accept no compromises
Showing 1 - 25 of 492 RSS Feed

Files

Debian Linux Security Advisory 1283-1
Posted May 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1283-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-1286, CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1454, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777, CVE-2007-1824, CVE-2007-1887, CVE-2007-1889, CVE-2007-1900
MD5 | 75fbfcf5dbc7740ecc59ffbcfaa8a3a7
Gentoo Linux Security Advisory 200704-23
Posted May 3, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200704-23 - The bufprint() function in capi4k-utils fails to properly check boundaries of data coming from CAPI packets. Versions less than 20050718-r3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1217
MD5 | 46804317c725150a6bd1cf67b2c5130f
Gentoo Linux Security Advisory 200704-22
Posted May 3, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200704-22 - BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid() fails due to a user exceeding assigned resource limits. Versions less than 0.7.1 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2006-2916, CVE-2006-4447
MD5 | 2b72440271eba9de7155d2f5d02c6e77
afflib-overflows.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple buffer overflows exist in AFFLIB version 2.2.0. Earlier versions may also be affected.

tags | advisory, overflow
advisories | CVE-2007-2053
MD5 | 446352877e3aa73c1f54b3318d5ff7be
afflib-toctou.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - A Time-of-Check-Time-of-Use file race condition exists in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory
advisories | CVE-2007-2056
MD5 | 0c56679cd5d6f442117bbe96db6ea730
afflib-shellinject.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple shell metacharacter injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory, shell, vulnerability
advisories | CVE-2007-2055
MD5 | 250aadb801be2ae9dd1d5c05882b2ec4
afflib-fmtstr.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple format string injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory, vulnerability
advisories | CVE-2007-2054
MD5 | f5720e6ca358ef67b2fbb4e58f26fd49
iDEFENSE Security Advisory 2007-04-26.3
Posted May 3, 2007
Authored by iDefense Labs, Pravus | Site idefense.com

iDefense Security Advisory 04.26.07 - Norton Ghost allows administrators and other power users to schedule snapshots of local disks for backup and recovery purposes. If these recovery points are set to save to a remote network share Ghost will prompt the user to enter a user name and password for the share. Password information entered into Ghost for this purpose is encrypted and saved to the local file system in the applications home directory which has read access allowed for all users. The encryption key used by Ghost to decrypt these stored credentials is derived from the MD5 hash of the plain text user name stored in the configuration file. Since every user on the system has read access to these configuration files, any user can decrypt the stored passwords. iDefense verified the existence of this vulnerability on Norton Ghost 10.0. Other versions may be vulnerable as well.

tags | advisory, remote, local
MD5 | c9c6043fee23fdf1fc462b362a8403d3
iDEFENSE Security Advisory 2007-04-26.2
Posted May 3, 2007
Authored by iDefense Labs, Pravus | Site idefense.com

iDefense Security Advisory 04.26.07 - Local exploitation of a buffer overflow vulnerability in Norton Ghost could allow local attackers to run code as the SYSTEM level user. Norton Ghost Service Manager is a Local Server COM object that allows privileged Ghost Backup Operators the ability to take and restore Ghost images of the system. A function within the Service Manager can be used to trigger a buffer overflow by supplying an overly long string. iDefense verified the existence of this vulnerability on Norton Ghost 10.0. Other versions may be vulnerable as well.

tags | advisory, overflow, local
MD5 | 8e1831adea9ac92f11f0c6b4c607ea0b
Ubuntu Security Notice 454-1
Posted May 3, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 454-1 - PostgreSQL did not handle the "search_path" configuration option in a secure way for functions declared as "SECURITY DEFINER". Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. The updated version does not search the temporary table schema for functions and operators any more.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-2138
MD5 | 0c69ebd23c86a1fa63415620f7f3e232
Ubuntu Security Notice 455-1
Posted May 3, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 455-1 - A slew of vulnerabilities for PHP5 have been patched.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1824, CVE-2007-1887, CVE-2007-1888, CVE-2007-1900
MD5 | c6010940f066f19053aea86e55037dad
iDEFENSE Security Advisory 2007-04-26.1
Posted May 3, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.26.07 - Remote exploitation of a denial of service (DoS) vulnerability in Novell Inc.'s eDirectory product could allow an attacker to force the running daemon to cease servicing requests. The problem specifically exists within the NCP functionality of eDirectory. Sending a sequence of specially crafted fragmented requests will cause a DoS condition. iDefense has confirmed the existence of this vulnerability in version 8.8.1 of Novell Inc.'s eDirectory server with FTF1 applied. The earliest version tested was 8.8. Earlier versions are suspected to be vulnerable.

tags | advisory, remote, denial of service
advisories | CVE-2006-4520
MD5 | 48a75120cc625ccfb07acaa52aedc405
Debian Linux Security Advisory 1282-1
Posted May 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1282-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-1286, CVE-2007-1380, CVE-2007-1521, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777
MD5 | cadce548a2e58678bb0050c427751ab0
Ubuntu Security Notice 453-2
Posted May 3, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 453-2 - USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-1667
MD5 | c65cd90b31c101264b86a08cc036d8f7
CA Security Advisory 35277
Posted May 2, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA CleverPath Portal contains a vulnerability that can allow a local attacker to access confidential data. The vulnerability is due to insufficient filtering of SQL search queries. CA has issued a patch to address the vulnerability.

tags | advisory, local
advisories | CVE-2007-2230
MD5 | b3399cd503f4b6d1f198fd59ee6855d9
CA Security Advisory 35198
Posted May 2, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA BrightStor ARCserve Backup Media Server contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2007-1785, CVE-2007-2139
MD5 | 836fb8b03fb3f4e770291a868d924eb8
Mandriva Linux Security Advisory 2007.094
Posted May 2, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2138
MD5 | 9440c19744ef56d999ba572a309cc4ae
iedos-issue.txt
Posted May 2, 2007
Authored by Lostmon | Site lostmon.blogspot.com

Microsoft Internet Explorer contains a flaw that may allow a malicious user to cause IE7 to enter a loop in which IE7 become unresponsive resulting in a recoverable denial of service issue.

tags | advisory, denial of service
MD5 | 57d7f19f626cd637a47ac4c467099cc9
Debian Linux Security Advisory 1281-1
Posted May 2, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1281-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit.

tags | advisory, remote, vulnerability, virus
systems | linux, debian
advisories | CVE-2007-1745, CVE-2007-1997, CVE-2007-2029
MD5 | e0810b0750288966552e788c4f40fcf5
ieff-split.txt
Posted May 2, 2007
Authored by Stefano Di Paola | Site wisec.it

Firefox and Internet Explorer are prone to HTTP request splitting when Digest Authentication occurs.

tags | advisory, web
MD5 | 5426a639741037c2c3ecdb00815e92d0
Cisco Security Advisory 20070425-nfc
Posted May 2, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Versions of Cisco Network Services (CNS) NetFlow Collection Engine (NFC) prior to 6.0 create and use default accounts with identical usernames and passwords. An attacker with knowledge of these accounts can modify the application configuration and, in certain instances, gain user access to the host operating system.

tags | advisory
systems | cisco
MD5 | cf553a8d2b4152c2e86675fa2dae6d8c
ASA-2007-012.txt
Posted Apr 25, 2007
Site asterisk.org

Asterisk Project Security Advisory - The Asterisk Manager Interface has a remote crash vulnerability. If a manager user is configured in manager.conf without a password, and then a connection is made that attempts to use that username and MD5 authentication, Asterisk will dereference a NULL pointer and crash.

tags | advisory, remote
MD5 | 5b817c74c96c6fedc5164d93d80850d7
ASA-2007-011.txt
Posted Apr 25, 2007
Authored by qwerty1979 | Site asterisk.org

Asterisk Project Security Advisory - Multiple problems have been identified in the Asterisk SIP channel driver (chan_sip) when handling response packets from other SIP endpoints.

tags | advisory
MD5 | 15147c6214e06f689cb0273dd6ad4c52
ASA-2007-010.txt
Posted Apr 25, 2007
Authored by Barrie Dempster | Site asterisk.org

Asterisk Project Security Advisory - Two closely related stack based buffer overflows exist in the SIP/SDP handler of Asterisk, the vulnerabilities are very similar but exist as two separate unsafe function calls.

tags | advisory, overflow, vulnerability
MD5 | 252a950355a472b214e00960e093be58
Zero Day Initiative Advisory 07-022
Posted Apr 25, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.

tags | advisory, arbitrary
advisories | CVE-2007-2139
MD5 | 2e27e27253c5a55507c1f03fbdf93dad
Page 1 of 20
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close