Section: .. / 0803-advisories /
| /// File Name: |
03.10.08-1.txt |
Description:
|
iDefense Security Advisory 03.10.08 - Remote exploitation of a signedness error in the "vserver" component of SAP AG's MaxDB could allow attackers to execute arbitrary code. After accepting a connection, the "vserver" process forks and reads parameters from the client into various structures. When doing so, it trusts values sent from the client to be valid. By sending a specially crafted request, an attacker can cause heap corruption. This leads to a potentially exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on Linux. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3866 | | Related CVE(s): | CVE-2008-0307 | | Last Modified: | Mar 12 20:29:44 2008 |
| MD5 Checksum: | 052ff389d8811e4398c4bd663563772f |
|
| /// File Name: |
03.10.08-2.txt |
Description:
|
iDefense Security Advisory 03.10.08 - Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on both Linux and Solaris. Other versions for Unix-like systems are suspected to be vulnerable. Windows releases do not include the "sdbstarter" program.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3745 | | Related CVE(s): | CVE-2008-0306 | | Last Modified: | Mar 12 20:31:09 2008 |
| MD5 Checksum: | c5facadf7226394a03672061b153254b |
|
| /// File Name: |
03.11.08-1.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Excel spreadsheet application allows attackers to execute arbitrary code in the context of the user who started Excel. The vulnerability exists in the handling of DVAL records in BIFF8 format spreadsheet files. When certain fields are set to invalid values, heap corruption occurs. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 and Excel 2007. Previous versions may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3086 | | Related CVE(s): | CVE-2008-0111 | | Last Modified: | Mar 13 01:26:35 2008 |
| MD5 Checksum: | 1c71a5cca97e7d7714ca5a12198093ca |
|
| /// File Name: |
03.11.08-2.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel 2003 could allow attackers to execute arbitrary code in the context of the currently logged on user. This vulnerability specifically exists due to the improper handling of malformed formulas. By creating a document containing a specially crafted formula, an attacker is able to cause memory corruption that leads to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Excel 2003 SP2. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3240 | | Related CVE(s): | CVE-2008-0115 | | Last Modified: | Mar 13 01:27:41 2008 |
| MD5 Checksum: | 21b457751f6f41a127dcdbc087383750 |
|
| /// File Name: |
03.11.08-3.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of an input validation error in the handling of "mailto" URIs by Microsoft Corp.'s Outlook may allow arbitrary code execution. It is possible to construct a "mailto" URI which causes the web browser to pass extra command line switches to Outlook. These switches can modify Outlook's account configuration. iDefense has confirmed the existence of this vulnerability in Microsoft Outlook 2007 on Windows XP SP2. Previous versions may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3012 | | Related CVE(s): | CVE-2008-0110 | | Last Modified: | Mar 13 01:28:43 2008 |
| MD5 Checksum: | 3a1dfceb0f15cb2f4c8b70699b4e23c8 |
|
| /// File Name: |
03.18.08-1.txt |
Description:
|
iDefense Security Advisory 03.18.08 - Remote exploitation of a heap based buffer overflow vulnerability in CUPS, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.5. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3384 | | Related CVE(s): | CVE-2008-0047 | | Last Modified: | Mar 18 22:41:26 2008 |
| MD5 Checksum: | c2e5a25c6026dfd6fb7f133b0d26623e |
|
| /// File Name: |
03.31.08-1.txt |
Description:
|
iDefense Security Advisory 03.31.08 - Remote exploitation of an untrusted library loading vulnerability in Macrovision's InstallShield InstallScript One-Click Install ActiveX control allows remote attackers to execute code with the privileges of the currently logged in user. iDefense confirmed this vulnerability exists in version 12.0 of the Macrovision InstallShield InstallScript One-Click Install ActiveX Control. Previous versions of the control are reported to be vulnerable to variations of this attack. Previous versions are known to use different CLSIDs.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4514 | | Related CVE(s): | CVE-2007-5661 | | Last Modified: | Mar 31 22:43:14 2008 |
| MD5 Checksum: | 486f62abcfc53347e912d6da1790fd4b |
|
| /// File Name: |
07122001-eyefi.txt |
Description:
|
Airscanner Mobile Security Advisory #07122001 - Eye-Fi version 1.1.2 suffers from multiple cross site request forgery vulnerabilities.
| | Author: | Seth Fogie | | Homepage: | http://www.airscanner.com/ | | File Size: | 2759 | | Last Modified: | Mar 3 17:39:48 2008 |
| MD5 Checksum: | 9e9c2a6c781bf9e24320603e61b568d9 |
|
| /// File Name: |
08031201-flexispy.txt |
Description:
|
Airscanner Mobile Security Advisory #08031201 - FlexiSPY.com's user administration web application contains a critical bug that allows anyone to inject spoofed incoming/outgoing phone records, SMS messages, and Emails into the backend database for ANY user of the software if the IMEI value is known.
| | Author: | Seth Fogie | | Homepage: | http://www.airscanner.com/ | | File Size: | 2950 | | Last Modified: | Mar 18 21:40:49 2008 |
| MD5 Checksum: | ae3737a66fc225d2b129825fd2732d61 |
|
| /// File Name: |
acronis-null.txt |
Description:
|
Acronis True Image Windows Agent versions 1.0.0.54 and below suffer from a null pointer vulnerability. Put ??????? in a file and nc SERVER 9876 -v -v < file.txt to test for a demonstration of the vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 1951 | | Last Modified: | Mar 12 22:59:39 2008 |
| MD5 Checksum: | 9247c779480d007e0ae9c58d8c9367c1 |
|
| /// File Name: |
acronis-traverse.txt |
Description:
|
Acronis PXE Server versions 2.0.0.1076 and below suffer from directory traversal and null pointer vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | tftpx.zip | | File Size: | 2247 | | Last Modified: | Mar 12 23:38:49 2008 |
| MD5 Checksum: | cad516eaa27415cd38d03b2280da3ceb |
|
| /// File Name: |
ASPR-2008-03-11-1.txt |
Description:
|
A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible.
| | Author: | Sasa Kos, Mitja Kolsek | | Homepage: | http://www.acrossecurity.com/ | | File Size: | 6623 | | Last Modified: | Mar 12 23:58:12 2008 |
| MD5 Checksum: | 1c0c907c128f61e7c8b5352956944985 |
|
| /// File Name: |
ASPR-2008-03-11-2.txt |
Description:
|
A session fixation vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible.
| | Author: | Mitja Kolsek | | Homepage: | http://www.acrossecurity.com/ | | File Size: | 5672 | | Last Modified: | Mar 12 23:56:39 2008 |
| MD5 Checksum: | dd858b117867e564a338f0a8acb59c59 |
|
| /// File Name: |
AST-2008-002.txt |
Description:
|
Asterisk Project Security Advisory - Two buffer overflows exist in the RTP payload handling code of Asterisk. Both overflows can be caused by an INVITE or any other SIP packet with SDP. The request may need to be authenticated depending on configuration of the Asterisk installation.
| | Author: | Joshua Colp | | Homepage: | http://www.asterisk.org/security | | File Size: | 10835 | | Related CVE(s): | CVE-2008-1289 | | Last Modified: | Mar 18 22:34:40 2008 |
| MD5 Checksum: | 9af18bb93f79be77066637b6ba8f4e94 |
|
| /// File Name: |
AST-2008-003.txt |
Description:
|
Asterisk Project Security Advisory - Unauthenticated calls can be made via the SIP channel driver using an invalid From header. This acts similarly to the SIP configuration option 'allowguest=yes', in that calls with a specially crafted From header would be sent to the PBX in the context specified in the general section of sip.conf.
| | Author: | Jason Parker | | Homepage: | http://www.asterisk.org/security | | File Size: | 9431 | | Related CVE(s): | CVE-2008-1332 | | Last Modified: | Mar 18 22:36:42 2008 |
| MD5 Checksum: | 4503d7ec5e28b9a90bfa07d4c16f2dd4 |
|
| /// File Name: |
AST-2008-005.txt |
Description:
|
Asterisk Project Security Advisory - The HTTP Manager ID used by Asterisk is predictable, allowing an attack the ability to hijack a manager session.
| | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 15827 | | Related CVE(s): | CVE-2008-1390 | | Last Modified: | Mar 18 22:40:12 2008 |
| MD5 Checksum: | b3ec2efc2d6a9a02d1ed7f6a496a55ea |
|
| /// File Name: |
bootmanage-overflow.txt |
Description:
|
BootManage TFTPD versions 1.99 and below suffer from a buffer overflow vulnerability. To use the related exploit, run tftpx -f SERVER 2000 none.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | tftpx.zip | | File Size: | 1627 | | Last Modified: | Mar 17 15:47:19 2008 |
| MD5 Checksum: | ec3d22b978868311c4c9c27de4760793 |
|
| /// File Name: |
camulti-overflow.txt |
Description:
|
CA Security Advisory - CA products that implement the DSM ListCtrl ActiveX control are vulnerable to a buffer overflow condition that can allow a remote attacker to cause a denial of service or execute arbitrary code with the privileges of the user running the web browser.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 6462 | | Related CVE(s): | CVE-2008-1472 | | Last Modified: | Mar 28 17:29:16 2008 |
| MD5 Checksum: | 65eda83c7e5bae337d11f91b9d4e591b |
|
| /// File Name: |
cisco-sa-20080312-ucp.txt |
Description:
|
Cisco Security Advisory - Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application. The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed. The second set of vulnerabilities address cross-site scripting in the UCP application pages.
| | Author: | FX | | Homepage: | http://www.cisco.com/ | | File Size: | 14162 | | Related CVE(s): | CVE-2008-0532, CVE-2008-0533 | | Last Modified: | Mar 13 01:37:56 2008 |
| MD5 Checksum: | 383c5bf5fc0d9bcd46fd639132dd50a6 |
|
| /// File Name: |
cisco-sa-20080313-ipm.txt |
Description:
|
Cisco Security Advisory - CiscoWorks Internetwork Performance Monitor (IPM) version 2.6 for Sun Solaris and Microsoft Windows operating systems contains a vulnerability that allows remote, unauthenticated users to execute arbitrary commands. There are no workarounds for this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 10443 | | Related CVE(s): | CVE-2008-1157 | | Last Modified: | Mar 13 19:17:07 2008 |
| MD5 Checksum: | 03214c50b616aef81dc635cc4b89a345 |
|
| /// File Name: |
cisco-sa-20080326-dlsw.txt |
Description:
|
Cisco Security Advisory - Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 76852 | | Related CVE(s): | CVE-2008-1152 | | Last Modified: | Mar 26 18:23:13 2008 |
| MD5 Checksum: | 4996d1c7db9a231f201e973caff24acd |
|
| /// File Name: |
cisco-sa-20080326-IPv4IPv6.txt |
Description:
|
Cisco Security Advisory - A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
| | Homepage: | http://www.cisco.com/ | | File Size: | 68014 | | Related CVE(s): | CVE-2008-1153 | | Last Modified: | Mar 26 18:24:56 2008 |
| MD5 Checksum: | 497441b74e0004aa9688a6d78b55fdac |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
