what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 554 RSS Feed

Files

Gentoo Linux Security Advisory 200712-25
Posted Dec 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-25 - The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to SQL statements. Versions less than 2.3.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-4575
SHA-256 | 1e53e32e33582247af57b2f25aa112d8a309e06fb922229c61f1d6eb821cf84f
Gentoo Linux Security Advisory 200712-24
Posted Dec 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-24 - The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were vulnerable to integer overflow vulnerabilities (GLSA 200712-04). Versions less than 20071214 are affected.

tags | advisory, overflow, x86, vulnerability
systems | linux, gentoo
SHA-256 | 5fa89f604687472d61e96c6bdaf4f50c7dd46ebd2b06a0042eceb8af108a3683
Gentoo Linux Security Advisory 200712-23
Posted Dec 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-23 - Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, Steve and ainsley. Versions less than 0.99.7 are affected.

tags | advisory, web, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6111, CVE-2007-6112, CVE-2007-6113, CVE-2007-6114, CVE-2007-6115, CVE-2007-6116, CVE-2007-6117, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451
SHA-256 | bf36ff899c761e97a5f00149bcd4e716d1df66512c8fe7cd63197ace44cec7f7
Gentoo Linux Security Advisory 200712-22
Posted Dec 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-22 - David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) and Rich text editing (CVE-2007-6522) could be used to allow cross domain scripting. Alexander Klink (Cynops GmbH) discovered an issue with TLS certificates (CVE-2007-6521). Gynvael Coldwind reported that bitmaps might reveal random data from memory (CVE-2007-6524). Versions less than 9.25 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6524
SHA-256 | 530363e74b05a9c0cab7ab3ccbe4e38646d82e728737b3b36e700bc1f9db60fc
tk53-clamav.txt
Posted Dec 31, 2007
Authored by Lolek, Roflek

TK53 Advisory 2 - Multiple vulnerabilities exist in ClamAV version 0.92 including a race condition and bypass flaws.

tags | advisory, vulnerability
SHA-256 | 60f282650db36b99a8714bd90bc91b916c65759e7573026b8b48aaf66bad3ad2
nmapfinger-whoops.txt
Posted Dec 31, 2007
Authored by Josh Morin

Fingerprints in Astaro Security Gateway version 7.1 could allow a remote attacker to create malicious payloads.

tags | advisory, remote
SHA-256 | 2f9ea311b09010ad3e8ad33024368042b35a137bbdea00e122e1fe24cf6ed200
Gentoo Linux Security Advisory 200712-21
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.

tags | advisory, web, protocol
systems | linux, gentoo
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
SHA-256 | 244d0fd277ba8fac81e13a718b0d70f27593de6f68f4ffcc21be93c9017b2b37
Gentoo Linux Security Advisory 200712-20
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-20 - iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6335, CVE-2007-6336, CVE-2007-6337
SHA-256 | e3b7501c28f682a4dae876bbf5d70640402854f24b4eafc3f39148e015a7fbba
Gentoo Linux Security Advisory 200712-19
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-19 - Oriol Carreras reported a NULL pointer dereference in the log_msg_parse() function when processing timestamps without a terminating whitespace character. Versions less than 2.0.6 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-6437
SHA-256 | af2a73ce617ca3e2591566523a16dc39a1f737309c21751694645e09489caf12
Gentoo Linux Security Advisory 200712-18
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-18 - nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the Authorization: Basic HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824). Versions less than 0.2.4.1 are affected.

tags | advisory, web, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5824, CVE-2007-5825
SHA-256 | f6dc6d5291323beb2d64c29038b1d0c5f7ed88fdf9ce6318f7c6354fb9927501
Gentoo Linux Security Advisory 200712-17
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-17 - Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). Versions less than 1.01 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6354, CVE-2007-6355, CVE-2007-6356
SHA-256 | f30846d92920feb64cca0600f08f57d830e4f7c5ad70f386131e9e96d25cbe72
Gentoo Linux Security Advisory 200712-16
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-16 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Versions less than 0.13-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6353
SHA-256 | 0838f951a07633804d7f72dd5eb43d96f4126b11750c435467e868103e40c792
Gentoo Linux Security Advisory 200712-15
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6351, CVE-2007-6352
SHA-256 | 548c9365116cd57441912256c386abd5de38d4e909eeeb81d347df3bf442698a
Debian Linux Security Advisory 1442-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-4974
SHA-256 | 62cfe9ae74d16a5aab70897bf8b2abb6d67747b06cb8f5bd3fba49913d6e685e
coolplayer-overflow.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

CoolPlayer versions 217 and below suffer from a buffer overflow vulnerability in CPLI_Readtag_OGG.

tags | advisory, overflow
SHA-256 | 66d3dadb5060e1f3cc0214890a623a21f31de96d30f8f1d23645f759ad9e7d5d
Debian Linux Security Advisory 1441-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1441-1 - Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-6454
SHA-256 | cef02df841d0e0ba4f8993f029faa88f08ee953355da568361615eb6b6162f13
Debian Linux Security Advisory 1440-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1440-1 - It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-5037
SHA-256 | c0807820bbc047f24c6961c701a657264d69fe62c7a0dd11c5dfabc0fdc7710b
Debian Linux Security Advisory 1439-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.

tags | advisory, web, sql injection
systems | linux, debian
advisories | CVE-2007-6381
SHA-256 | ce580dc6399b167f7d677f0988c8fc1bf688e4ac1d63898af524add50e100dd3
Debian Linux Security Advisory 1438-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.

tags | advisory, overflow, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2007-4131, CVE-2007-4476
SHA-256 | cdb091cdc7a22e2e70fc77812d2d98bb673e8958c2eb906c42c3d283d52a525e
hp-snmp.txt
Posted Dec 29, 2007
Authored by uncleron

The HP Photosmart C6280 network printer ships with unchangeable insecure default settings.

tags | advisory
SHA-256 | 3f8d822d389123e6a71204604895e1acf082a7d436552de278b7e6c6e771cd87
Debian Linux Security Advisory 1405-3
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1405-3 - The Plone developers discovered that their hotfix, released as DSA 1405, introduced two regressions. This update corrects these flaws. It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.

tags | advisory, remote, web, arbitrary
systems | linux, debian
advisories | CVE-2007-5741
SHA-256 | f8c4cb7b087f9f2293e88fb37d88e5ff7d90d653a0b0d0fe36cda51d032dbfb8
joomla-csrf.txt
Posted Dec 29, 2007
Authored by Zinho | Site hackerscenter.com

Multiple cross site request forgery vulnerabilities may exist in all versions of Joomla!.

tags | advisory, vulnerability, csrf
SHA-256 | 67af246ade54bf269330420e99b6454ead1c811c69b2b4e83ed1299524d0690f
libnemesibof.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

libnemesi versions 0.6.4-rc1 and below suffer from multiple buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | bd6793c0b74339d1048640fcab984245bc6341a27ff418d695e6758a405bef9b
fengulo.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

Feng versions 0.1.15 and below suffer from buffer overflow and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
SHA-256 | 6d66f08551e8a361293d57f93f34f6363a461dfe29986834e42b8b0d57bb9541
xmpbof.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

Extended Module Player (XMP) versions 2.5.1 and below suffer from multiple buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 3ca0c94e973e5be492405539f40455938cdbd7b00bbe9896d3e1f187ec83dc91
Page 1 of 23
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close