what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2007-06-13

iDEFENSE Security Advisory 2007-06-12.2
Posted Jun 13, 2007
Authored by iDefense Labs, Peter Vreugdenhil | Site idefense.com

iDefense Security Advisory 06.12.07 - Remote exploitation of an input validation error within version 2.1 of YaBB Forum allows attackers to register with forum Administrator privileges. The problem specifically exists due to insufficient validation when writing to the "vars" file for each user. By setting the values of certain variables to contain certain characters, attackers can elevate their privileges to that of the forum Administrator. iDefense confirmed the existence of this vulnerability within version 2.1 of YaBB Forum.

tags | advisory, remote
SHA-256 | 06d0161807f5d979bdc126372527454325d8e75b2db88fdd78b52cc9918931ff
iDEFENSE Security Advisory 2007-06-12.1
Posted Jun 13, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 06.12.07 - Remote exploitation of an invalid memory access vulnerability in various Microsoft products, including Internet Explorer, while creating certain COM objects may allow an attacker to execute arbitrary code. When creating certain COM objects in Internet Explorer, memory corruption can occur, which may allow an attacker to execute arbitrary code. When calling the IObjectSafety function, uninitialized memory is accessed in a way that can allow code execution to occur. The IObjectSafety function is used by COM objects to determine if an object is safe to load in a particular context. iDefense confirmed the existence of this vulnerability using Internet Explorer 6 on Windows XP SP2 and Windows Server 2000 SP4. Although Windows Server 2003 contains an affected version, the Enhanced Security Configuration mitigates exposure to this vulnerability. Microsoft reports that Internet Explorer 7 is not affected.

tags | advisory, remote, arbitrary, code execution
systems | windows
advisories | CVE-2007-0218
SHA-256 | a74c91fe7b6c7714c4365088ca27deb6c403f878d0f025a28834d11a94ec71e2
webapp-exec.txt
Posted Jun 13, 2007

The Menu Manager Mod for WebAPP is susceptible to arbitrary command execution on the underlying system.

tags | exploit, arbitrary
SHA-256 | 80d9acea922d430d8e1ac004f1142350ac2789960b65deb3c4c61eaeae399341
Zero Day Initiative Advisory 07-038
Posted Jun 13, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw is specifically exposed when a prototype variable points to a table cell and then that table cell is removed. This results in an invalid pointer dereference which can be leveraged to result in arbitrary code execution.

tags | advisory, arbitrary, code execution
advisories | CVE-2007-1751
SHA-256 | 4230ea989b011f00213f429ff4d1b74d191f294668abf87262f126ed6ab85d45
Zero Day Initiative Advisory 07-037
Posted Jun 13, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in routines responsible for the on-demand installation of Internet Explorer language packs. A race condition may occur when a web page contains several pieces of content written in a language not currently supported by any of the installed language packs. In some cases, this race condition results in exploitable memory corruption that can be leveraged to execute arbitrary code.

tags | advisory, web, arbitrary
advisories | CVE-2007-3027
SHA-256 | 323c8d0d3613ad458a7c188c121144ffff136799ec1338ac4c34505639faafca
Technical Cyber Security Alert 2007-163A
Posted Jun 13, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-163A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Windows Secure Channel, Internet Explorer, Win32 API, Windows Mail and Outlook Express. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | windows
SHA-256 | eb497d1ec4d3ebc6cf8af9ebe11045b4eac9eb3d94c7a5fdd199365fc4d1ad92
Mandriva Linux Security Advisory 2007.120
Posted Jun 13, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.12.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1362, CVE-2007-2867, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871
SHA-256 | 65f022ed82762e5f768e075818273977f9932e5c63d0df6cab311a36c75d78f7
schannel-offbyone.txt
Posted Jun 13, 2007
Authored by Steven, Thomas Lim

The Secure Channel (SChannel) library on Microsoft Windows XP SP1 and SP2 is vulnerable to an off-by-one heap buffer overwrite.

tags | advisory
systems | windows
SHA-256 | 5f7f7dba629f7d54a7c7eeda6d1ca3a68d6aebd6f272d171155cfe734439ff6f
HP Security Bulletin 2006-12.73
Posted Jun 13, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2007-4339, CVE-2007-0493, CVE-2007-0494
SHA-256 | 2217842d73d06448af25ea5ab8eb0545dee6d770867809d5de54836a852b4047
Mandriva Linux Security Advisory 2007.119
Posted Jun 13, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.12.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1558, CVE-2007-2867, CVE-2007-2868
SHA-256 | 76c642b06bdcff92f2063c63aedf99375f7ca9bdec594e6055084f0462ab6d23
Debian Linux Security Advisory 1307-1
Posted Jun 13, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1307-1 - John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-0245
SHA-256 | 2139484d018604471d79fd410433099becc92d1ed776c6ee01198c0279547d50
Zero Day Initiative Advisory 07-036
Posted Jun 13, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to cause a denial of service on vulnerable Arris Cadant C3 CMTS systems. Authentication is not required to exploit this vulnerability. The flaw exists due to mishandling of IP options. When an unknown or bad option is specified, the C3 will terminate disabling all service that is handled by that CMTS. The vulnerability can be triggered with a single malformed IP packet.

tags | advisory, remote, denial of service
advisories | CVE-2007-2796
SHA-256 | 7834307219dc017bf6822218fd482955b1470fa4384ef22cb5cfbeee4b5219fc
Debian Linux Security Advisory 1306-1
Posted Jun 13, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1306-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2007-1362, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871
SHA-256 | b7e54fadd2039304870b58c95318bc103181448f2943f420c8bb1157f8d58004
ibm-ds400.txt
Posted Jun 13, 2007
Authored by Knud Erik Hojgaard | Site lort.dk

The IBM Totalstorage ds400 comes with unpassworded root access.

tags | advisory, root
SHA-256 | 942bd506a1c40530286a2a87b1e0d69ffbee5d0dfa2a936655ff74e14f898b9f
14070612.txt
Posted Jun 13, 2007
Authored by DarkFig | Site acid-root.new.fr

The PHP parse_str() function suffers from an arbitrary variable overwrite issue.

tags | advisory, arbitrary, php
SHA-256 | 0d9ad5e9250b7849f116c5dd0fc42cd6cb2b7fd428f5102e4b0e44f2ec808162
Ubuntu Security Notice 473-1
Posted Jun 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 473-1 - A buffer overflow was discovered in libgd2's font renderer. By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service. Xavier Roche discovered that libgd2 did not correctly validate PNG callback results. If an application were tricked into processing a specially crafted PNG image, it would monopolize CPU resources. Since libgd2 is often used in PHP and Perl web applications, this could lead to a remote denial of service.

tags | advisory, remote, web, denial of service, overflow, perl, php
systems | linux, ubuntu
advisories | CVE-2007-0455, CVE-2007-2756
SHA-256 | 6abb073db2f4b279f8cc285aabdf42ffb187a69c115712540efffbb55e365bf1
Ubuntu Security Notice 472-1
Posted Jun 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 472-1 - It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-2445
SHA-256 | 68c0879bee678937de9cab932f96a653d4b168290a6a0071122c09a02257fce6
safari-windows.txt
Posted Jun 13, 2007
Authored by Thor Larholm

Safari 3 for Windows beta remote command execution proof of concept exploit.

tags | exploit, remote, proof of concept
systems | windows
SHA-256 | 9a4308881a1a075b2196e199766d0f712a4c0161fa63fc94e0ea6dd4af3e7b95
tecit-activex.txt
Posted Jun 13, 2007
Authored by shinnai | Site shinnai.altervista.org

TEC-IT TBarCode OCX ActiveX remote arbitrary file overwrite exploit.

tags | exploit, remote, arbitrary, activex
SHA-256 | fca803f331633568233c7220912ff5cbb4c01183cc7027bb081a67d483f51aaf
xoopstc-rfi.txt
Posted Jun 13, 2007
Authored by Sp[L]o1T

XOOPS module TinyContent versions below 1.5 suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 6d15bd623bdf8168215c5e1210d7ac86d45ac062af83fe743d4c081de145ce57
fuzzy-sql.txt
Posted Jun 13, 2007
Authored by Silentz | Site w4ck1ng.com

Fuzzylime Forum version 1.0 SQL injection exploit.

tags | exploit, sql injection
SHA-256 | df5bf9213611fd58093450fc460337302ec2ea8d7ac9632375f04fc60ee29006
Ubuntu Security Notice 471-1
Posted Jun 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 471-1 - Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-2645
SHA-256 | 50176b94bd9ba739cc0cf25d9f94f4fbe3441ce8ee4361d284f0cc16bb61eb4b
Ubuntu Security Notice 439-2
Posted Jun 13, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 439-2 - USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-2799
SHA-256 | e812f7357d844e826f45fd8565b7d6694fccc61631a26589dab8b6b3f53c93d6
Gentoo Linux Security Advisory 200706-4
Posted Jun 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-04 - Md Sohail Ahmad from AirTight Networks has discovered a division by zero in the ath_beacon_config() function (CVE-2007-2830). The vendor has corrected an input validation error in the ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() functions(CVE-207-2831), and an input sanitization error when parsing nested 802.3 Ethernet frame lengths (CVE-2007-2829). Versions less than 0.9.3.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-2829, CVE-2007-2830, CVE-2007-2831
SHA-256 | 50627889315c9caf9168c4cc142a7ffa47ce566ea0a95a5b252d572b605a3730
phpmail.txt
Posted Jun 13, 2007
Authored by Thor Larholm

PHPMailer as included with applications such as WordPress, Mantis, etc, suffers from a remote command execution vulnerability.

tags | advisory, remote
SHA-256 | f2c609d930657cbbc333da78bb6360b7c18eb1bb0cdb23b91c07449ca9511476
Page 1 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close