.:[ packet storm ]:. - http://packetstormsecurity.org/

Section: .. / 0804-advisories /

Page 21 of 25
<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 >> Files 500 - 525 of 608

Currently sorted by: Last Modified Sort By: File Name, File Size

/// File Name:	NDSA20080215.txt
Description:	Nth Dimension Security Advisory (NDSA20080215) - The Festival server is vulnerable to unauthenticated remote code execution. Further research indicates that this vulnerability has already been reported as a local privilege escalation against both the Gentoo and SuSE GNU/Linux distributions. The remote form of this vulnerability was identified in 1.96~beta-5 as distributed in Debian unstable but it is also believed that Ubuntu Hardy Heron was affected.
Author:	Tim Brown
Homepage:	http://www.nth-dimension.org.uk/
File Size:	3589
Last Modified:	Apr 4 20:02:03 2008
MD5 Checksum:	8491b07e54d530655b227b344f7bff1a

/// File Name:	04.03.08-2.txt
Description:	iDefense Security Advisory 04.03.08 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s Alert Notification Service may allow an authenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense confirmed the existence of these vulnerabilities with Computer Associates' Threat Manager for the Enterprise version 8.1. Other products that contain the Alert Notification Service are suspected to be vulnerable as well.
Homepage:	http://www.idefense.com/
File Size:	3319
Related CVE(s):	CVE-2007-4620
Last Modified:	Apr 4 19:55:55 2008
MD5 Checksum:	cc1671ff27d2d45ed90d7e7995b9b75a

/// File Name:	04.03.08-1.txt
Description:	iDefense Security Advisory 04.03.08 - Local exploitation of a directory traversal vulnerability within the pkgadd program distributed with SCO Group Inc's UnixWare operating system allows attackers to gain root privileges. iDefense confirmed the existence of this vulnerability within version 7.1.4 of UnixWare with all patches available as of August 27th, 2007 installed. Previous versions are suspected to be vulnerable.
Homepage:	http://www.idefense.com/
File Size:	3099
Related CVE(s):	CVE-2008-0310
Last Modified:	Apr 4 19:54:59 2008
MD5 Checksum:	54a6b6775305fc5d7841e82a9879ee16

/// File Name:	ZDI-08-019.txt
Description:	A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the QuickTime VR 'obji' atom. When the size of the atom is set to 0, a stack overflow condition occurs resulting in the execution of arbitrary code. Version 7.4.1 is affected.
Homepage:	http://www.zerodayinitiative.com/
File Size:	3094
Related CVE(s):	CVE-2008-1022
Last Modified:	Apr 4 19:53:54 2008
MD5 Checksum:	415cd4d63c1fe26974238ae00be12600

/// File Name:	ZDI-08-018.txt
Description:	A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Animation codec. A lack of proper length checks can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
Homepage:	http://www.zerodayinitiative.com/
File Size:	3171
Related CVE(s):	CVE-2008-1021
Last Modified:	Apr 4 19:51:11 2008
MD5 Checksum:	fe8354f74872ddc5dccc2455a6d692b7

/// File Name:	ZDI-08-017.txt
Description:	A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library responsible for parsing Kodak encoded images. A lack of proper error checking can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
Author:	Ruben Santamarta
Homepage:	http://www.zerodayinitiative.com/
File Size:	2935
Related CVE(s):	CVE-2008-1020
Last Modified:	Apr 4 19:49:41 2008
MD5 Checksum:	71f08357b01b38db42fb821eaa3dce66

/// File Name:	ZDI-08-016.txt
Description:	A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the parsing of the QuickTime Channel Compositor atom. When the movie file contains a malformed 'chan' atom, a heap corruption occurs resulting in the execution of arbitrary code. Version 7.4.1 is affected.
Homepage:	http://www.zerodayinitiative.com/
File Size:	3095
Related CVE(s):	CVE-2008-1018
Last Modified:	Apr 4 19:48:34 2008
MD5 Checksum:	ce95497bee97f6b5779de8557aa8055e

/// File Name:	ZDI-08-015.txt
Description:	A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library. The vulnerability resides in the component's parsing of 'crgn' atoms. A lack of proper sanity checks on the region size field can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
Author:	Sanbin Li
Homepage:	http://www.zerodayinitiative.com/
File Size:	3223
Related CVE(s):	CVE-2008-1017
Last Modified:	Apr 4 19:47:18 2008
MD5 Checksum:	9c6642a80f757742c14a9e01a910ccbf

/// File Name:	ZDI-08-014.txt
Description:	A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the quickTime.qts while parsing corrupted .pict files. The module contains a vulnerable memory copy loop which searches for a terminator value. When this value is changed or omitted, a heap corruption occurs allowing the execution of arbitrary code. Version 7.4.1 is affected.
Author:	bugfree
Homepage:	http://www.zerodayinitiative.com/
File Size:	2901
Related CVE(s):	CVE-2008-1019
Last Modified:	Apr 4 19:46:25 2008
MD5 Checksum:	a58d7e9471769f1cf1501b1e61d2c73c

/// File Name:	sa29498.txt
Description:	Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, or to compromise a vulnerable system.
Homepage:	http://secunia.com/advisories/29498/
File Size:	2377
Last Modified:	Apr 4 18:56:42 2008
MD5 Checksum:	05d050f13738fef13b00d630f7b7841a

/// File Name:	sa29604.txt
Description:	Secunia Security Advisory - Debian has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to compromse a vulnerable system.
Homepage:	http://secunia.com/advisories/29604/
File Size:	6227
Last Modified:	Apr 4 18:56:42 2008
MD5 Checksum:	37502967b0486304b7fb04ee6fff41e7

/// File Name:	sa29657.txt
Description:	Secunia Security Advisory - A vulnerability has been reported in SCO UnixWare, which can be exploited by malicious, local users to gain escalated privileges.
Homepage:	http://secunia.com/advisories/29657/
File Size:	2833
Last Modified:	Apr 4 18:56:42 2008
MD5 Checksum:	707110437162ca8b4ab6a704a62db2cc

/// File Name:	sa29669.txt
Description:	Secunia Security Advisory - Diego Juarez has reported a vulnerability in Orbit Downloader, which potentially can be exploited by malicious people to compromise a user's system.
Homepage:	http://secunia.com/advisories/29669/
File Size:	2366
Last Modified:	Apr 4 18:56:42 2008
MD5 Checksum:	8a0cb27aba6df6bf3e1464ed4888e5fa

/// File Name:	sa29670.txt
Description:	Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system.
Homepage:	http://secunia.com/advisories/29670/
File Size:	2893
Last Modified:	Apr 4 18:56:42 2008
MD5 Checksum:	0d850cc8def2a46d6afde8d374e04eda

/// File Name:	sa29674.txt
Description:	Secunia Security Advisory - A vulnerability has been reported in Webwasher, which can be exploited by malicious people to cause a DoS (Denial of Service).
Homepage:	http://secunia.com/advisories/29674/
File Size:	2599
Last Modified:	Apr 4 18:56:42 2008
MD5 Checksum:	dd83b9661681c396e190a3440154c6e0

/// File Name:	04.02.08-3.txt
Description:	iDefense Security Advisory 04.02.08 - Remote exploitation of a design error in an ActiveX control installed with Symantec Norton Internet Security 2008 could allow for the execution of arbitrary code. iDefense confirmed that this vulnerability exists in version 2.7.0.1 of the control that is installed with the 2008 version of Norton Internet Security. Other versions may also be available.
Homepage:	http://www.idefense.com/
File Size:	3655
Related CVE(s):	CVE-2008-0313
Last Modified:	Apr 4 18:56:33 2008
MD5 Checksum:	c63a4b10122d61c0886a3797d862f1e5

/// File Name:	04.02.08-2.txt
Description:	iDefense Security Advisory 04.02.08 - Remote exploitation of a buffer overflow vulnerability in an ActiveX control installed by Symantec Norton Internet Security 2008 could allow for the execution of arbitrary code. iDefense confirmed that this vulnerability exists in version 2.7.0.1 of the control that is installed with the 2008 version of Norton Internet Security. Other versions may also be available.
Author:	Peter Vreugdenhil
Homepage:	http://www.idefense.com/
File Size:	3584
Related CVE(s):	CVE-2008-0312
Last Modified:	Apr 4 18:55:41 2008
MD5 Checksum:	a0998a74f1cfaf08d9aee600fca2915b

/// File Name:	04.02.08-1.txt
Description:	iDefense Security Advisory 04.02.08 - Remote exploitation of a buffer overflow vulnerability in Borland Software Corp.'s CaliberRM enterprise software requirements management system could allow attackers to execute arbitrary code with SYSTEM level privileges. iDefense confirmed that the trial version of Borland CaliberRM 2006 (file version 9.0.809.000) is vulnerable. The actual vulnerable component is StarTeam Multicast Service 6.4. Other Borland products containing StarTeam Multicast Service component, such as Borland StarTeam, may also be affected.
Homepage:	http://www.idefense.com/
File Size:	4927
Related CVE(s):	CVE-2008-0311
Last Modified:	Apr 4 18:53:10 2008
MD5 Checksum:	4e3ea5589c83878f0b1b738b83c55cd6

/// File Name:	CORE-2008-0314.txt
Description:	Core Security Technologies Advisory - Orbit Downloader is vulnerable to a buffer overflow attack which can be exploited to execute arbitrary code. Versions 2.6.3 and 2.6.4 are verified vulnerable.
Author:	Diego Juarez
Homepage:	http://www.coresecurity.com/corelabs/
File Size:	7486
Related CVE(s):	CVE-2008-1602
Last Modified:	Apr 4 18:03:17 2008
MD5 Checksum:	3cb9c129e128a6f459b5ce8739aaf7a1

/// File Name:	TA08-094A.txt
Description:	Technical Cyber Security Alert TA08-094A - Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Homepage:	http://www.us-cert.gov/
File Size:	3628
Last Modified:	Apr 4 17:57:46 2008
MD5 Checksum:	60f2970d4d83177489a7d4ebb3c8d958

/// File Name:	cisco-sa-20080403-drf.txt
Description:	Cisco Security Advisory - Several products in the Cisco Unified Communications family of products contain a command execution vulnerability in the Disaster Recovery Framework (DRF) feature. A remote, unauthenticated user could exploit this vulnerability to execute arbitrary commands that may allow full administrative access to affected systems. There is a workaround for this vulnerability.
Homepage:	http://www.cisco.com/
File Size:	12435
Related CVE(s):	CVE-2008-1154
Last Modified:	Apr 4 17:56:55 2008
MD5 Checksum:	9d04ddfdd8879fbb50747c67c1fb4a86

/// File Name:	webwasher-dos.txt
Description:	It appears that Secure Computing Webwasher versions 6.6.3 and below suffer form a denial of service vulnerability.
Author:	National Australia Bank Security Assurance
File Size:	2198
Last Modified:	Apr 4 17:52:34 2008
MD5 Checksum:	76689687b007ad966776a162e45fd28c

/// File Name:	virtuozzo-xsrf.txt
Description:	Virtuozzo from Parallels suffers from cross site request forgery vulnerabilities.
Author:	poplix
Homepage:	http://px.dynalias.org/
File Size:	1756
Last Modified:	Apr 4 17:43:35 2008
MD5 Checksum:	fecc08d75ae7ba875e668dc7dabf3479

/// File Name:	dsa-1537-1.txt
Description:	Debian Security Advisory 1537-1 - Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files.
Homepage:	http://www.debian.org/security
File Size:	7172
Related CVE(s):	CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
Last Modified:	Apr 4 17:36:47 2008
MD5 Checksum:	d48aae6288a7f069b72300c4ff33fcda

/// File Name:	ksesfilter.txt
Description:	kses-based HTML filters for projects like WordPress, Moodle, Drupal, eGroupWare, Dokeos, PHP-Nuke, Geeklog, etc, have been found vulnerable to cross site scripting and code execution vulnerabilities.
Author:	Lukas Pilorz
Homepage:	http://allegro.pl/
File Size:	4498
Last Modified:	Apr 4 17:36:05 2008
MD5 Checksum:	84dffd73915467fb43f6eb8e2af5244f

/// Last 10 Files

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Advisories

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Exploits

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Tools

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Misc

[ Last 20 | Last 50 | Last 100 ]