Exploit the possiblities
Showing 1 - 25 of 554 RSS Feed

Files

Gentoo Linux Security Advisory 200712-25
Posted Dec 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-25 - The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to SQL statements. Versions less than 2.3.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-4575
MD5 | 7bd6825d3d9c7fa826462f9720d3acd3
Gentoo Linux Security Advisory 200712-24
Posted Dec 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-24 - The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were vulnerable to integer overflow vulnerabilities (GLSA 200712-04). Versions less than 20071214 are affected.

tags | advisory, overflow, x86, vulnerability
systems | linux, gentoo
MD5 | 9952142e0dc83abd85329c25fefb11b4
Gentoo Linux Security Advisory 200712-23
Posted Dec 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-23 - Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, Steve and ainsley. Versions less than 0.99.7 are affected.

tags | advisory, web, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6111, CVE-2007-6112, CVE-2007-6113, CVE-2007-6114, CVE-2007-6115, CVE-2007-6116, CVE-2007-6117, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451
MD5 | 902ebf0362f82d466adf79ab3f46d7d0
Gentoo Linux Security Advisory 200712-22
Posted Dec 31, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-22 - David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) and Rich text editing (CVE-2007-6522) could be used to allow cross domain scripting. Alexander Klink (Cynops GmbH) discovered an issue with TLS certificates (CVE-2007-6521). Gynvael Coldwind reported that bitmaps might reveal random data from memory (CVE-2007-6524). Versions less than 9.25 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6524
MD5 | f8410efea15b673e7cf2c21266cc5b0c
tk53-clamav.txt
Posted Dec 31, 2007
Authored by Lolek, Roflek

TK53 Advisory 2 - Multiple vulnerabilities exist in ClamAV version 0.92 including a race condition and bypass flaws.

tags | advisory, vulnerability
MD5 | e18caa0c092d7067ea71b97be00c10c7
nmapfinger-whoops.txt
Posted Dec 31, 2007
Authored by Josh Morin

Fingerprints in Astaro Security Gateway version 7.1 could allow a remote attacker to create malicious payloads.

tags | advisory, remote
MD5 | eff32c5c167100ba4562d1ea60f353e0
Gentoo Linux Security Advisory 200712-21
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.

tags | advisory, web, protocol
systems | linux, gentoo
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
MD5 | 62d7fd5d1e0e1068e081617596992ee8
Gentoo Linux Security Advisory 200712-20
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-20 - iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6335, CVE-2007-6336, CVE-2007-6337
MD5 | d24f2caf1e6066ee693b8371b745cbde
Gentoo Linux Security Advisory 200712-19
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-19 - Oriol Carreras reported a NULL pointer dereference in the log_msg_parse() function when processing timestamps without a terminating whitespace character. Versions less than 2.0.6 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-6437
MD5 | 5e698d3b561576cc13d4422b5922d9f2
Gentoo Linux Security Advisory 200712-18
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-18 - nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the Authorization: Basic HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824). Versions less than 0.2.4.1 are affected.

tags | advisory, web, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5824, CVE-2007-5825
MD5 | 42ba0e2495aa71dc5c890aaff6b91084
Gentoo Linux Security Advisory 200712-17
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-17 - Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). Versions less than 1.01 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6354, CVE-2007-6355, CVE-2007-6356
MD5 | a584664894341f424cd8e43143f62ef8
Gentoo Linux Security Advisory 200712-16
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-16 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Versions less than 0.13-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6353
MD5 | fc872ddcea86f6cda5645bb69903878b
Gentoo Linux Security Advisory 200712-15
Posted Dec 29, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-6351, CVE-2007-6352
MD5 | 0036504c0eb90eb8567eeebf7ed675d9
Debian Linux Security Advisory 1442-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-4974
MD5 | 57b37d2a4f4496939ae7a1675e08b537
coolplayer-overflow.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

CoolPlayer versions 217 and below suffer from a buffer overflow vulnerability in CPLI_Readtag_OGG.

tags | advisory, overflow
MD5 | 2ce29fda2f085a9662141dc8d5b8db3c
Debian Linux Security Advisory 1441-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1441-1 - Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-6454
MD5 | 1cc219462c7386396c86f93e433fbada
Debian Linux Security Advisory 1440-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1440-1 - It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-5037
MD5 | 6d8f37da4c823567251a11b86460b9b6
Debian Linux Security Advisory 1439-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.

tags | advisory, web, sql injection
systems | linux, debian
advisories | CVE-2007-6381
MD5 | e6a6d67fe7190ab1580b7f1d8cb23e1d
Debian Linux Security Advisory 1438-1
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.

tags | advisory, overflow, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2007-4131, CVE-2007-4476
MD5 | 9876b5a2363d163e5bd48c7c91cf6a80
hp-snmp.txt
Posted Dec 29, 2007
Authored by uncleron

The HP Photosmart C6280 network printer ships with unchangeable insecure default settings.

tags | advisory
MD5 | 526cb2ee10c1bd7f0a8519a5b5fabf46
Debian Linux Security Advisory 1405-3
Posted Dec 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1405-3 - The Plone developers discovered that their hotfix, released as DSA 1405, introduced two regressions. This update corrects these flaws. It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.

tags | advisory, remote, web, arbitrary
systems | linux, debian
advisories | CVE-2007-5741
MD5 | 51efab4fc57ec107f1a38fb68b2c5b6c
joomla-csrf.txt
Posted Dec 29, 2007
Authored by Zinho | Site hackerscenter.com

Multiple cross site request forgery vulnerabilities may exist in all versions of Joomla!.

tags | advisory, vulnerability, csrf
MD5 | e5543c23ddaa171f1203ab0dd31397dd
libnemesibof.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

libnemesi versions 0.6.4-rc1 and below suffer from multiple buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | c17586847747420e0703f7b8396748ac
fengulo.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

Feng versions 0.1.15 and below suffer from buffer overflow and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
MD5 | b9d0d28e5b0104405b411a0afd34090d
xmpbof.txt
Posted Dec 29, 2007
Authored by Luigi Auriemma | Site aluigi.org

Extended Module Player (XMP) versions 2.5.1 and below suffer from multiple buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | d4c05fd64f85efa49ad651b4b11adcae
Page 1 of 23
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close