Exploit the possiblities
Showing 1 - 25 of 441 RSS Feed

Files

Gentoo Linux Security Advisory 200705-20
Posted May 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-20 - Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK and the Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in the Sun JDK and the Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Versions less than 1.4.2.03-r14 are affected.

tags | advisory, java, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2006-6731, CVE-2006-6736, CVE-2006-6737, CVE-2006-6745
MD5 | 000b449b02865f4a4bcf9959e52b5db0
Gentoo Linux Security Advisory 200705-19
Posted May 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-19 - Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function. Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions, and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library. Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Versions less than 5.2.2 are affected.

tags | advisory, overflow, php, vulnerability
systems | linux, gentoo
advisories | CVE-2007-1001, CVE-2007-1285, CVE-2007-1286, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1701, CVE-2007-1711, CVE-2007-1717, CVE-2007-1718, CVE-2007-1864, CVE-2007-1900, CVE-2007-2509, CVE-2007-2510, CVE-2007-2511
MD5 | 57aafd3389cccd61dd0f2470e8144248
Ubuntu Security Notice 465-1
Posted May 31, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 465-1 - Luigi Auriemma discovered multiple flaws in pulseaudio's network processing code. If an unauthenticated attacker sent specially crafted requests to the pulseaudio daemon, it would crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2007-1804
MD5 | be02bc364009d306a797ce15f0cb26c6
iDEFENSE Security Advisory 2007-05-25.1
Posted May 31, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.25.07 - Remote exploitation of multiple stack-based buffer overflows in Sun Microsystems Inc's Java System Web Proxy allows unauthenticated attackers to execute arbitrary code with superuser privileges. The problem specifically exists within the "sockd" daemon. This daemon implements SOCKS proxy support for the Web Proxy product. Attackers can cause a buffer overflow by manipulating certain bytes during protocol negotiation. iDefense has confirmed the existence of this vulnerability using version 4.0.3 of Sun Java Web Proxy Server. Lab tests were performed on an x86 RedHat enterprise Linux machine. Previous versions, including products released under the "Sun ONE" product line, are suspected to be vulnerable.

tags | advisory, java, remote, web, overflow, arbitrary, x86, protocol
systems | linux, redhat
MD5 | 1598909a3d4f1ba7380b51a8e5f82b75
OpenPKG Security Advisory 2007.19
Posted May 31, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Multiple vulnerabilities in PHP versions 5.2.2 and below have been addressed.

tags | advisory, php, vulnerability
advisories | CVE-2007-1380, CVE-2007-1375, CVE-2007-1376, CVE-2007-1521, CVE-2007-1484, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1461, CVE-2007-1887, CVE-2007-1888, CVE-2007-1717, CVE-2007-1835, CVE-2007-1890, CVE-2007-1824
MD5 | b6e50daee02b6a72dc70cee56c380b95
n.runs-SA-2007.009.txt
Posted May 30, 2007
Authored by Sergio Alvarez | Site nruns.com

A remotely exploitable vulnerability has been found in the file parsing engine of ALWIL avast! antivirus software versions prior to 4.7.700 when parsing .SIS files.

tags | advisory
MD5 | 68ed6d70bc1d37d65e894b6af1bfe3a8
Ubuntu Security Notice 464-1
Posted May 30, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 464-1 - Multiple vulnerabilities have been patched against in the Linux kernel. Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. Gabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verify option values for IPV6_RTHDR. A local attacker could exploit this to trigger a kernel crash. A Denial of Service vulnerability was discovered in the nfnetlink_log() netfilter function. A remote attacker could exploit this to trigger a kernel crash. The connection tracking module for IPv6 did not properly handle the status field when reassembling fragmented packets, so that the final packet always had the 'established' state. A remote attacker could exploit this to bypass intended firewall rules. Masayuki Nakagawa discovered an error in the flowlabel handling of IPv6 network sockets. A local attacker could exploit this to crash the kernel. The do_dccp_getsockopt() function did not sufficiently verify the optlen argument. A local attacker could exploit this to read kernel memory (which might expose sensitive data) or cause a kernel crash. This only affects Ubuntu 7.04. The IPv4 and DECnet network protocol handlers incorrectly declared an array variable so that it became smaller than intended. By sending crafted packets over a netlink socket, a local attacker could exploit this to crash the kernel.

tags | advisory, remote, denial of service, kernel, local, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2007-1357, CVE-2007-1388, CVE-2007-1496, CVE-2007-1497, CVE-2007-1592, CVE-2007-1730, CVE-2007-2172
MD5 | 9b31d90401441ebd4532d2e93a14c4fe
iDEFENSE Security Advisory 2007-05-24.1
Posted May 30, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.24.07 - Local exploitation of a privilege escalation vulnerability in Apple Computer Inc.'s Mac OS X pppd could allow an attacker to gain root privileges. The vulnerability exists due to insufficient access validation when processing the "plugin" command line option. The application does not properly verify that the requesting user has root privileges and allows any user to load plug-ins. When checking to see if the executing user has root privileges, a check is made to see if the stdin file descriptor is owned by root. Passing this check is trivial and allows the attacker to load arbitrary plug-ins resulting in arbitrary code execution with root privileges. iDefense has confirmed the existence of this vulnerability in version 10.4.8 of Mac OS X. Other versions may also be affected.

tags | advisory, arbitrary, local, root, code execution
systems | apple, osx
advisories | CVE-2007-0752
MD5 | 05fecd15da1bbba24ed181f41519fb2d
Debian Linux Security Advisory 1297-1
Posted May 30, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1297-1 - Bernhard R. Link discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2007-0246
MD5 | a9786fd6abe2ff8d3f62148987f3dd04
cmgs-plain.txt
Posted May 30, 2007
Authored by Mike Iacovacci

A serious security flaw is present in Credant Mobile Guardian Shield for Windows versions 5.2.1.105 and prior. Several instances of the users Windows Domain name, Domain username, and password are stored in plain text within the memory (RAM) of the mobile device. This risk is compounded by the fact that the Windows paging file is not encrypted per default settings. The unencrypted paging file would likely contain the plain text Windows Domain credentials as well.

tags | advisory
systems | windows
MD5 | 639db5372851ab5e33bda00468c915c3
n.runs-SA-2007.008.txt
Posted May 30, 2007
Authored by Sergio Alvarez | Site nruns.com

A remotely exploitable vulnerability has been found in the file parsing engine of ALWIL avast! antivirus software versions prior to 4.7.700.

tags | advisory
MD5 | f7cc625231d8cfcdaec87993739d6639
OpenPKG Security Advisory 2007.18
Posted May 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A vulnerability caused by an integer signedness error was found by Victor Stinner in the font rendering library Freetype, versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2007-2754
MD5 | c3045c83e517a3031694ffaa7cac2ec4
Mandriva Linux Security Advisory 2007.104
Posted May 30, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.

tags | advisory, remote, overflow, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2007-2446, CVE-2007-2447, CVE-2007-2444
MD5 | 03c7517049bd8ddbff5b953a0ff86565
Mandriva Linux Security Advisory 2007.109
Posted May 30, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Tetex 3.x uses an embedded copy of the gd source and may also be affected by this issue. A buffer overflow in the open_sty function for makeindex in Tetex could allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-0455, CVE-2007-0650
MD5 | 4e102e4b4ba75c80e6325b2e84cd1d80
iDEFENSE Security Advisory 2007-05-23.1
Posted May 24, 2007
Authored by iDefense Labs, enhalos | Site idefense.com

iDefense Security Advisory 05.23.07 - Remote exploitation of a stack-based buffer overflow in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. Opera 9.2 supports BitTorrent downloads. If a server sends the browser a specially crafted BitTorrent header, it can lead to a buffer overflow. The buffer overflow is triggered when the user right clicks on the item in the download pane. iDefense has confirmed the existence of this vulnerability in the Opera version 9.2 for Windows. Previous versions may also be affected.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
MD5 | e782312def384c697fff20d9c45a910b
FreeBSD-SA-07-04.file.txt
Posted May 24, 2007
Site security.freebsd.org

FreeBSD Security Advisory - An attacker who can cause file to be run on a maliciously constructed input can cause file to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file. The above also applies to any other applications using the libmagic library.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2007-1536
MD5 | 460717f8e2c565242021f26418fd5339
secunia-escan.txt
Posted May 24, 2007
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in various eScan products, which may be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the MicroWorld Agent service (MWAGENT.EXE) when decrypting received commands. This can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp). Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. eScan version 9.0.715.1 is affected.

tags | advisory, overflow, arbitrary, tcp
advisories | CVE-2007-2687
MD5 | 72d33f4f8916920c2e00262419f926ed
Ubuntu Security Notice 463-1
Posted May 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 463-1 - Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-2438
MD5 | 49faaeb4e914183e6fd8227250ad6d6d
Mandriva Linux Security Advisory 2007.108
Posted May 23, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Marsu discovered a stack overflow issue in the GIMP's RAS file loader. An attacker could create a carefully crafted file that would cause the GIMP to crash or potentially execute arbitrary code as the user opening the file.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2356
MD5 | a1627792539c9d375a9fa670959abb88
Ubuntu Security Notice 462-1
Posted May 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.

tags | advisory, remote, web, overflow, arbitrary, local, php
systems | linux, ubuntu
advisories | CVE-2007-2519, CVE-2007-2511, CVE-2007-2510, CVE-2007-2509
MD5 | aff70e3b3bc98415789824b7be8fccd9
Ubuntu Security Notice 460-2
Posted May 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-2444
MD5 | b44ab22d2208b5ef3095f76fe7727e95
HP Security Bulletin 2007-13.37
Posted May 23, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | hpux
advisories | CVE-2007-1261
MD5 | 23c7c5390ec136c69e0352e8ae7cc6ab
Cisco Security Advisory 20070522-SSL
Posted May 23, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

tags | advisory, vulnerability, protocol
systems | cisco
MD5 | 046365c9408891641728dd9d4ef424e7
Cisco Security Advisory 20070522-crypto
Posted May 23, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2006-3894
MD5 | 64938b2f1372fada115a7dd016695a2a
cubecart-sql.txt
Posted May 23, 2007
Authored by John Martinelli | Site redlevel.org

CubeCart version 3.0.16 suffers from a SQL injection vulnerability.

tags | advisory, sql injection
MD5 | 7a01325b63a0de20dfc908a258fa4e6a
Page 1 of 18
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close