.:[ packet storm ]:.
                             
beyond paranoid
beyond paranoid

 Section:  .. / 0712-advisories  /

Page 1 of 23
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 >> Files 1 - 25 of 554
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: 12.11.07-1.txt
Description:
 iDefense Security Advisory 12.11.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code in the context of the current user. The vulnerability lies in the JavaScript setExpression method, which is implemented in mshtml.dll. When malformed parameters are supplied, memory can be corrupted in a way that results in Internet Explorer accessing a previously deleted object. By creating a specially crafted web page, it is possible for an attacker to control the contents of the memory pointed to by the released object. This allows an attacker to execute arbitrary code. As of April 5th, 2007, iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0 with all available security patches are vulnerable. Older versions of Internet Explorer may also be vulnerable.
Author:Peter Vreugdenhil
Homepage:http://www.idefense.com/
File Size:3988
Related CVE(s):CVE-2007-3902
Last Modified:Dec 12 17:53:34 2007
MD5 Checksum:9c4c580a8e36817b3afe5e7aa86438ed

 ///  File Name: 12.11.07-2.txt
Description:
 iDefense Security Advisory 12.11.07 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s DirectShow could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability exists in the DirectShow SAMI parser, which is implemented in quartz.dll. When the SAMI parser copies parameters into a stack buffer, it does not properly check the length of the parameter. As such, parsing a specially crafted SAMI file can cause a stack-based buffer overflow. This allows an attacker to execute arbitrary code. iDefense has confirmed Microsoft DirectX 7.x and Microsoft DirectX 8.x are vulnerable. Microsoft DirectX 9.0c or newer is not vulnerable.
Author:Jun Mao
Homepage:http://www.idefense.com/
File Size:4259
Related CVE(s):CVE-2007-3901
Last Modified:Dec 12 17:55:01 2007
MD5 Checksum:e693d3582cbe875a9d4d0f14be2e879c

 ///  File Name: 12.17.07-1.txt
Description:
 iDefense Security Advisory 12.17.07 - Local exploitation of a stack based buffer overflow vulnerability in Apple Inc.'s Mac OS X mount_smbfs utility could allow an attacker to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.4.10, on both the Server and Desktop versions. Previous versions may also be affected.
Author:Sean Larsson
Homepage:http://www.idefense.com/
File Size:3299
Related CVE(s):CVE-2007-3876
Last Modified:Dec 18 19:50:55 2007
MD5 Checksum:e8889ad8722bdf741a8739a45928309c

 ///  File Name: 12.18.07-2.txt
Description:
 iDefense Security Advisory 12.17.07 - Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. iDefense has confirmed the existence of this vulnerability in ClamAV 0.91.2. Previous versions may also be affected.
Homepage:http://www.idefense.com/
File Size:3556
Related CVE(s):CVE-2007-5759
Last Modified:Dec 18 19:51:47 2007
MD5 Checksum:c21e76e417fa3b6863d298a4255134cf

 ///  File Name: abi-sql.txt
Description:
 ABI version 3.7.9.17 suffers from a SQL injection vulnerability in the forgotten password section.
Author:The-0utl4w
Homepage:http://aria-security.net/
File Size:289
Last Modified:Dec 20 16:25:15 2007
MD5 Checksum:888ec2872ee4bea045aca05113556273

 ///  File Name: AD20071206.txt
Description:
 Avast! Home/Professional versions below 4.7.1098 suffer from a remote heap corruption vulnerablity when processing tar files.
Author:Sowhat
Homepage:http://www.nevisnetworks.com/
File Size:1819
Last Modified:Dec 7 12:57:50 2007
MD5 Checksum:d8ae0cd83f95804e538540b842699117

 ///  File Name: AD20071211.txt
Description:
 There is a vulnerability in TrendMicro Antivirus, which allows an attacker to escalate to SYSTEM privileges, cause a denial of service, or potentially execute arbitrary code.
Author:Sowhat
Homepage:http://www.nevisnetworks.com/
File Size:2092
Last Modified:Dec 11 23:03:36 2007
MD5 Checksum:f0253cc841de3cd26cbc523ac0303783

 ///  File Name: aim-bypass.txt
Description:
 AOL Instant Messenger is still susceptible to bypass vulnerabilities.
Author:Michael Evanchik
Homepage:http://www.MichaelEvanchik.com
File Size:761
Last Modified:Dec 24 18:08:36 2007
MD5 Checksum:6e07a7d3dad92e6edb0f83dbaf853779

 ///  File Name: aol-xss.txt
Description:
 AOL is still susceptible to cross site scripting vulnerabilities.
Author:Michael Evanchik
Homepage:http://www.MichaelEvanchik.com
File Size:734
Last Modified:Dec 24 18:06:18 2007
MD5 Checksum:f95024c74e60771ed90f54823facff7a

 ///  File Name: appian-dos.txt
Description:
 The Appian Business Suite version 5.6 SP1 is vulnerable to a remote denial of service attack due to the way it handles packets on port 5400.
Author:Chris Castaldo
File Size:3913
Last Modified:Dec 18 12:17:10 2007
MD5 Checksum:aaade840266b1013d4e3236dcd6d6ad7

 ///  File Name: AST-2007-027.txt
Description:
 Asterisk Project Security Advisory - Due to the way database-based registrations ("realtime") are processed, IP addresses are not checked when the username is correct and there is no password. An attacker may impersonate any user using host-based authentication without a secret, simply by guessing the username of that user. This is limited in scope to administrators who have set up the registration database ("realtime") for authentication and are using only host-based authentication, not passwords. However, both the SIP and IAX protocols are affected.
Author:Tilghman Lesher
Homepage:http://www.asterisk.org/security
File Size:8605
Related CVE(s):CVE-2007-6430
Last Modified:Dec 18 19:56:53 2007
MD5 Checksum:f9dfea6ea0b39fe7b65dcff07dc9ba1f

 ///  File Name: authcas-sql.txt
Description:
 The Apache::AuthCAS module appears susceptible to SQL injection attacks via the cookie.
Author:Matthias Bethke
File Size:1797
Last Modified:Dec 7 19:34:20 2007
MD5 Checksum:bcbad04999e8756593a479b393069e06

 ///  File Name: autonomy-nodisclose.txt
Description:
 Autonomy, the software company that supplies the "Swiss Army Knife" in handling and opening documents in well known software like IBM Lotus Notes and Symantec Mail Security, is trying to keep Secunia from disclosing any information about old vulnerabilities. For shame. For shame.
Author:Thomas Kristensen
Homepage:http://secunia.com/
File Size:5401
Last Modified:Dec 7 19:24:57 2007
MD5 Checksum:17b3b9eb9ae7079b9598c2c435073991

 ///  File Name: CAID-35970.txt
Description:
 CA Security Advisory - A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected.
Author:Ken Williams
Homepage:http://www3.ca.com/
File Size:4782
Related CVE(s):CVE-2007-6334
Last Modified:Dec 24 14:52:23 2007
MD5 Checksum:75d1aea42d606c7d355dd7885d28c8e5

 ///  File Name: CAID-brightstor.txt
Description:
 CA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
Author:Dyon Balding, Cocoruder, Tenable Network Security, Pedram Amini, eEye Digital Security, shirkdog
Homepage:http://www3.ca.com/
File Size:7341
Related CVE(s):CVE-2007-5326, CVE-2007-5329, CVE-2007-5327, CVE-2007-5325, CVE-2007-5328, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332
Last Modified:Dec 7 20:03:25 2007
MD5 Checksum:b570156ca875e160d5434e5fb72b11c5

 ///  File Name: cisco-sa-20071205-csa.txt
Description:
 Cisco Security Advisory - A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.
Homepage:http://www.cisco.com/
File Size:18547
Last Modified:Dec 6 01:04:21 2007
MD5 Checksum:c4dd03d41fbee887a43ee7ed09a62f03

 ///  File Name: cisco-sa-20071219-fwsm.txt
Description:
 Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) that may result in a reload of the FWSM. The only affected FWSM System Software Version is 3.2(3).
Homepage:http://www.cisco.com/
File Size:13946
Last Modified:Dec 19 19:46:07 2007
MD5 Checksum:5f83cd27b3e83dcd44bfc50f02b41827

 ///  File Name: ciscoworks-xss.txt
Description:
 CiscoWorks versions 2.6 and below suffer from a cross site scripting vulnerability.
Author:Dave Lewis
Homepage:http://www.liquidmatrix.org/
File Size:1533
Last Modified:Dec 6 00:31:06 2007
MD5 Checksum:9b84cccc8260ebaeb7ba41ddf2ebfff6

 ///  File Name: coolplayer-overflow.txt
Description:
 CoolPlayer versions 217 and below suffer from a buffer overflow vulnerability in CPLI_Readtag_OGG.
Author:Luigi Auriemma
Homepage:http://aluigi.org/
File Size:1851
Last Modified:Dec 28 20:22:15 2007
MD5 Checksum:2ce29fda2f085a9662141dc8d5b8db3c

 ///  File Name: CORE-2007-1004.txt
Description:
 Core Security Technologies Advisory - A vulnerability has been found in the ActiveX control DLL (axvlc.dll) used by VLC player. This library contains three methods whose parameters are not correctly checked, and may produce a bad initialized pointer. By providing these functions specially crafted parameters, an attacker can overwrite memory zones and execute arbitrary code. Vulnerable versions include VLC media player 0.86, 0.86a, 0.86b and 0.86c.
Author:Ricardo Narvaja
Homepage:http://www.coresecurity.com/corelabs/
File Size:6468
Last Modified:Dec 5 23:11:33 2007
MD5 Checksum:ba03d9ceb3e14845bb27b9831e01fcaf

 ///  File Name: CVE-2007-5342.txt
Description:
 The JULI logging component in Tomcat versions 5.5.9 through 5.5.25 and versions 6.0.0 to 6.0.15 allows web applications to provide their own logging configurations. The default security policy does not restrict this configuration and allows an untrusted web application to add files or overwrite existing files where the Tomcat process has the necessary file permissions to do so.
Author:Delian Krustev
Homepage:http://tomcat.apache.org/security.html
File Size:3156
Related CVE(s):CVE-2007-5342
Last Modified:Dec 24 18:18:29 2007
MD5 Checksum:d65c8164c8b1fe46229d21171c404d82

 ///  File Name: CVE-2007-6244.txt
Description:
 The Adobe Flash Player suffers from a cross site scripting vulnerability in an Active-X control.
Author:Collin Jackson
File Size:1686
Related CVE(s):CVE-2007-6244
Last Modified:Dec 19 21:11:36 2007
MD5 Checksum:703be4bb207a89818449a0ea3790ddcb

 ///  File Name: dosboxxx.txt
Description:
 DOSBox versions 0.72 and below suffer from a full filesystem access vulnerability.
Author:Luigi Auriemma
Homepage:http://aluigi.org/
Related Exploit:dosboxxx.zip
File Size:2620
Last Modified:Dec 10 20:10:41 2007
MD5 Checksum:199a6c3da7f58df5f9f540820ea8d0eb

 ///  File Name: dsa-1405-3.txt
Description:
 Debian Security Advisory 1405-3 - The Plone developers discovered that their hotfix, released as DSA 1405, introduced two regressions. This update corrects these flaws. It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
Homepage:http://www.debian.org/security
File Size:3275
Related CVE(s):CVE-2007-5741
Last Modified:Dec 28 20:10:01 2007
MD5 Checksum:51efab4fc57ec107f1a38fb68b2c5b6c

 ///  File Name: dsa-1417-1.txt
Description:
 Debian Security Advisory 1417-1 - Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit performs insufficient sanitizing of call-related data, which may lead to SQL injection.
Homepage:http://www.debian.org/security
File Size:17468
Related CVE(s):CVE-2007-6170
Last Modified:Dec 2 16:16:48 2007
MD5 Checksum:331836afa20816ca6ec78f2245cc3d38
 

 ///  Last 10 Files
  1. :· phpauction32-rfi.txt
  2. :· silentum-xss.txt
  3. :· iranmc-sql.txt
  4. :· citectodbc-fivews.txt
  5. :· citect_scada_odbc.rb.txt
  6. :· flockweb-dos.txt
  7. :· google-chrome-dos4.txt
  8. :· google-download2.txt
  9. :· PLSA-2008-41.txt
  10. :· PLSA-2008-40.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· PLSA-2008-41.txt
  2. :· PLSA-2008-40.txt
  3. :· PLSA-2008-39.txt
  4. :· PLSA-2008-38.txt
  5. :· PLSA-2008-37.txt
  6. :· MDVSA-2008-188.txt
  7. :· glsa-200809-05.txt
  8. :· PLSA-2008-36.txt
  9. :· microworld-insecure.txt
  10. :· SSRT080119.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· phpauction32-rfi.txt
  2. :· silentum-xss.txt
  3. :· iranmc-sql.txt
  4. :· citect_scada_odbc.rb.txt
  5. :· flockweb-dos.txt
  6. :· google-chrome-dos4.txt
  7. :· google-download2.txt
  8. :· webcmsportal-blindsql.txt
  9. :· esfaq-sql.txt
  10. :· vastal-itechcosmetics.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· clamav-0.94.tar.gz
  2. :· distack-1.1.0-dev.tar.gz
  3. :· samhain-2.4.6.tar.gz
  4. :· sqlmap-0.6.tar.gz
  5. :· psbot.py.txt
  6. :· mimedefang-2.65.tar.gz
  7. :· advchk-2.11.tar.bz2
  8. :· kisgearth-0.01f.tar.bz2
  9. :· lynis-1.2.0.tar.gz
  10. :· fwknop-1.9.7.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· citectodbc-fivews.txt
  2. :· freebsd-revcon.txt
  3. :· insecurityoverview-samsung.pdf
  4. :· xcon2008-cfp.txt
  5. :· aslr-bypass.txt
  6. :· alphanumeric-shellcode.txt
  7. :· imagebase-shellcode.txt
  8. :· mysql-injection-newbies.txt
  9. :· draft-gont-opsec-ip-security-01.txt
  10. :· draft-ietf-tsvwg-port-randomization-02.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice