Section: .. / 0807-advisories /
| /// File Name: |
sa31231.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/31231/ | | File Size: | 2162 | | Last Modified: | Jul 28 11:51:44 2008 |
| MD5 Checksum: | bd906de34ae82246e1df62d7546f1562 |
|
| /// File Name: |
MDVSA-2008-155-1.txt |
Description:
|
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15962 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 28 11:46:36 2008 |
| MD5 Checksum: | 66f5f6377fd559f737b581f46c2053bf |
|
| /// File Name: |
dsa-1619-1.txt |
Description:
|
Debian Security Advisory 1619-1 - Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.
| | Homepage: | http://www.debian.org/security | | File Size: | 3638 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 28 11:27:39 2008 |
| MD5 Checksum: | bc5cc0626a47ff39888e21678e8ff28c |
|
| /// File Name: |
dsa-1616-2.txt |
Description:
|
Debian Security Advisory 1616-2 - This update corrects a packaging and build error in the packages released in DSA-1616-1. Those packages, while functional, did not actually apply the fix intended. This update restores the fix to the package build; no other changes are introduced. Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 17117 | | Related CVE(s): | CVE-2008-2713 | | Last Modified: | Jul 28 11:26:50 2008 |
| MD5 Checksum: | ceabffda6d4cb45cef97943d6e18bd28 |
|
| /// File Name: |
MDVSA-2008-155.txt |
Description:
|
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 50277 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 25 21:02:23 2008 |
| MD5 Checksum: | c42b0d5c1d78fe93fed6e40c07dbe7cc |
|
| /// File Name: |
ZDI-08-047.txt |
Description:
|
A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control. Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3576 | | Related CVE(s): | CVE-2008-1309 | | Last Modified: | Jul 25 21:01:42 2008 |
| MD5 Checksum: | c1dc5a2b4f3ec5b589d8087402e03e9d |
|
| /// File Name: |
ZDI-08-046.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. Upon deletion of this file, an exploitable stack based buffer overflow can be triggered.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3360 | | Last Modified: | Jul 25 20:59:17 2008 |
| MD5 Checksum: | 6aee3edef397f5bdbe93bef7b3d46705 |
|
| /// File Name: |
ZDI-08-045.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3219 | | Related CVE(s): | CVE-2008-2317 | | Last Modified: | Jul 25 20:58:18 2008 |
| MD5 Checksum: | fd7eab9f0357ba1ffd8f1eb1b36d1baa |
|
| /// File Name: |
realplayer-exec.txt |
Description:
|
RealPlayer suffers from a vulnerability where the WindowName and Controls properties of rmoc3260.dll do not manage heap memory properly resulting in a use after free condition which can overwrite heap management structures resulting in code execution. RealPlayer 11, 10.5, 10, and Enterprise are all affected.
| | Author: | Elazar Broad | | File Size: | 1485 | | Last Modified: | Jul 25 20:57:26 2008 |
| MD5 Checksum: | 6770b3f1177517eb6841ebc11efa2528 |
|
| /// File Name: |
SECOBJADV-2008-02.txt |
Description:
|
Security Objectives Advisory - The Cygwin installation and update process can be subverted to a lack of checksum verification. Cygwin setup.exe version 2.573.2.2 is affected.
| | Author: | Derek Callaway | | Homepage: | http://www.security-objectives.com/ | | File Size: | 4453 | | Last Modified: | Jul 25 20:55:18 2008 |
| MD5 Checksum: | 0d95149f3d415d7bc0ba049956304dd5 |
|
| /// File Name: |
sa31177.txt |
Description:
|
Secunia Security Advisory - Mark Janssen has reported some vulnerabilities in Blackboard Academic Suite, which can be exploited by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/31177/ | | File Size: | 2199 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | f43d0f8db7b09debe264709947731072 |
|
| /// File Name: |
sa31205.txt |
Description:
|
Secunia Security Advisory - Mr.SQL has discovered a vulnerability in Atom PhotoBlog, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/31205/ | | File Size: | 2184 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | 784f6238bbf1dd434596aff77b3a1376 |
|
| /// File Name: |
sa31213.txt |
Description:
|
Secunia Security Advisory - BlueCat Networks has acknowledged a vulnerability in BlueCat Networks Adonis, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/31213/ | | File Size: | 2243 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | dc00a8a76304a957eead7b0780c8cd38 |
|
| /// File Name: |
sa31214.txt |
Description:
|
Secunia Security Advisory - IRAQI has reported a vulnerability in Live Music Plus, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/31214/ | | File Size: | 2194 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | 479fc5add8b7e28f4b0cbd6198d679da |
|
| /// File Name: |
sa31217.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Lore, which can be exploited by malicious people to conduct cross-site scripting-attacks.
| | Homepage: | http://secunia.com/advisories/31217/ | | File Size: | 2201 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | ca76756e5a02a5f4ddb6201dd2b607ed |
|
| /// File Name: |
sa31220.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/31220/ | | File Size: | 17916 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | c83703fa6dbfd5117f388cf9d0283151 |
|
| /// File Name: |
sa31222.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/31222/ | | File Size: | 2329 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | aec4063975a15fcbd0793e12405f7055 |
|
| /// File Name: |
sa31223.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for vsftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/31223/ | | File Size: | 2091 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | e421c352e0bd15c9e87ac94dcd262e03 |
|
| /// File Name: |
sa31224.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for rdesktop. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/31224/ | | File Size: | 2068 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | df154abc44a20fee3ff4dae01eab71d2 |
|
| /// File Name: |
sa31225.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for coreutils. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/31225/ | | File Size: | 2275 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | f49ceac0d7c62238bbd1b0195df3e212 |
|
| /// File Name: |
sa31226.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/31226/ | | File Size: | 2407 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | 906151d7db6572d95c9608ac83d8354c |
|
| /// File Name: |
sa31227.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.
| | Homepage: | http://secunia.com/advisories/31227/ | | File Size: | 2097 | | Last Modified: | Jul 25 20:50:29 2008 |
| MD5 Checksum: | 417e084c75c9f8618a20345cb57af521 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
