the original cloud security
Showing 1 - 25 of 72 RSS Feed

Files Date: 2007-01-24

Ubuntu Security Notice 413-1
Posted Jan 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 413-1 - A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default Ubuntu installation, since hidd is normally disabled.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2006-6899
MD5 | 4bef66326f94da32f322b0dea50afec3
Ubuntu Security Notice 412-1
Posted Jan 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 412-1 - Dean Gaudet discovered that the GeoIP update tool did not validate the filename responses from the update server. A malicious server, or man-in-the-middle system posing as a server, could write to arbitrary files with user privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-0159
MD5 | 653f02e2b2630a6f8030c87bb00e6097
Gentoo Linux Security Advisory 200701-20
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-20 - When interfacing with the LiveJournal service, Centericq does not appropriately allocate memory for incoming data, in some cases creating a buffer overflow. Versions less than or equal to 4.21.0-r2 are affected.

tags | advisory, overflow
systems | linux, gentoo
MD5 | a80760ff41279aa06f56724c5f790c3a
Mandriva Linux Security Advisory 2007.026
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in squid was discovered that could be remotely exploited by using a special ftp:// URL. Another Denial of Service vulnerability was discovered in squid 2.6 that allows remote attackers to crash the server by causing an external_acl_queue overload. Additionally, a bug in squid 2.6 for max_user_ip handling in ntlm_auth has been corrected.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-0247, CVE-2007-0248
MD5 | 0991f5bc1631bd1bb6346665338731d8
Gentoo Linux Security Advisory 200701-19
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-19 - Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a directory in /tmp during installation allowing for directory traversal. Versions less than 2.1.30-r10 are affected.

tags | advisory
systems | linux, gentoo
MD5 | 14abc6ea3c398a78d14b17917370862e
Ubuntu Security Notice 411-1
Posted Jan 24, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 411-1 - Roland Lezuo and Josselin Mouette discovered that the HTTP server code in libsoup did not correctly verify request headers. Remote attackers could crash applications using libsoup by sending a crafted HTTP request, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2006-5876
MD5 | 7af98aa271c19c91faa41f5e181be4f5
Gentoo Linux Security Advisory 200701-18
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-18 - Due to the improper handling and use of format strings, the errors_create_window() function in errors.c does not safely write data to memory. Versions less than 0.99.5_pre20060716 are affected.

tags | advisory
systems | linux, gentoo
MD5 | cfc5521003f9c8f419d867fc54d02c43
Mandriva Linux Security Advisory 2007.025
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A slew of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2005-3272, CVE-2006-0741, CVE-2006-2446, CVE-2006-3741, CVE-2006-4145, CVE-2006-4535, CVE-2006-4813, CVE-2006-4997, CVE-2006-5619, CVE-2006-5749, CVE-2006-5754, CVE-2006-6106
MD5 | 9dc785a338a7a22a6ebea219e0f480e0
SUSE-SA-2007-012.txt
Posted Jan 24, 2007
Site suse.com

SUSE Security Announcement - This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. Additionally the 10.2 package needed a fix for another DoS bug and for max_user_ip handling in ntlm_auth.

tags | advisory
systems | linux, suse
advisories | CVE-2007-0247, CVE-2007-0248
MD5 | 1a75a6823f4c2dac88eca047c2e5e9a3
Echo Security Advisory 2007.62
Posted Jan 24, 2007
Authored by y3dips, Echo Security | Site echo.or.id

Upload Service version 1.0 suffers from a remote file inclusion flaw.

tags | exploit, remote, file inclusion
MD5 | 6d3348f6b4f7cb170691af62ef746048
Gentoo Linux Security Advisory 200701-17
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-17 - Liu Qishuai discovered that glibtop_get_proc_map_s() in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause the buffer to overflow on the stack. Versions less than 2.14.6 are affected.

tags | advisory, overflow
systems | linux, gentoo
MD5 | f2b7f0baf630c02ca8099d8379093ce8
SyScan07-CFP.txt
Posted Jan 24, 2007
Site syscan.org

SyScan 07 Call For Papers - The Symposium on Security for Asia Network (SyScan) aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan intends to be a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate, in Singapore, the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.

tags | paper, conference
MD5 | fa4243363afbb3744b8c0f2bc8f20d2d
Mandriva Linux Security Advisory 2007.024
Posted Jan 24, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.

tags | advisory, remote, denial of service, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2007-0104
MD5 | 02aec3e2f8ff6d92ad9da7bf1afb0ae7
Gentoo Linux Security Advisory 200701-16
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-16 - Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. Versions less than 7.0.9 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
MD5 | b4c745513433e639e39d3ebb59b52050
Gentoo Linux Security Advisory 200701-15
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-15 - Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Versions less than 1.4.2.13 are affected.

tags | advisory, java, overflow, vulnerability
systems | linux, gentoo
MD5 | d2db38c2c38bf541f3f7634cfcd4846d
Gentoo Linux Security Advisory 200701-14
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-14 - Mod_auth_kerb improperly handles component byte encoding in the der_get_oid() function, allowing for a buffer overflow to occur if there are no components which require more than one byte for encoding. Versions less than 5.0_rc7-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
MD5 | ab11e67e54f0cd8ca455002fb181b00f
Technical Cyber Security Alert 2007-23A
Posted Jan 24, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-022A - The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

tags | advisory, java, remote, arbitrary, vulnerability
advisories | CVE-2007-0243, CVE-2006-6745, CVE-2006-6731
MD5 | df63bd7196a34eb64e46552e6a6e821f
bitweaver-xss.txt
Posted Jan 24, 2007
Authored by CorryL | Site x0n3-h4ck.org

Bitweaver version 1.3.1 is susceptible to cross site scripting attacks.

tags | exploit, xss
MD5 | 31e2f77c874db26053b7f2fcac26e80a
mssploit.txt
Posted Jan 24, 2007
Authored by porkythepig

Microsoft Visual C++ 6.0 is prone to a stack based memory corruption vulnerability during the processing of .RC resource files. Exploit included.

tags | exploit
MD5 | 9f277dc650b5010dbe226aa45d3de9cd
checkpoint-bypass.txt
Posted Jan 24, 2007
Authored by Nir Goldshlager, Roni Bachar

Check Point Connectra End Point is susceptible to a bypass flaw.

tags | exploit, bypass
MD5 | b40c5ea6144c7d9a9583cbe7dcb2ad48
fishcart-sql.txt
Posted Jan 24, 2007
Authored by laurent gaffie | Site s-a-p.ca

Fish Cart is susceptible to SQL injection attacks.

tags | exploit, sql injection
MD5 | b0db478fb1b5e24d29831a79f47dfc60
MOAB-23-01-2007.pct
Posted Jan 24, 2007
Authored by LMH | Site projects.info-pull.com

Month of Apple Bugs - A vulnerability exists in the handling of ARGB records (Alpha RGB) within PICT images, that leads to an exploitable memory corruption condition. This is the proof of concept exploit in .pct format that demonstrates this vulnerability.

tags | exploit, proof of concept
systems | apple
advisories | CVE-2007-0462
MD5 | fcae7cb4702799a0830019747e1aba01
MOAB-22-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, root, proof of concept
systems | apple
advisories | CVE-2007-0023
MD5 | 0822f8f385381a6dada4f24b194e032f
MOAB-21-01-2007.rb.txt
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - The preference panes setuid helper, writeconfig, makes use of a shell script which lacks of PATH sanitization, allowing users to execute arbitrary binaries under root privileges. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, arbitrary, shell, root, proof of concept
systems | apple
advisories | CVE-2007-0022
MD5 | c16f4b258d9bb1185318cdd04d6a3967
MOAB-20-01-2007.tgz
Posted Jan 24, 2007
Authored by Kevin Finisterre, LMH | Site projects.info-pull.com

Month of Apple Bugs - Apple iChat AIM URI scheme (referred as the 'url handler') handling is affected by a classic format string vulnerability, allowing remote users to cause a denial of service condition or arbitrary code execution. This is the proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, denial of service, arbitrary, code execution, proof of concept
systems | apple
advisories | CVE-2007-0021
MD5 | 63c02efdb8962b52b3440ecb316ff35b
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close