31 20:12:32 2007 |
| MD5 Checksum: | 074f8d8d9055f0f6f4efb9f23aa9e401 |
|
| /// File Name: |
ZDI-07-061.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's parsing of SWF files. The SWF rendering DLL RealPlayer uses fails to properly handle malformed record headers leading to an exploitable overflow. An attacker could exploit this vulnerability using an ActiveX control {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} and embedding the malicious swf file in the page or by convincing an affected user to directly open a SWF file using RealPlayer. RealPlayer version 10.5 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3607 | | Related CVE(s): | CVE-2007-2263 | | Last Modified: | Oct 31 20:11:35 2007 |
| MD5 Checksum: | aee68c9f10d9fae163e4bcacb449810e |
|
| /// File Name: |
ZDI-07-060.txt |
Description:
|
A vulnerability allows remote attackers to access arbitrary files on systems with vulnerable installations of Hewlett-Packard OpenView Radia Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server bound by default to TCP port 3465. Insufficient checks on URLs containing paths such as '~root' allows attackers to access arbitrary files in the underlying OS. Accessing configuration files that contain LDAP and database credentials can lead to further compromise.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3344 | | Related CVE(s): | CVE-2007-5413 | | Last Modified: | Oct 31 20:10:18 2007 |
| MD5 Checksum: | 081c864866913feed72bad6c5a358666 |
|
| /// File Name: |
ZDI-07-059.txt |
Description:
|
Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of the currently logged in user. The problem lies when copying user supplied data to a stack based buffer without any boundary conditions.
| | Author: | Eric DETOISIEN | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3161 | | Last Modified: | Oct 31 20:08:53 2007 |
| MD5 Checksum: | d3b624150690115c6237f1905a92f447 |
|
| /// File Name: |
ZDI-07-058.txt |
Description:
|
This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. E-Business Suite 11 and 12 are affected.
| | Author: | Joxean Koret | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3304 | | Related CVE(s): | CVE-2007-5766 | | Last Modified: | Oct 31 20:07:11 2007 |
| MD5 Checksum: | 6a128b61e3baa27426a685bf715462aa |
|
| /// File Name: |
sa27233.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27233/ | | File Size: | 2613 | | Last Modified: | Oct 31 20:05:47 2007 |
| MD5 Checksum: | b1e37921ad3fcf629f38be5540755646 |
|
| /// File Name: |
sa27412.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Symantec Altiris Deployment Solution, which can be exploited by malicious, local users to disclose potentially sensitive information and gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/27412/ | | File Size: | 2832 | | Last Modified: | Oct 31 20:05:32 2007 |
| MD5 Checksum: | e294228ee555a8545f5c77130108afe2 |
|
| /// File Name: |
sa27451.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/27451/ | | File Size: | 2723 | | Last Modified: | Oct 31 20:05:32 2007 |
| MD5 Checksum: | 8892db07888d36af3f8167cc9d274884 |
|
| /// File Name: |
sa27459.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya CMS and IR, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/27459/ | | File Size: | 2405 | | Last Modified: | Oct 31 20:05:32 2007 |
| MD5 Checksum: | de7bedc42edc6f7d25c1f899231fb129 |
|
| /// File Name: |
sa27464.txt |
Description:
|
Secunia Security Advisory - IBM has acknowledged a vulnerability in WebSphere Application Server Community Edition, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/27464/ | | File Size: | 2386 | | Last Modified: | Oct 31 20:05:32 2007 |
| MD5 Checksum: | 1f62d03b3ca97c1e135ba91171fbb396 |
|
| /// File Name: |
sa27465.txt |
Description:
|
Secunia Security Advisory - IBM has acknowledged a vulnerability in AIX, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/27465/ | | File Size: | 2376 | | Last Modified: | Oct 31 20:05:32 2007 |
| MD5 Checksum: | d91d5280ee0ac96b679a902ed8c9584f |
|
| /// File Name: |
sa27457.txt |
Description:
|
Secunia Security Advisory - L4teral has discovered some vulnerabilities in ILIAS, which can be exploited by malicious users to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/27457/ | | File Size: | 2674 | | Last Modified: | Oct 31 18:18:03 2007 |
| MD5 Checksum: | 54c02b59b499964d36ebb2532bd063ff |
|
| /// File Name: |
sa27410.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27410/ | | File Size: | 2389 | | Last Modified: | Oct 31 18:17:50 2007 |
| MD5 Checksum: | 501846eedb2b415af1989ac9e0bbd397 |
|
| /// File Name: |
sa27448.txt |
Description:
|
Secunia Security Advisory - IBM has acknowledged some vulnerabilities in IBM WebSphere, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
| | Homepage: | http://secunia.com/advisories/27448/ | | File Size: | 2799 | | Last Modified: | Oct 31 18:17:50 2007 |
| MD5 Checksum: | 72cda1a4617ca6c29f74828003039ab7 |
|
| /// File Name: |
sa27461.txt |
Description:
|
Secunia Security Advisory - Skien has reported a vulnerability in AirKiosk, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/27461/ | | File Size: | 2488 | | Last Modified: | Oct 31 18:17:50 2007 |
| MD5 Checksum: | 34ceaa44cd8f4ff26da342d1fa70364a |
|
| /// File Name: |
10.31.07-2.txt |
Description:
|
iDefense Security Advisory 10.31.07 - Remote exploitation of a directory traversal vulnerability in Symantec's Altiris Deployment Solution products could allow attackers to gain read access to arbitrary files hosted on the Altiris server. iDefense confirmed the existence of this vulnerability in Altiris Deployment Solution for Windows version 6.8. The specific vulnerable executable is pxemtftp.exe version 6.8.8297.48.
| | Author: | Manuel Santamarina Suarez | | Homepage: | http://www.idefense.com/ | | File Size: | 3448 | | Related CVE(s): | CVE-2007-3874 | | Last Modified: | Oct 31 14:50:45 2007 |
| MD5 Checksum: | 69c30592d1e81af223bc206a0d0fbd5f |
|
| /// File Name: |
10.31.07-1.txt |
Description:
|
iDefense Security Advisory 10.31.07 - Remote exploitation of an unsafe method vulnerability in Macrovision InstallShield Update Service allows attackers to execute arbitrary code with the privileges of the currently logged-in user. iDefense has confirmed the existence of this vulnerability in versions 5.01.100.47363, and 6.0.100.60146 of Macrovision InstallShield Update Service. Previous versions are also suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4926 | | Related CVE(s): | CVE-2007-5660 | | Last Modified: | Oct 31 14:49:44 2007 |
| MD5 Checksum: | 3addc6c9d8c0ef03f3685cd0202c1a9b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
