.:[ packet storm ]:. - http://packetstormsecurity.org/

Section: .. / 0710-advisories /

Page 7 of 27
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 >> Files 150 - 175 of 664

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	MDKSA-2007-191.txt
Description:	Mandriva Linux Security Advisory - A heap-based buffer overflow in libsndfile could allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data which contains a block with a size exceeding that of the previous block.
Homepage:	http://www.mandriva.com/security/
File Size:	3998
Related CVE(s):	CVE-2007-4974
Last Modified:	Oct 2 20:17:22 2007
MD5 Checksum:	a410c18bdd0129aa5e7b7784c8322888

/// File Name:	glsa-200710-08.txt
Description:	Gentoo Linux Security Advisory GLSA 200710-08 - KPDF includes code from xpdf that is vulnerable to an integer overflow in the StreamPredictor::StreamPredictor() function. Versions less than 1.6.3-r1 are affected.
Homepage:	http://security.gentoo.org
File Size:	3973
Related CVE(s):	CVE-2007-3387
Last Modified:	Oct 10 02:21:30 2007
MD5 Checksum:	dbc302c9e79a5f24405c90b49be6dc0d

/// File Name:	sa27212.txt
Description:	Secunia Security Advisory - Mandriva has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), or gain escalated privileges, and by malicious people to cause a DoS.
Homepage:	http://secunia.com/advisories/27212/
File Size:	3918
Last Modified:	Oct 16 18:06:25 2007
MD5 Checksum:	36cf60a1acffd36decd317ef2b4cd0a0

/// File Name:	MDKSA-2007-192.txt
Description:	Mandriva Linux Security Advisory - A heap-based buffer overflow was found in MPlayer's AVI handling that could allow a remote attacker to cause a denial of service or possibly execute arbitrary code via a crafted .avi file.
Homepage:	http://www.mandriva.com/security/
File Size:	3908
Related CVE(s):	CVE-2007-4938
Last Modified:	Oct 2 20:17:52 2007
MD5 Checksum:	e3ec98049484e11c243e2a620b82a68c

/// File Name:	10.25.07-1.txt
Description:	iDefense Security Advisory 10.25.07 - Local exploitation of a buffer overflow vulnerability within Tmxpflt.sys, as included with Trend Micro Inc.'s AntiVirus engine, could allow an attacker to execute arbitrary code in kernel context. iDefense Labs has confirmed the existence of this vulnerability in following Trend Micro Products: Trend Micro's PC-Cillin Internet Security 2007, Tmxpflt.sys version 8.320.1004 and 8.500.0.1002. All products using Trend Micro's scan engine such as Trend Micro ServerProtect, Trend Micro OfficeScan are also suspected to be vulnerable.
Author:	Ruben Santamarta
Homepage:	http://www.idefense.com/
File Size:	3889
Related CVE(s):	CVE-2007-4277
Last Modified:	Oct 25 17:04:15 2007
MD5 Checksum:	3a2e7ca08bb95b6c4445c1b9a6a75fbd

/// File Name:	10.30.07-7.txt
Description:	iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.
Author:	Joshua J. Drake
Homepage:	http://www.idefense.com/
File Size:	3883
Related CVE(s):	CVE-2007-4623
Last Modified:	Oct 30 20:30:58 2007
MD5 Checksum:	a185a185af8ec2c2ce27a46a467d032d

/// File Name:	sa27359.txt
Description:	Secunia Security Advisory - DarkFig has reported some vulnerabilities in Simple PHP Blog, which can be exploited by malicious people to bypass certain security restrictions and conduct script insertion and cross-site request forgery attacks, and by malicious users to disclose sensitive information and compromise a vulnerable system.
Homepage:	http://secunia.com/advisories/27359/
File Size:	3873
Last Modified:	Oct 24 23:39:54 2007
MD5 Checksum:	15e00c00a740ef417025ac11d4575c03

/// File Name:	sa27279.txt
Description:	Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Lotus Notes, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information and by malicious people to bypass certain security mechanisms or compromise a user's system.
Homepage:	http://secunia.com/advisories/27279/
File Size:	3850
Last Modified:	Oct 23 19:22:54 2007
MD5 Checksum:	1cb3e35d77a791709a7b5fdfb0d4bfc3

/// File Name:	NGS00443.txt
Description:	NGSSoftware Insight Security Research Advisory - JDK and JRE versions 6 Update 1 and below, 5.0 Update 11 and below, and SDK and JRE versions 1.4.2_14 and below contain a vulnerability that allows an untrusted applet to violate the network access restrictions placed on it by the Java sandbox.
Author:	John Heasman
Homepage:	http://www.ngssoftware.com/
File Size:	3849
Last Modified:	Oct 29 20:38:03 2007
MD5 Checksum:	294b79541b86bde15e4205357ff9f957

/// File Name:	glsa-200710-11.txt
Description:	Gentoo Linux Security Advisory GLSA 200710-11 - iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file. Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling QueryXBitmaps and QueryXExtents protocol requests. Sean Larsson also discovered an error in the swap_char2b() function possibly leading to a heap corruption when handling the same protocol requests. Versions less than 1.0.5 are affected.
Homepage:	http://security.gentoo.org/
File Size:	3813
Related CVE(s):	CVE-2007-3103, CVE-2007-4568, CVE-2007-4990
Last Modified:	Oct 12 21:34:47 2007
MD5 Checksum:	eca0eedd0d3be5eb886c2d8371bea49d

/// File Name:	sa27229.txt
Description:	Secunia Security Advisory - SUSE has issued updates for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges, and by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
Homepage:	http://secunia.com/advisories/27229/
File Size:	3794
Last Modified:	Oct 15 18:42:41 2007
MD5 Checksum:	03e60d46ea30d8c1c448ff42b8c02831

/// File Name:	USN-527-1.txt
Description:	Ubuntu Security Notice 527-1 - Joris van Rantwijk discovered that the Xen host did not correctly validate the contents of a Xen guests's grug.conf file. Xen guest root users could exploit this to run arbitrary commands on the host when the guest system was rebooted.
Homepage:	http://security.ubuntu.com/
File Size:	3791
Related CVE(s):	CVE-2007-4993
Last Modified:	Oct 10 01:57:58 2007
MD5 Checksum:	426aa5e53b520753cc6d2ba13b08c8e9

/// File Name:	10.23.07-2.txt
Description:	iDefense Security Advisory 10.23.07 - Remote exploitation of a buffer overflow vulnerability within IBM Corp.'s Lotus Domino allows attackers to execute arbitrary code in the context of the IMAP service. iDefense has confirmed the existence of this vulnerability within version 7.0.2.2 of Lotus Domino running on Linux as well as Windows Server 2003. Previous versions, as well as builds for other platforms, are suspected to be vulnerable.
Author:	Manuel Santamarina Suarez
Homepage:	http://www.idefense.com/
File Size:	3763
Related CVE(s):	CVE-2007-3510
Last Modified:	Oct 25 00:15:12 2007
MD5 Checksum:	2d681b98adb81361108206364d31c320

/// File Name:	10.23.07-1.txt
Description:	iDefense Security Advisory 10.23.07 - Remote exploitation of a buffer overflow vulnerability in IBM Corp.'s Lotus Notes mail user agent could allow attackers to execute arbitrary code in the context of the current user. iDefense confirmed the existence of this vulnerability in version 7.0.2 of IBM Corp.'s Lotus Notes. Additionally, versions 6.5.1, 6.5.3 and 7.0.1 were reported to be vulnerable. Other versions are suspected to be vulnerable.
Author:	UVInc
Homepage:	http://www.idefense.com/
File Size:	3751
Related CVE(s):	CVE-2007-4222
Last Modified:	Oct 25 00:14:07 2007
MD5 Checksum:	f9986e451b0a2c04cb301e2d094fe53e

/// File Name:	sa27079.txt
Description:	Secunia Security Advisory - Ubuntu has issued an update for debian-goodies. This fixes a vulnerability, which can be exploited by malicious, local users to perform actions with escalated privileges.
Homepage:	http://secunia.com/advisories/27079/
File Size:	3728
Last Modified:	Oct 5 21:33:17 2007
MD5 Checksum:	1ab82b63dac5158ccf3247c97bb589b1

/// File Name:	glsa-200710-20.txt
Description:	Gentoo Linux Security Advisory GLSA 200710-20 - Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in the XPDF code which PDFKit is based on. ImageKits also contains a copy of PDFKit. Versions less than or equal to 0.9_pre062906 are affected.
Homepage:	http://security.gentoo.org
File Size:	3715
Related CVE(s):	CVE-2007-3387
Last Modified:	Oct 18 18:45:22 2007
MD5 Checksum:	df07e1fa1ad1a75a05415ac571fad712

/// File Name:	sa27134.txt
Description:	Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
Homepage:	http://secunia.com/advisories/27134/
File Size:	3668
Last Modified:	Oct 10 00:59:53 2007
MD5 Checksum:	e204c4fa2e53389060ce409ff882b344

/// File Name:	sa27381.txt
Description:	Secunia Security Advisory - Ubuntu has issued an update for gnome-screensaver. This fixes a security issue, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions.
Homepage:	http://secunia.com/advisories/27381/
File Size:	3663
Last Modified:	Oct 24 23:40:24 2007
MD5 Checksum:	933edc0988089d1601f01355802cda5c

/// File Name:	glsa-200709-18.txt
Description:	Gentoo Linux Security Advisory GLSA 200709-18 - Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the buildid parameter when filing bugs. The next two vulnerabilities only affect Bugzilla 2.23.3 or later, hence the stable Gentoo Portage tree does not contain these two vulnerabilities: Loic Minier reported that the Email::Send::Sendmail() function does not properly sanitize from email information before sending it to the -f parameter of /usr/sbin/sendmail, and Frederic Buclin discovered that the XML-RPC interface does not correctly check permissions in the time-tracking fields. Versions less than 3.0.1 are affected.
Homepage:	http://security.gentoo.org/
File Size:	3648
Related CVE(s):	CVE-2007-4538, CVE-2007-4539, CVE-2007-4543
Last Modified:	Oct 1 23:52:29 2007
MD5 Checksum:	75d435a9bb06b6f6027c646fd2235ca0

/// File Name:	glsa-200710-09.txt
Description:	Gentoo Linux Security Advisory GLSA 200710-09 - Chris Evans reported an integer overflow within the FreeType PCF font file parser. NX and NX Node are vulnerable to this due to shipping XFree86 4.3.0, which includes the vulnerable FreeType code. Versions less than 3.0.0 are affected.
Homepage:	http://security.gentoo.org/
File Size:	3637
Related CVE(s):	CVE-2006-1861
Last Modified:	Oct 10 02:22:09 2007
MD5 Checksum:	5a79864935d72c680b3409b54dd82837

/// File Name:	MDKSA-2007-197.txt
Description:	Mandriva Linux Security Advisory - A buffer overflow in GNU tar has unspecified attack vectors and impact, resulting in a crashing stack.
Homepage:	http://www.mandriva.com/security/
File Size:	3610
Related CVE(s):	CVE-2007-4476
Last Modified:	Oct 16 00:24:48 2007
MD5 Checksum:	53159c4b18c20e0be46399d37d49bbfd

/// File Name:	ZDI-07-061.txt
Description:	A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's parsing of SWF files. The SWF rendering DLL RealPlayer uses fails to properly handle malformed record headers leading to an exploitable overflow. An attacker could exploit this vulnerability using an ActiveX control {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} and embedding the malicious swf file in the page or by convincing an affected user to directly open a SWF file using RealPlayer. RealPlayer version 10.5 is affected.
Homepage:	http://www.zerodayinitiative.com/
File Size:	3607
Related CVE(s):	CVE-2007-2263
Last Modified:	Oct 31 20:11:35 2007
MD5 Checksum:	aee68c9f10d9fae163e4bcacb449810e

/// File Name:	dsa-1389-1.txt
Description:	Debian Security Advisory 1389-1 - It was discovered that zoph, a web based photo management system, performs insufficient input sanitizing, which allows SQL injection.
Homepage:	http://www.debian.org/security
File Size:	3590
Related CVE(s):	CVE-2007-3905
Last Modified:	Oct 18 18:39:30 2007
MD5 Checksum:	4b0b16e17ae71170c36d120ef22d5d8b

/// File Name:	webhack.txt
Description:	Latest additions to the Web Hacking Incidents Database (WHID) detailing major recent incidents.
Homepage:	http://www.webappsec.org/projects/whid/
File Size:	3586
Last Modified:	Oct 22 16:52:27 2007
MD5 Checksum:	c764a798af3d07b29ce37d7debe3ae1e

/// File Name:	sa27232.txt
Description:	Secunia Security Advisory - Fedora has issued an update for hplib. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
Homepage:	http://secunia.com/advisories/27232/
File Size:	3566
Last Modified:	Oct 16 00:22:55 2007
MD5 Checksum:	de903f7c7bd9f52fb91f9ad380df4e78

/// Last 10 Files

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Advisories

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Exploits

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Tools

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Misc

[ Last 20 | Last 50 | Last 100 ]