Section: .. / 0710-advisories /
| /// File Name: |
07101401_mobilespy.txt |
Description:
|
Airscanner Mobile Security Advisory #07101401 - Mobile-spy.com's user administration web application contains a critical bug that allows anyone to inject spoofed incoming/outgoing phone records, SMS messages, and URL's into the backend database for ANY user of the software. In addition, since the incoming records are not filtered, it is trivial to inject malicious JavaScript/HTML into the webpage viewed by the user of the software. Finally, the user/pass is stored locally on the victims phone as plaintext.
| | Homepage: | http://www.airscanner.com/ | | File Size: | 2180 | | Last Modified: | Oct 23 14:19:30 2007 |
| MD5 Checksum: | 25958e1eaf59e5b6e89048bc4d65e2f8 |
|
| /// File Name: |
10.02.07-1.txt |
Description:
|
iDefense Security Advisory 10.02.07 - Remote exploitation of a multiple vulnerabilities in X.Org Foundation's X Font Server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. iDefense has confirmed the existence of these vulnerabilities in XFS version X11R7.2-1.0.4. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4248 | | Related CVE(s): | CVE-2007-4568 | | Last Modified: | Oct 2 20:30:33 2007 |
| MD5 Checksum: | 0532b9913a377b17570bf93248afe912 |
|
| /// File Name: |
10.02.07-2.txt |
Description:
|
iDefense Security Advisory 10.02.07 - Local exploitation of an integer signedness error in Sun Microsystem's Solaris could allow attackers to disclose sensitive information from memory. iDefense has confirmed the existence of this vulnerability in Solaris 10 on x86 and SPARC. It is suspected that earlier versions are also affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3165 | | Last Modified: | Oct 3 19:23:17 2007 |
| MD5 Checksum: | 9404e9c2ad59fb451666c20c0f9a20c7 |
|
| /// File Name: |
10.09.07-1.txt |
Description:
|
iDefense Security Advisory 10.09.07 - Remote exploitation of a heap overflow in Microsoft Corp.'s Windows Mail and Outlook Express NNTP clients may allow an attacker to execute code with the privileges of the logged on user.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4133 | | Related CVE(s): | CVE-2007-3897 | | Last Modified: | Oct 10 02:15:53 2007 |
| MD5 Checksum: | bf343d74732b59920caee4de64fd295c |
|
| /// File Name: |
10.10.07-1.txt |
Description:
|
iDefense Security Advisory 10.10.07 - Remote exploitation of a format string vulnerability in Kaspersky Lab's Online Scanner virus scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user. iDefense has confirmed the existence of this vulnerability within version 5.0.93.0 of Kaspersky Lab's kavwebscan.dll. Previous versions are suspected to be vulnerable.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 4265 | | Related CVE(s): | CVE-2007-3675 | | Last Modified: | Oct 11 00:00:07 2007 |
| MD5 Checksum: | 3e0b4dc5a2a3f864e788a00519e4dc3a |
|
| /// File Name: |
10.11.07-1.txt |
Description:
|
iDefense Security Advisory 10.11.07 - Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user. iDefense has confirmed the existence of these vulnerabilities libFLAC 1.2.0, as well as the version of libFLAC included in in the full 5.35 version Winamp. Previous versions of libFLAC may also be vulnerable. The lite version of Winamp does not include support for the FLAC file format, and as such is not vulnerable.
| | Author: | Sean de Regge | | Homepage: | http://www.idefense.com/ | | File Size: | 3498 | | Related CVE(s): | CVE-2007-4619 | | Last Modified: | Oct 12 00:50:47 2007 |
| MD5 Checksum: | bcc16cceb11c1fb4471c36b4ce403c72 |
|
| /// File Name: |
10.23.07-1.txt |
Description:
|
iDefense Security Advisory 10.23.07 - Remote exploitation of a buffer overflow vulnerability in IBM Corp.'s Lotus Notes mail user agent could allow attackers to execute arbitrary code in the context of the current user. iDefense confirmed the existence of this vulnerability in version 7.0.2 of IBM Corp.'s Lotus Notes. Additionally, versions 6.5.1, 6.5.3 and 7.0.1 were reported to be vulnerable. Other versions are suspected to be vulnerable.
| | Author: | UVInc | | Homepage: | http://www.idefense.com/ | | File Size: | 3751 | | Related CVE(s): | CVE-2007-4222 | | Last Modified: | Oct 25 00:14:07 2007 |
| MD5 Checksum: | f9986e451b0a2c04cb301e2d094fe53e |
|
| /// File Name: |
10.23.07-2.txt |
Description:
|
iDefense Security Advisory 10.23.07 - Remote exploitation of a buffer overflow vulnerability within IBM Corp.'s Lotus Domino allows attackers to execute arbitrary code in the context of the IMAP service. iDefense has confirmed the existence of this vulnerability within version 7.0.2.2 of Lotus Domino running on Linux as well as Windows Server 2003. Previous versions, as well as builds for other platforms, are suspected to be vulnerable.
| | Author: | Manuel Santamarina Suarez | | Homepage: | http://www.idefense.com/ | | File Size: | 3763 | | Related CVE(s): | CVE-2007-3510 | | Last Modified: | Oct 25 00:15:12 2007 |
| MD5 Checksum: | 2d681b98adb81361108206364d31c320 |
|
| /// File Name: |
10.25.07-1.txt |
Description:
|
iDefense Security Advisory 10.25.07 - Local exploitation of a buffer overflow vulnerability within Tmxpflt.sys, as included with Trend Micro Inc.'s AntiVirus engine, could allow an attacker to execute arbitrary code in kernel context. iDefense Labs has confirmed the existence of this vulnerability in following Trend Micro Products: Trend Micro's PC-Cillin Internet Security 2007, Tmxpflt.sys version 8.320.1004 and 8.500.0.1002. All products using Trend Micro's scan engine such as Trend Micro ServerProtect, Trend Micro OfficeScan are also suspected to be vulnerable.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 3889 | | Related CVE(s): | CVE-2007-4277 | | Last Modified: | Oct 25 17:04:15 2007 |
| MD5 Checksum: | 3a2e7ca08bb95b6c4445c1b9a6a75fbd |
|
| /// File Name: |
10.30.07-1.txt |
Description:
|
iDefense Security Advisory 10.30.07 - Local exploitation of a file access vulnerability in the swcons command included in multiple versions of IBM Corp.'s AIX could allow for the creation or modification of arbitrary files anywhere on the system. The vulnerability specifically exists due to a lack of sanity checking when using the -p option. If a user specifies a file with the -p option, the contents of that file will be overwritten with 65,535 bytes of uncontrolled data. If the file doesn't exist, it will be created. In both cases, the file will also be converted to mode 222, which allows all users on the system to modify it. By specifying a system file, users can cause a denial of service condition or elevate privileges. iDefense has confirmed the existence of this vulnerability on IBM AIX version 5.2. It is suspected that previous versions are also vulnerable.
| | Author: | Alex DeLarge | | Homepage: | http://www.idefense.com/ | | File Size: | 3531 | | Last Modified: | Oct 30 20:16:36 2007 |
| MD5 Checksum: | fcf212ebff605766dd2255cf3455a4a9 |
|
| /// File Name: |
10.30.07-2.txt |
Description:
|
iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the crontab program of IBM Corp.'s AIX 5.2 operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the main function. While processing command line arguments, the crontab program will copy a user-supplied argument to a fixed size BSS (data segment) buffer. Since no bounds checking is performed, it's possible to overwrite a large portion of the data stored in the BSS memory area. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 does not appear to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3402 | | Related CVE(s): | CVE-2007-4621 | | Last Modified: | Oct 30 20:26:17 2007 |
| MD5 Checksum: | 702b614f37ff173a32386b75ea06bd8c |
|
| /// File Name: |
10.30.07-3.txt |
Description:
|
iDefense Security Advisory 10.30.07 - Local exploitation of an integer underflow vulnerability in the dig program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within dns_name_fromtext function within the libdns.a library. This function is called when processing the '-y' command line parameter to the dig program. By supplying a specially crafted TSIG key parameter, an attacker is able to cause an integer underflow, resulting in potentially exploitable heap corruption. iDefense has confirmed the existence of this vulnerability within AIX version 5.2. Previous versions are suspected to be vulnerable. AIX 5.3 is not vulnerable since the dig command is no longer installed set-uid root.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3499 | | Related CVE(s): | CVE-2007-4622 | | Last Modified: | Oct 30 20:27:09 2007 |
| MD5 Checksum: | e9d35b47c15f1b28d3fd059f92b68189 |
|
| /// File Name: |
10.30.07-4.txt |
Description:
|
iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-p' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3076 | | Related CVE(s): | CVE-2007-4513 | | Last Modified: | Oct 30 20:28:14 2007 |
| MD5 Checksum: | f2ea5507b88b98c70d8372163d1fd68c |
|
| /// File Name: |
10.30.07-5.txt |
Description:
|
iDefense Security Advisory 10.30.07 - Local exploitation of a stack buffer overflow vulnerability in IBM Corp.'s AIX operating system may allow an attacker to execute arbitrary code with root privileges. The vulnerability exists within the parsing of the '-V' command line option. The argument to this option is copied into a fixed size stack buffer using the sprintf() function without properly validating the length. This leads to an exploitable stack buffer overflow. iDefense has confirmed the existence of this vulnerability in AIX version 5.2 and 5.3. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3093 | | Related CVE(s): | CVE-2007-4513 | | Last Modified: | Oct 30 20:29:14 2007 |
| MD5 Checksum: | 6b7ef8143a1978882368835cc0236a7f |
|
| /// File Name: |
10.30.07-6.txt |
Description:
|
iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the ftp client of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within the domacro() function. This function is called when executing a macro via the '$' command within the ftp program. When executing a macro, the parameter is copied to a fixed size stack buffer using an unbounded call to strcpy(). By specifying a long argument, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability in AIX version 5.3 (5300-06). Previous versions are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3482 | | Related CVE(s): | CVE-2007-4217 | | Last Modified: | Oct 30 20:30:04 2007 |
| MD5 Checksum: | 3e29520806c28983f3fe4b7bdecdcd7d |
|
| /// File Name: |
10.30.07-7.txt |
Description:
|
iDefense Security Advisory 10.30.07 - Local exploitation of a buffer overflow vulnerability in the bellmail program of IBM Corp.'s AIX operating system allows attackers to execute arbitrary code with root privileges. The problem specifically exists within sendrmt function. This function is called when a user tries to send mail using the "m" command. Within this function, several sprintf calls are made to concatenate user-supplied input with static strings. No bounds checking is performed to ensure that the resulting string will fit in the destination buffer located on the stack. By supplying a long parameter, an attacker is able to overwrite program control data located on the stack and take control of the affected process. iDefense has confirmed the existence of this vulnerability within AIX version 5.3 (5300-06) and 5.2. Previous versions are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3883 | | Related CVE(s): | CVE-2007-4623 | | Last Modified: | Oct 30 20:30:58 2007 |
| MD5 Checksum: | a185a185af8ec2c2ce27a46a467d032d |
|
| /// File Name: |
10.31.07-1.txt |
Description:
|
iDefense Security Advisory 10.31.07 - Remote exploitation of an unsafe method vulnerability in Macrovision InstallShield Update Service allows attackers to execute arbitrary code with the privileges of the currently logged-in user. iDefense has confirmed the existence of this vulnerability in versions 5.01.100.47363, and 6.0.100.60146 of Macrovision InstallShield Update Service. Previous versions are also suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4926 | | Related CVE(s): | CVE-2007-5660 | | Last Modified: | Oct 31 14:49:44 2007 |
| MD5 Checksum: | 3addc6c9d8c0ef03f3685cd0202c1a9b |
|
| /// File Name: |
10.31.07-2.txt |
Description:
|
iDefense Security Advisory 10.31.07 - Remote exploitation of a directory traversal vulnerability in Symantec's Altiris Deployment Solution products could allow attackers to gain read access to arbitrary files hosted on the Altiris server. iDefense confirmed the existence of this vulnerability in Altiris Deployment Solution for Windows version 6.8. The specific vulnerable executable is pxemtftp.exe version 6.8.8297.48.
| | Author: | Manuel Santamarina Suarez | | Homepage: | http://www.idefense.com/ | | File Size: | 3448 | | Related CVE(s): | CVE-2007-3874 | | Last Modified: | Oct 31 14:50:45 2007 |
| MD5 Checksum: | 69c30592d1e81af223bc206a0d0fbd5f |
|
| /// File Name: |
aaboompb.txt |
Description:
|
America's Army and America's Army Special Forces versions 2.8.2 and below suffer from an unexploitable buffer overflow.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | aaboompb.zip | | File Size: | 2357 | | Last Modified: | Oct 2 00:48:38 2007 |
| MD5 Checksum: | 6c89cb6a29f4a73aa4c069626f2acb89 |
|
| /// File Name: |
AD-LAB-07006.txt |
Description:
|
3proxy suffers from a double free vulnerability that can cause instability and potentially crash a service. Versions 0.5.3i and below are vulnerable.
| | Author: | Venustech AD-LAB | | Homepage: | http://www.venustech.com.cn/ | | File Size: | 2219 | | Related CVE(s): | CVE-2007-5622 | | Last Modified: | Oct 23 17:46:08 2007 |
| MD5 Checksum: | 9df5e1ee0164e3d3e6ab5ce4595ce940 |
|
| /// File Name: |
airkiosk-xss.txt |
Description:
|
Sutra's Airkiosk is susceptible to a cross site scripting vulnerability due to using an old formlib.pl.
| | Author: | Skien | | File Size: | 947 | | Last Modified: | Oct 30 12:15:41 2007 |
| MD5 Checksum: | b3b219465b6f5be31767749ee631a0a2 |
|
| /// File Name: |
AST-2007-023.txt |
Description:
|
Asterisk Project Security Advisory - Source and destination numbers for a given call are not correctly escaped by the cdr_addon_mysql module in Asterisk, allowing for SQL injection attacks.
| | Author: | Humberto Abdelnur | | Homepage: | http://www.asterisk.org/security | | File Size: | 8293 | | Related CVE(s): | CVE-2007-5488 | | Last Modified: | Oct 18 18:03:31 2007 |
| MD5 Checksum: | 8b04c6ff4d935ae655d57a54df812550 |
|
| /// File Name: |
bitdefend-zlib.txt |
Description:
|
The freeware version of Softwin's Bitdefender software contains a vulnerable version of zlib.
| | Author: | Stefan Kanthak | | File Size: | 537 | | Last Modified: | Oct 22 17:56:06 2007 |
| MD5 Checksum: | 0eb743262003fe551dbe2ca6b87585b2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
