iDefense Security Advisory 07.11.07 - Remote exploitation of an integer overflow vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in QuickTime players handling of the title and author fields in an SMIL file. When parsing an SMIL file, arithmetic calculations can cause insufficient memory to be allocated. When copying in user-supplied data from the SMIL file, a heap-based buffer overflow occurs. This results in a potentially exploitable condition. iDefense Labs confirmed this vulnerability exists in version 7.1.3 and 7.1.5 of QuickTime on Windows and Mac OS X. Previous versions are suspected to be vulnerable.
47414f47b8bbf7fd2ae4454d3603f79eb1ec643f41903bb5279b43ecf83e4bc7iDefense Security Advisory 07.11.07 - Remote exploitation of a local file inclusion vulnerability in gpg_help.php in version 2.0 of the SquirrelMail G/PGP Plugin could allow an authenticated webmail user to execute arbitrary PHP code under the security context of the running web server. iDefense has confirmed the existence of this vulnerability in version 2.0 of the G/PGP Encryption Plugin for SquirrelMail. It is suspected that earlier versions of the plug-in are also affected.
aa231abe3475356daf40107f026dcfd4b8a5dfd5f6082511bfec68f93d1a9a79iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The gpg_recv_key() function is affected. iDefense has confirmed the existence of this vulnerability in the latest version of the G/PGP Encryption Plugin for SquirrelMail, version 2.1. Furthermore, this vulnerability has been confirmed to exist as early as version 2.0. Other versions may be affected.
623fb7212497064369a3382096eb045adef0b7054957761e87ecbb918b982ef4iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The gpg_check_sign_pgp_mime() function is affected. iDefense has confirmed the existence of this vulnerability in version 2.0 of the G/PGP Encryption Plugin for SquirrelMail. It is suspected that earlier versions of the plug-in are also affected.
97a634db058299435700a7f1c91d89f48dab33b0e02efe0b54a1768f07a22eb2iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The deleteKey() functionality is affected. iDefense has confirmed the existence of this vulnerability in the latest version of the G/PGP Encryption Plugin for SquirrelMail, version 2.1. Furthermore, this vulnerability has been confirmed to exist as early as version 2.0. Other versions may be affected.
43d1374bb1007f95f5034258701359c58204a59a8e93b7fd871ca1983f6a250ciDefense Security Advisory 07.11.07 - Local exploitation of an input validation vulnerability in version 5.5.1.6 of symtdi.sys allows attackers to elevate privileges to SYSTEM. The vulnerability specifically exists due to improper address space validation when the \\symTDI\ device driver processes IOCTL 0x83022323. An attacker can overwrite an arbitrary address, including code segments, with a constant double word value by supplying a specially crafted Irp to the IOCTL handler function. iDefense confirmed this vulnerability in version 5.5.1.6 of Symantec's symtdi.sys device driver as included with version 10 of Symantec AntiVirus Corporate Edition. Previous versions and related products that contain the affected driver are suspected vulnerable.
89b8df0a698bad87591ee7bc3ce90d08d805621a82a1469e365acd5f4ab9e8bbiDefense Security Advisory 07.11.07 - Remote exploitation of a heap overflow vulnerability in Symantec Backup Exec could allow an unauthenticated attacker to create a denial of service condition or potentially execute arbitrary code. The flaw specifically exists within the RPC server that listens on TCP port 6106. When handling requests using the "ncacn_ip_tcp" protocol, the service will copy a user supplied amount of data into a fixed-size heap buffer. iDefense confirmed the existence of this vulnerability in Symantec Backup Exec 10d with all current hot-fixes and service packs applied. Other versions are suspected to be vulnerable.
e8ff8869659ba283cedb2a4d3ab66109cdb86a20fdb6d95f188dae92cfee6e5dTechnical Cyber Security Alert TA07-192A - There are critical vulnerabilities in Adobe Flash player and related software. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
ef8f2c42b6e5d5da03a8e1435f3ff0c1d01b20d8b9b74e05b69cadc720807da9Gentoo Linux Security Advisory GLSA 200707-06 - XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string (greater than 1024 bytes). Versions less than 1.70 are affected.
47a20614dbc69c9a82c5ba2a7b6e679f374a9a0cdb48a0ca4fdb310911d20989Calyptix Security Advisory - Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to cross-site request forgery. The vulnerable firmwares include 3.1.20031001, 3.1.20060921, and 3.1.20070605. Other eSoft products were not tested. This vulnerability allows an attacker to run commands on the web interface if the attacker can get the eSoft user to view a hostile web page while logged into his eSoft. These actions could include opening up remote access.
ff2820b979ab7a729e267c92c50a8b221b9ffde20769cec07007eaf16aff470bCisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, and Cisco Unified Presence Server (CUPS) contain two vulnerabilities that could allow an unauthorized administrator to activate and terminate CUCM / CUPS system services and access SNMP configuration information. This may respectively result in a denial of service (DoS) condition affecting CUCM/CUPS cluster systems and the disclosure of sensitive SNMP details, including community strings.
e4d199911a31b436a44c19ac49895a06a5e71ead99c629651756bd1a72c1c83cCisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two overflow vulnerabilities that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code.
281e99beaa38c2cf33f1055464f410a1afd9a252f1ec016502e30b8c91c83d29Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
329ad13ae12390d3758017297e307ca06744bfb4e3fb61424b4f064faf5a2bbbproxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
225317c491c73020a70f12fc88eb850b91684e2c7440b063846fe4562d4fab69Anti Forensics: Making Computer Forensics Hard.
f4380d3dd58acf7c9ecd5bf19caaffa07198a6219a7f4223e3929996454851f3ClamAV versions below 0.91 crash while processing corrupted RAR files causing a null pointer dereference.
5b42ff9f765704ffe998246de74ea9b63086ae5f376127abccefc7fee8cacc6bBoxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.
573e2154c1af45b89c76906c7781788bce59db3910d3f9b9535468e915d4b829The SquirrelMail G/PGP Encryption plug-in suffers from a remote command execution vulnerability.
d29af9055ded56707d99c5a1399f4b59b1bc6feb115bb7cddf7e6e8b30e0e3c4The AVG Antivirus core kernel mode service driver (avg7core.sys) provides functionality that under a default install allows an unprivileged user to write arbitrary data to arbitrary addresses. This issue has been verified as affecting AVG Free 7.5.446 and AVG Antivirus 7.5.448. The version of avg7core.sys in question is 7.5.0.444.
63f6a4f5605ba332012034c38c74dd36885f47a28461e630ddc1b6e0934efe6cCYBSEC Security Advisory - The TippingPoint IPS suffers from a bypass vulnerability. TippingPoint IPS systems running TOS versions 2.1.x, 2.2.x prior to 2.2.5, and 2.5.x prior to 2.5.2 are affected.
4bc620793b3d80e58b78c3a482567f0b81103609f4ee8619280d06d1f7a519deDvbbs version 7.1.0 SP1 suffers from a direct database download vulnerability.
f907ed68b5e81d54fb876081d0a8078024d33fbb1a169755c4627bb1e92c809aNGSSoftware has discovered a low risk vulnerability in Active Directory which can allow an unauthenticated user to cause a denial of service condition on any affected system.
8b913d51a0f479f8ae2e362accd80b6bc07755dabb6524a56dcba5c502ec56beUbuntu Security Notice 482-1 - John Heasman discovered that OpenOffice did not correctly validate the sizes of tags in RTF documents. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges.
7125f458a76c35357a3a5556e199ff8306c37bfe70a8b6b4b8922c3fd9132772enVivo!CMS suffers from a SQL injection vulnerability.
efe2a33116216481775b08a490a7a7363c061437d7b4cb3a46871f834910d1a1PyFault is a python library for fault injection in Win32 based applications. Currently it implements a DLL injection and ejection mechanism.
b271d6b2c8fa2383e8a568dd399cf266ddd139738cb05fa96fb7c693e452bf43
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed