Section: .. / 0710-advisories /
| /// File Name: |
MDKSA-2007-200.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerablity in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user's privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7166 | | Related CVE(s): | CVE-2007-5137, CVE-2007-5378 | | Last Modified: | Oct 18 18:44:35 2007 |
| MD5 Checksum: | 0e3f83e910e1f30abaa43c4df9dd66d7 |
|
| /// File Name: |
glsa-200710-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200710-19 - Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the file utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of file was never shipped with The Sleuth Kit ebuilds. Versions less than 2.0.9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3198 | | Related CVE(s): | CVE-2007-1536, CVE-2007-2799 | | Last Modified: | Oct 18 18:40:06 2007 |
| MD5 Checksum: | ca4f37a7a61ecbe504c0403c1b6e6772 |
|
| /// File Name: |
glsa-200710-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200710-18 - Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Versions less than 2.12r-r8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2660 | | Related CVE(s): | CVE-2007-5191 | | Last Modified: | Oct 18 18:39:48 2007 |
| MD5 Checksum: | 71b4aca2aca73e6a69751ac8e61c7132 |
|
| /// File Name: |
dsa-1389-1.txt |
Description:
|
Debian Security Advisory 1389-1 - It was discovered that zoph, a web based photo management system, performs insufficient input sanitizing, which allows SQL injection.
| | Homepage: | http://www.debian.org/security | | File Size: | 3590 | | Related CVE(s): | CVE-2007-3905 | | Last Modified: | Oct 18 18:39:30 2007 |
| MD5 Checksum: | 4b0b16e17ae71170c36d120ef22d5d8b |
|
| /// File Name: |
dsa-1388-1.txt |
Description:
|
Debian Security Advisory 1388-1 - It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitrary code upon the DHCP server.
| | Homepage: | http://www.debian.org/security | | File Size: | 16986 | | Related CVE(s): | CVE-2007-5365 | | Last Modified: | Oct 18 18:37:54 2007 |
| MD5 Checksum: | 9d2033eca1d5196eddf26e6f4fb6ffec |
|
| /// File Name: |
SYMSA-2007-011.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-011 - A vulnerability has been discovered in the SMS handler on Windows Mobile 2005 Pocket PC Phone edition which means the sender of the original SMS message can be masked from the recipient when sent a specifically crafted WAP PUSH message.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.symantec.com/research | | File Size: | 6964 | | Related CVE(s): | CVE-2007-5493 | | Last Modified: | Oct 18 18:36:57 2007 |
| MD5 Checksum: | e24110e7aa7f663a5d2ed64308d72156 |
|
| /// File Name: |
TA07-290A.txt |
Description:
|
Technical Cyber Security Alert TA07-290A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5966 | | Last Modified: | Oct 18 18:35:44 2007 |
| MD5 Checksum: | d5c97101601ad13ece13321675a9d954 |
|
| /// File Name: |
cisco-sa-20071017-asa.txt |
Description:
|
Cisco Security Advisory - Two crafted packet vulnerabilities exist in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. These vulnerabilities are triggered during processing of Media Gateway Control Protocol (MGCP) packets, or during processing of Transport Layer Security (TLS) traffic that terminates on the PIX or ASA security appliance.
| | Homepage: | http://www.cisco.com/ | | File Size: | 22757 | | Last Modified: | Oct 18 18:33:22 2007 |
| MD5 Checksum: | e4ff59388364c154911f65adff3df622 |
|
| /// File Name: |
cisco-sa-20071017-fwsm.txt |
Description:
|
Cisco Security Advisory - Two crafted packet vulnerabilities exist in the Cisco Firewall Services Module (FWSM) that may result in a reload of the FWSM. These vulnerabilities can be triggered during the processing of HTTPS requests, or during the processing of Media Gateway Control Protocol (MGCP) packets. A third vulnerability may cause access control list (ACL) entries to not be evaluated after the access list has been manipulated.
| | Homepage: | http://www.cisco.com/ | | File Size: | 23416 | | Last Modified: | Oct 18 18:32:46 2007 |
| MD5 Checksum: | ee86a4edae50825cdb3ae77457a4bd1c |
|
| /// File Name: |
cisco-sa-20071017-IPCC.txt |
Description:
|
Cisco Security Advisory - Unified Contact Center and Intelligent Contact Management products contain a vulnerability that may result in unauthorized access to the web-based reporting and script monitoring tool (Web View) and the web-based configuration tool (Web Admin).
| | Homepage: | http://www.cisco.com/ | | File Size: | 13405 | | Last Modified: | Oct 18 18:32:04 2007 |
| MD5 Checksum: | 244e079104e4868a9ff5bec548531d60 |
|
| /// File Name: |
cisco-sa-20071017-cucm.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two denial of service (DoS) vulnerabilities. Large volumes of UDP Session Initiation Protocol (SIP) INVITE messages may cause a resource exhaustion condition on CUCM systems resulting in a kernel panic. The CUCM Trivial File Transfer Protocol (TFTP) service contains a buffer overflow vulnerability that may result in a denial of service condition or allow a remote, unauthenticated user to execute arbitrary code. There are no workarounds for these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15285 | | Last Modified: | Oct 18 18:31:26 2007 |
| MD5 Checksum: | 12346c759f4592e4e636e40e7256679e |
|
| /// File Name: |
NISR17102007E.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - The Oracle XML DB ftp service contains problems with auditing logins.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3062 | | Last Modified: | Oct 18 18:21:43 2007 |
| MD5 Checksum: | 03a2b4d2ce1e0e61066c4236c2f3932c |
|
| /// File Name: |
NISR17102007D.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a denial of service condition.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3280 | | Last Modified: | Oct 18 18:20:52 2007 |
| MD5 Checksum: | a370f981cb7f34a8094c806a8b0dfddf |
|
| /// File Name: |
NISR17102007C.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - The Oracle TNS Listener suffers from denial of service and/or remote memory inspection vulnerabilities. Systems affected include Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3527 | | Last Modified: | Oct 18 18:17:51 2007 |
| MD5 Checksum: | 4b1d5b9c9a68052baf1d1b81653d3661 |
|
| /// File Name: |
NISR17102007B.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection. The Workspace Manager, owned by SYS, contains a package called LT. This package is owned and defined by the SYS user and can be executed by PUBLIC. LT contains a procedure called FINDRICSET which calls the FINDRICSET package in the LTRIC package. This is vulnerable to SQL injection and can be abused by an attacker to gain SYS privileges.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3107 | | Last Modified: | Oct 18 18:16:27 2007 |
| MD5 Checksum: | 69edd82fa8cac473f288d4f330ee5ac6 |
|
| /// File Name: |
NISR17102007A.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - The Intermedia application, owned by CTXSYS, contains a package called CTX_DOC. This package contains multiple SQL injection flaws.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2980 | | Last Modified: | Oct 18 18:15:19 2007 |
| MD5 Checksum: | 6391108725892efacb180aa8e5d0112b |
|
| /// File Name: |
AST-2007-023.txt |
Description:
|
Asterisk Project Security Advisory - Source and destination numbers for a given call are not correctly escaped by the cdr_addon_mysql module in Asterisk, allowing for SQL injection attacks.
| | Author: | Humberto Abdelnur | | Homepage: | http://www.asterisk.org/security | | File Size: | 8293 | | Related CVE(s): | CVE-2007-5488 | | Last Modified: | Oct 18 18:03:31 2007 |
| MD5 Checksum: | 8b04c6ff4d935ae655d57a54df812550 |
|
| /// File Name: |
sa27293.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in vbDrupal, which can be exploited by malicious users to conduct HTTP response splitting attacks, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks, bypass certain security restrictions, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27293/ | | File Size: | 2426 | | Last Modified: | Oct 18 17:54:59 2007 |
| MD5 Checksum: | 56bf4ac6a2e397d026248e935516be6f |
|
| /// File Name: |
sa27230.txt |
Description:
|
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in RunCms.
| | Homepage: | http://secunia.com/advisories/27230/ | | File Size: | 2093 | | Last Modified: | Oct 18 17:54:12 2007 |
| MD5 Checksum: | b4fcd9cf91756643b4ca4912f8e1cf84 |
|
| /// File Name: |
sa27234.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in various Nortel products, which can be exploited by malicious people to cause a DoS (Denial of Service) and to eavesdrop with affected devices.
| | Homepage: | http://secunia.com/advisories/27234/ | | File Size: | 4372 | | Last Modified: | Oct 18 17:54:12 2007 |
| MD5 Checksum: | 2be9f58357257cb97b0b86ba7b1bb42e |
|
| /// File Name: |
sa27237.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27237/ | | File Size: | 2792 | | Last Modified: | Oct 18 17:54:12 2007 |
| MD5 Checksum: | 5045f901f2ba34ac6c5b7ae96279cbf6 |
|
| /// File Name: |
sa27251.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported for various Oracle products. Some have unknown impacts, other can be exploited to disclose sensitive information, conduct SQL injection attacks, or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27251/ | | File Size: | 4838 | | Last Modified: | Oct 18 17:54:12 2007 |
| MD5 Checksum: | 2bbb752adb695bac193cff3018bc877a |
|
| /// File Name: |
sa27252.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Nortel IP Softphone 2050, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27252/ | | File Size: | 2611 | | Last Modified: | Oct 18 17:54:12 2007 |
| MD5 Checksum: | c470a116997acc6c452bf5e696dc7e7f |
|
| /// File Name: |
sa27264.txt |
Description:
|
Secunia Security Advisory - Demential has discovered a vulnerability in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/27264/ | | File Size: | 2527 | | Last Modified: | Oct 18 17:54:12 2007 |
| MD5 Checksum: | 4e5dbc9a98a2108a7cce6a0656aeb44e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
