Section: .. / 0711-advisories /
| /// File Name: |
MDKSA-2007-233.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4480 | | Related CVE(s): | CVE-2007-4476, CVE-2005-1229 | | Last Modified: | Nov 28 20:21:11 2007 |
| MD5 Checksum: | 2a70c32f8fe21ac3d4b0c4bb809adf50 |
|
| /// File Name: |
mobile-csrf.txt |
Description:
|
Mobile phones can be subjected to denial of service attacks via cross site request forgery attacks.
| | Author: | avivra | | Homepage: | http://aviv.raffon.net/ | | File Size: | 685 | | Last Modified: | Nov 26 21:06:06 2007 |
| MD5 Checksum: | 1756f97c67746f73dac3c2411380a850 |
|
| /// File Name: |
msjet-overflow.txt |
Description:
|
A remote code execute vulnerability exists in Microsoft Jet Engine. A remote attacker who successfully exploit this vulnerability can execute arbitrary code on the affected system.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 6986 | | Last Modified: | Nov 26 15:46:41 2007 |
| MD5 Checksum: | 8c40aee731e7e2aff5e039121162cbcf |
|
| /// File Name: |
NETRAGARD-20070313.txt |
Description:
|
Netragard, L.L.C Advisory - Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise. OpenBase versions 10.0.5 and below are affected.
| | Author: | Adriel T. Desautels, Kevin Finisterre | | Homepage: | http://www.netragard.com/ | | File Size: | 5598 | | Last Modified: | Nov 6 01:48:02 2007 |
| MD5 Checksum: | 0c384ec80b5dc1e8f843028ebcd5ff01 |
|
| /// File Name: |
omnipcx-reroute.txt |
Description:
|
The Alcatel OmniPCX Enterprise VoIP system versions 7.1 and below are susceptible to a audio stream reroute vulnerability.
| | Author: | Daniel Stirnimann | | Homepage: | http://www.csnc.ch/ | | File Size: | 1877 | | Last Modified: | Nov 26 17:16:10 2007 |
| MD5 Checksum: | 0f6acf675c5992b90648fd91a41fb30c |
|
| /// File Name: |
OpenPKG-SA-2007.023.txt |
Description:
|
OpenPKG Security Advisory - Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in the regular expression compiler of the Perl programming language, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. The bug manifests in a possible buffer overflow in the polymorphic "opcode" support code, caused by ASCII regular expressions that really are Unicode regular expressions.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 2667 | | Related CVE(s): | CVE-2007-5116 | | Last Modified: | Nov 8 18:30:15 2007 |
| MD5 Checksum: | 7d78792bfaaef1d474a80e73e2ac9b60 |
|
| /// File Name: |
oracle-sysdba.txt |
Description:
|
Tanel Poder has found a way to get SYSDBA access to the Oracle database by utilizing a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGE_USER and CREATE SESSION.
| | Author: | Pete | | File Size: | 832 | | Last Modified: | Nov 12 23:25:46 2007 |
| MD5 Checksum: | 6e0ac7cb849365bf62c2d03852f33d25 |
|
| /// File Name: |
phpgettext-dos.txt |
Description:
|
PHP versions 5.2.5 and below suffer from denial of service vulnerabilities in the Gettext Lib.
| | Author: | laurent gaffi | | File Size: | 1794 | | Last Modified: | Nov 13 22:53:46 2007 |
| MD5 Checksum: | 229781eceee8ae4657cfbd4b2f7bee22 |
|
| /// File Name: |
phpstream-dos.txt |
Description:
|
PHP versions 5.2.5 and below suffer from a denial of service vulnerability in stream_wrapper_register().
| | Author: | laurent gaffi | | File Size: | 942 | | Last Modified: | Nov 13 22:54:26 2007 |
| MD5 Checksum: | 5b4db4e5101ce323537b625a3cbded22 |
|
| /// File Name: |
plone-exec.txt |
Description:
|
Plone versions 2.5 up to and including 2.5.4 and versions 3.0 up to and including 3.0.2 suffer from an arbitrary python code execution vulnerability.
| | Author: | Martijn Pieters | | Homepage: | http://plone.org/ | | File Size: | 985 | | Related CVE(s): | CVE-2007-5741 | | Last Modified: | Nov 6 22:51:02 2007 |
| MD5 Checksum: | a8f693f7cdcde08c01d8482846254698 |
|
| /// File Name: |
PR07-13.txt |
Description:
|
A cross site scripting vulnerability exists in F5 Networks FirePass versions 5.4 through 5.5.2 and versions 6.0 through 6.0.1.
| | Author: | Adrian Pastor, Jan Fry | | Homepage: | http://www.procheckup.com/ | | File Size: | 1277 | | Last Modified: | Nov 12 23:40:25 2007 |
| MD5 Checksum: | 38cb24b936a46e1a0f3233a4764a3314 |
|
| /// File Name: |
qt_pdat_heapbof.pdf |
Description:
|
QuickTime is prone to a heap overflow vulnerability when parsing malformed Panorama Sample Atoms, which are used in QuickTime Virtual Reality Movies.
| | Author: | Mario Ballano Barcena | | Homepage: | http://www.48Bits.com | | File Size: | 54534 | | Last Modified: | Nov 12 21:50:42 2007 |
| MD5 Checksum: | c3be020bca030b61f2924275b9def402 |
|
| /// File Name: |
realpdos.txt |
Description:
|
Realplayer 11 suffers from a denial of service condition related to ActiveX.
| | Author: | Abed Adonis | | Homepage: | http://www.safehack.com/ | | File Size: | 4093 | | Last Modified: | Dec 2 15:35:28 2007 |
| MD5 Checksum: | 5602ec9844f03bb434ca6ddf3914db67 |
|
| /// File Name: |
rubygnome-format.txt |
Description:
|
RubyGnome2 version 0.16.0 suffers from a format string vulnerability in Gtk::MessageDialog.
| | Author: | Chris Rohlf | | Homepage: | http://em386.blogspot.com/ | | File Size: | 2193 | | Last Modified: | Nov 27 22:36:42 2007 |
| MD5 Checksum: | a6025478eda50be47a048a11ff1c4a01 |
|
| /// File Name: |
sa25952.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in ACDSee products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25952/ | | File Size: | 3493 | | Last Modified: | Nov 2 19:11:36 2007 |
| MD5 Checksum: | e22f9c0878ebfa209cad7101479ebdfc |
|
| /// File Name: |
sa26276.txt |
Description:
|
Secunia Security Advisory - Peter Ohlerich has reported a vulnerability in Lantronix SCS3200, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26276/ | | File Size: | 2327 | | Last Modified: | Nov 16 02:06:08 2007 |
| MD5 Checksum: | 971f9c1d9b1bc4ac1a09b7478b323efe |
|
| /// File Name: |
sa26462.txt |
Description:
|
Secunia Security Advisory - Joren McReynolds has reported some vulnerabilities in Cisco Unified Meeting Place, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26462/ | | File Size: | 2646 | | Last Modified: | Nov 7 15:19:41 2007 |
| MD5 Checksum: | 5d7412f778dc6ecbd761e2fd96d707c4 |
|
| /// File Name: |
sa26503.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in GNOME gpdf, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26503/ | | File Size: | 2213 | | Last Modified: | Nov 8 18:19:25 2007 |
| MD5 Checksum: | 5785ffe34e05351180c18ca42d08fedb |
|
| /// File Name: |
sa26975.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26975/ | | File Size: | 3046 | | Last Modified: | Nov 28 19:37:31 2007 |
| MD5 Checksum: | de86c821d363c465edddac7a4478d8e9 |
|
| /// File Name: |
sa27260.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27260/ | | File Size: | 2919 | | Last Modified: | Nov 7 15:19:41 2007 |
| MD5 Checksum: | 56c8ff59a18a850f0ff3f9219435cf31 |
|
| /// File Name: |
sa27300.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Link Grammar, which can be exploited by malicious people to compromise an application using the affected code.
| | Homepage: | http://secunia.com/advisories/27300/ | | File Size: | 2628 | | Last Modified: | Nov 7 19:16:30 2007 |
| MD5 Checksum: | 99a0744e0126c0ba1aca412587a73304 |
|
| /// File Name: |
sa27340.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in the AbiWord Link Grammar library, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27340/ | | File Size: | 2496 | | Last Modified: | Nov 7 15:19:41 2007 |
| MD5 Checksum: | 81f952bd11b1cc09cda93c51db67579b |
|
| /// File Name: |
sa27402.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Miranda IM, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27402/ | | File Size: | 2771 | | Last Modified: | Nov 23 18:42:38 2007 |
| MD5 Checksum: | bcbfca13d12b4c4f551c68e771c0db1f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
