Section: .. / Last 20 Advisory Files /
| /// File Name: | MDVSA-2010-060.txt | Description:
| Mandriva Linux Security Advisory 2010-060 - The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5924 | | Related CVE(s): | CVE-2010-0639 | | Last Modified: | Mar 10 21:34:20 2010 | | MD5 Checksum: | 414b8437f31d74850426f8a525a3e1e8 |
|
| /// File Name: | USN-908-1.txt | Description:
| Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 38935 | | Related CVE(s): | CVE-2010-0408, CVE-2010-0434 | | Last Modified: | Mar 10 21:26:31 2010 | | MD5 Checksum: | c325fa7847fc469032e3592c119cde4f |
|
| /// File Name: | MDVSA-2010-059.txt | Description:
| Mandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 18565 | | Related CVE(s): | CVE-2009-3940 | | Last Modified: | Mar 10 21:26:09 2010 | | MD5 Checksum: | 48a4c84f6d63d9b13bd485a788bc892d |
|
| /// File Name: | secunia-xnviewdicom.txt | Description:
| Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected. | | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4126 | | Related CVE(s): | CVE-2009-4001 | | Last Modified: | Mar 10 21:23:39 2010 | | MD5 Checksum: | 06aae772fe010c07ca5d04fd20ac13e2 |
|
| /// File Name: | excel-codeexec.txt | Description:
| VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The flaw is caused by a memory corruption error when processing malformed "EntExU2" records in an Excel document, which could be exploited by attackers to execute arbitrary code. | | Author: | Nicolas JOLY | | Homepage: | http://www.vupen.com/ | | File Size: | 2681 | | Related CVE(s): | CVE-2010-0257 | | Last Modified: | Mar 10 21:21:05 2010 | | MD5 Checksum: | f66a1be4abfb1a54cae69d7791394e13 |
|
| /// File Name: | secunia-etsdisclose.txt | Description:
| Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the "mysqldump" utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected. | | Homepage: | http://secunia.com/ | | File Size: | 4385 | | Related CVE(s): | CVE-2010-0124 | | Last Modified: | Mar 10 10:57:24 2010 | | MD5 Checksum: | 5c55f50ca9c91dbe8978a3bb60746a6c |
|
| /// File Name: | secunia-etssql.txt | Description:
| Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "username" and "password" parameters in auth.php and login_action.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 0.99 is affected. | | Homepage: | http://secunia.com/ | | File Size: | 4407 | | Related CVE(s): | CVE-2010-0122 | | Last Modified: | Mar 10 10:55:45 2010 | | MD5 Checksum: | 97deca06ff6efb5d59e274ff9355eacb |
|
| /// File Name: | tarcpio-overflow.txt | Description:
| GNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected. | | Author: | Jakob Lell | | File Size: | 5110 | | Related CVE(s): | CVE-2010-0624 | | Last Modified: | Mar 10 10:48:29 2010 | | MD5 Checksum: | f12725e9c18845e64dcff526a6f7d29f |
|
| /// File Name: | secunia-etsb.txt | Description:
| Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious people to disclose sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. Version 0.99 is affected. | | Homepage: | http://secunia.com/ | | File Size: | 4397 | | Related CVE(s): | CVE-2010-0123 | | Last Modified: | Mar 10 10:44:55 2010 | | MD5 Checksum: | 691c19edbe543e11cd7b2a8326ea3cd9 |
|
| /// File Name: | 03.09.10-4.txt | Description:
| iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXTUPLE record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXTUPLE record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017. | | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3817 | | Related CVE(s): | CVE-2010-0260 | | Last Modified: | Mar 10 10:20:50 2010 | | MD5 Checksum: | 361cae51b434d20705f58c6f7cde7793 |
|
| /// File Name: | 03.09.10-3.txt | Description:
| iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXSET record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXSET record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017. | | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3813 | | Related CVE(s): | CVE-2010-0261 | | Last Modified: | Mar 10 10:19:19 2010 | | MD5 Checksum: | fcd3d4df59f6a8656e954ecae6950e45 |
|
| /// File Name: | 03.09.10-2.txt | Description:
| iDefense Security Advisory 03.09.10 - Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs due to Excel using a local function variable without properly initializing it. This error occurs when parsing several related records inside of an Excel worksheet. When Excel parses certain records in a particular order, a stack variable may not be initialized properly. If an attacker can control the area of memory used for this variable, then it is possible to execute arbitrary code on the targeted host. iDefense has confirmed the existence of this vulnerability in Excel versions 2003 SP3, 2007 SP0, SP1, and SP3 . Previous versions do not appear to be affected. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017. | | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3939 | | Related CVE(s): | CVE-2010-0262 | | Last Modified: | Mar 10 10:17:18 2010 | | MD5 Checksum: | 4c6d869c98aaa46c8b7d0dec92b565e3 |
|
| /// File Name: | 03.09.10-1.txt | Description:
| iDefense Security Advisory 03.09.10 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is a type confusion vulnerability that occurs when parsing several related Excel record types. In this case, the type confusion is due to multiple records containing fields that identify the type of an object shared between them. By controlling memory outside of the bounds of the allocated heap chunk, an attacker can control a C++ object pointer used in a virtual function call. This can result in an area of memory being treated as a different type of object than it actually is, resulting in access outside of the bounds of the allocated object. iDefense has confirmed the existence of this vulnerability in all currently supported versions of Excel (2007 SP1/SP2, 2003 SP3, XP SP3), and also the currently unsupported Excel 2000 SP3. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017. | | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 4148 | | Related CVE(s): | CVE-2010-0258 | | Last Modified: | Mar 10 10:09:49 2010 | | MD5 Checksum: | bc5319861ff9ff807a6e7bfce8180ecb |
|
| /// File Name: | dsa-2009-1.txt | Description:
| Debian Linux Security Advisory 2009-1 - It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitizing in the TrackBack transmission plugin. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3903 | | Related CVE(s): | CVE-2010-0726 | | Last Modified: | Mar 10 10:04:15 2010 | | MD5 Checksum: | 17479d9fa7fc431d68a341d436fda6a2 |
|
| /// File Name: | TA10-068A.txt | Description:
| Technical Cyber Security Alert 2010-68A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. | | Author: | US-CERT | | Homepage: | http://www.us-cert.gov/ | | File Size: | 3802 | | Last Modified: | Mar 9 18:18:07 2010 | | MD5 Checksum: | 52a06df4c61def449f7f9c9f8bcad8b7 |
|
| /// File Name: | CORE-2009-1103.txt | Description:
| Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file. | | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7741 | | Related CVE(s): | CVE-2010-0264 | | Last Modified: | Mar 9 18:13:44 2010 | | MD5 Checksum: | 3b4084cc3bd02ec3abcf8034a1cd52e2 |
|
| /// File Name: | CORE-2009-0813.txt | Description:
| Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution. | | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 12942 | | Related CVE(s): | CVE-2010-0265 | | Last Modified: | Mar 9 18:11:06 2010 | | MD5 Checksum: | c616fcba3c0a93ba3996a3ca8d8818b9 |
|
| /// File Name: | MDVSA-2010-058.txt | Description:
| Mandriva Linux Security Advisory 2010-058 - Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 62736 | | Last Modified: | Mar 9 18:06:23 2010 | | MD5 Checksum: | 07bda32325dbbfc3f66329dadbc38dc9 |
|
| /// File Name: | ZDI-10-026.txt | Description:
| Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3057 | | Related CVE(s): | CVE-2010-0447 | | Last Modified: | Mar 9 18:02:35 2010 | | MD5 Checksum: | 7e8b4a4e56efc310c9d29affb2ee9a3f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
