Section: .. / 0707-advisories /
| /// File Name: |
CYBSEC-tipping.txt |
Description:
|
CYBSEC Security Advisory - The TippingPoint IPS suffers from a bypass vulnerability. TippingPoint IPS systems running TOS versions 2.1.x, 2.2.x prior to 2.2.5, and 2.5.x prior to 2.5.2 are affected.
| | Author: | Andres Riancho | | Homepage: | http://www.cybsec.com/ | | File Size: | 2950 | | Last Modified: | Jul 12 03:30:18 2007 |
| MD5 Checksum: | 57b238da59f1d719d56fd6d96d8b000a |
|
| /// File Name: |
docuwiki-xss.txt |
Description:
|
DocuWiki versions 2007-06-26 and below suffer from a cross site scripting vulnerability.
| | Author: | Cyrill Brunschwiler | | Homepage: | http://www.csnc.ch/ | | File Size: | 2682 | | Last Modified: | Jul 20 08:25:43 2007 |
| MD5 Checksum: | 15a5ce6fa749f6679f8730fa4c1f8de0 |
|
| /// File Name: |
DRUPAL-SA-2007-017.txt |
Description:
|
Drupal security advisory - Several parts in Drupal core are not protected against cross site request forgeries due to improper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a privileged users to visit certain URLs while the victim is logged-in to the targeted site. Drupal versions 5.x below 5.2 are affected.
| | Author: | Heine Deelstra | | Homepage: | http://drupal.org/security | | File Size: | 1786 | | Last Modified: | Jul 31 08:06:12 2007 |
| MD5 Checksum: | b734838a39dd108a42a7f302a14031cf |
|
| /// File Name: |
DRUPAL-SA-2007-018.txt |
Description:
|
Drupal security advisory - Drupal versions 4.7.x before version 4.7.7 and 5.x versions before version 5.2 suffer from cross site scripting vulnerabilities.
| | Author: | Heine Deelstra | | Homepage: | http://drupal.org/security | | File Size: | 2971 | | Last Modified: | Jul 31 08:08:42 2007 |
| MD5 Checksum: | 14ed81a89851a22a0c0d2354917b0018 |
|
| /// File Name: |
dsa-1326-1.txt |
Description:
|
Debian Security Advisory 1326-1 - Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitrary files from the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 16049 | | Related CVE(s): | CVE-2007-2837 | | Last Modified: | Jul 1 23:08:31 2007 |
| MD5 Checksum: | 042fd10a27232d409a6bae3fd18d9030 |
|
| /// File Name: |
dsa-1327-1.txt |
Description:
|
Debian Security Advisory 1327-1 - Steve Kemp from the Debian Security Audit project discovered that gsambad, a GTK+ configuration tool for samba, uses temporary files in an unsafe manner which may be exploited to truncate arbitrary files from the local system.
| | Homepage: | http://www.debian.org/security | | File Size: | 4586 | | Related CVE(s): | CVE-2007-2838 | | Last Modified: | Jul 1 23:10:01 2007 |
| MD5 Checksum: | f20aefeef139899c4b2f1e2d981acb5a |
|
| /// File Name: |
dsa-1328-1.txt |
Description:
|
Debian Security Advisory 1328-1 - Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4786 | | Related CVE(s): | CVE-2007-2835 | | Last Modified: | Jul 1 23:11:21 2007 |
| MD5 Checksum: | e1be834a44c2f4bf8691d003a8d8c104 |
|
| /// File Name: |
dsa-1329-1.txt |
Description:
|
Debian Security Advisory 1329-1 - Steve Kemp from the Debian Security Audit project discovered that gfax, a GHOME frontend for fax programs, uses temporary files in an unsafe manner which may be exploited to execute arbitrary commands with the privileges of the root user.
| | Homepage: | http://www.debian.org/security | | File Size: | 4244 | | Related CVE(s): | CVE-2007-2839 | | Last Modified: | Jul 7 07:30:34 2007 |
| MD5 Checksum: | 158302df130286d8ef486084f519bdd0 |
|
| /// File Name: |
dsa-1330-1.txt |
Description:
|
Debian Security Advisory 1330-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. Stefan Esser discovered that a buffer overflow in the zip extension allows the execution of arbitrary code. It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 40420 | | Related CVE(s): | CVE-2007-1864, CVE-2007-1399 | | Last Modified: | Jul 10 02:49:35 2007 |
| MD5 Checksum: | 9cf0c0cd8ed25af5fed88d4f4798e07a |
|
| /// File Name: |
dsa-1331-1.txt |
Description:
|
Debian Security Advisory 1331-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. Stefan Esser discovered HTTP response splitting vulnerabilities in the session extension. This only affects Debian 3.1 (Sarge). Stefan Esser discovered that an integer overflow in memory allocation routines allows the bypass of memory limit restrictions. This only affects Debian 3.1 (Sarge) on 64 bit architectures. It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 66494 | | Related CVE(s): | CVE-2006-0207, CVE-2006-4486, CVE-2007-1864 | | Last Modified: | Jul 10 02:51:21 2007 |
| MD5 Checksum: | 7da389efe8f7c6225ce535d725b591d5 |
|
| /// File Name: |
dsa-1332-1.txt |
Description:
|
Debian Security Advisory 1332-1 - Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 60023 | | Related CVE(s): | CVE-2007-3316, CVE-2007-3467 | | Last Modified: | Jul 10 05:06:10 2007 |
| MD5 Checksum: | 6f23ba24753c08132b3b0efa48c000a4 |
|
| /// File Name: |
dsa-1333-1.txt |
Description:
|
Debian Security Advisory 1333-1 - It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates.
| | Homepage: | http://www.debian.org/security | | File Size: | 12557 | | Related CVE(s): | CVE-2007-3564 | | Last Modified: | Jul 19 05:20:26 2007 |
| MD5 Checksum: | 4f8fae878f598eb9ea98c3a5cbe27c1d |
|
| /// File Name: |
dsa-1334-1.txt |
Description:
|
Debian Security Advisory 1334-1 - A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
| | Homepage: | http://www.debian.org/security | | File Size: | 9219 | | Related CVE(s): | CVE-2007-2754 | | Last Modified: | Jul 19 05:21:38 2007 |
| MD5 Checksum: | 0fe3ecc159d2bcdf1b2fb7ab84a6adb1 |
|
| /// File Name: |
dsa-1335-1.txt |
Description:
|
Debian Security Advisory 1335-1 - Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file.
| | Homepage: | http://www.debian.org/security | | File Size: | 25843 | | Related CVE(s): | CVE-2006-4519, CVE-2007-2949 | | Last Modified: | Jul 19 05:30:05 2007 |
| MD5 Checksum: | 8c2676d4606df48917eabd54c263e6c3 |
|
| /// File Name: |
dsa-1336-1.txt |
Description:
|
Debian Security Advisory 1336-1 - Several remote vulnerabilities have been discovered in Mozilla Firefox. These vulnerabilities range from cross site scripting to integer overflows.
| | Homepage: | http://www.debian.org/security | | File Size: | 11501 | | Related CVE(s): | CVE-2007-1282, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2007-0981, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0778, CVE-2007-0045, CVE-2006-6077 | | Last Modified: | Jul 23 06:37:49 2007 |
| MD5 Checksum: | 828c6bc19547b45ddb365966e2c17d0a |
|
| /// File Name: |
dsa-1340-1.txt |
Description:
|
Debian Security Advisory 1340-1 - A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives.
| | Homepage: | http://www.debian.org/security | | File Size: | 13824 | | Related CVE(s): | CVE-2007-3725 | | Last Modified: | Jul 25 05:31:27 2007 |
| MD5 Checksum: | e0c3edcb3cea73262ca76bffee550402 |
|
| /// File Name: |
dsa-1341-1.txt |
Description:
|
Debian Security Advisory 1341-1 - Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 18635 | | Related CVE(s): | CVE-2007-2926 | | Last Modified: | Jul 26 07:27:24 2007 |
| MD5 Checksum: | efc71ffb570f59153afced8b0976b744 |
|
| /// File Name: |
dsa-1341-2.txt |
Description:
|
Debian Security Advisory 1341-2 - Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 33938 | | Related CVE(s): | CVE-2007-2926 | | Last Modified: | Jul 28 03:36:20 2007 |
| MD5 Checksum: | a53ca362331294563e2782284943cd28 |
|
| /// File Name: |
dsa-1342-1.txt |
Description:
|
Debian Security Advisory 1342-1 - It was discovered that a race condition in the init.d script of the X Font Server allows the modification of file permissions of arbitrary files if the local administrator can be tricked into restarting the X font server.
| | Homepage: | http://www.debian.org/security | | File Size: | 4663 | | Related CVE(s): | CVE-2007-3103 | | Last Modified: | Jul 31 08:19:18 2007 |
| MD5 Checksum: | dcfee0c9d0bf3d013082cf2ace2e6fad |
|
| /// File Name: |
easql-06-057.txt |
Description:
|
eVisit Analyst is susceptible to SQL injection vulnerabilities.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 1704 | | Last Modified: | Jul 11 10:25:41 2007 |
| MD5 Checksum: | f38be95649827042f62cfc989acffee7 |
|
| /// File Name: |
EEYE-Java.txt |
Description:
|
eEye Digital Security has discovered a stack buffer overflow in Java WebStart, a utility installed with Java Runtime Environment for the purpose of managing the download of Java applications. By opening a malicious JNLP file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Systems affected are Java Runtime Environment 6 update 1 and below and Java Runtime Environment 5 update 11 and below.
| | Author: | Daniel Soeder | | Homepage: | http://www.eeye.com/ | | File Size: | 4623 | | Last Modified: | Jul 10 05:10:09 2007 |
| MD5 Checksum: | 3e976378e3500569323acb831bebdede |
|
| /// File Name: |
EEYE-mp2007.txt |
Description:
|
eEye Digital Security has discovered a critical vulnerability in PUBCONV.DLL (version 12.0.4518.1014) included with Microsoft's Publisher 2007. PUBCONV.DLL is the Publisher conversion library used by Publisher to translate previous Publisher version files to be "properly" rendered in Publisher 2007. However, when attempting to load a malformed legacy Publisher document (i.e. Publisher 98), PUBCONV.DLL can be forced to call an arbitrary function pointer resulting in the execution of attacker supplied code in the context the of logged-in user.
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | File Size: | 6428 | | Last Modified: | Jul 11 10:58:58 2007 |
| MD5 Checksum: | c32e70dbed9a4380b6d1e9b83f68649a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
