the original cloud security
Showing 1 - 25 of 44 RSS Feed

Files Date: 2007-12-06

firefox20011-dos.txt
Posted Dec 6, 2007
Authored by Azizov Emin

Firefox 2.0.0.11 appears to suffer from an INPUT denial of service flaw.

tags | advisory, denial of service
MD5 | dd76142b0e61be6770af6c6996a4cd2d
Gentoo Linux Security Advisory 200711-29
Posted Dec 6, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory [UPDATE] GLSA 200711-29:02 - Samba contains two buffer overflow vulnerabilities potentially resulting in the execution of arbitrary code. The original GLSA only resolved one of the two vulnerabilities due to a regression. New packages are available that resolve both buffer overflows. Versions less than 3.0.27a are affected.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, gentoo
MD5 | 0456ee59bbe2b5340732fa256d60f3a5
Gentoo Linux Security Advisory 200712-2
Posted Dec 6, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-02:02 - It has been reported that the local_graph_id variable used in the file graph.php is not properly sanitized before being processed in an SQL statement. Versions less than 0.8.7a are affected.

tags | advisory, php
systems | linux, gentoo
advisories | CVE-2007-6035
MD5 | d09f45914fbc7ceb159ac021c5a24a0c
Gentoo Linux Security Advisory 200712-1
Posted Dec 6, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200712-01 - Suse Linux reported that Hugin creates the hugin_debug_optim_results.txt temporary file in an insecure manner. Versions less than 0.7_beta4-r1 are affected.

tags | advisory
systems | linux, suse, gentoo
advisories | CVE-2007-5200
MD5 | a94b3270d66ec007daf616045c8fb5b4
ezcontents-disclosure.txt
Posted Dec 6, 2007
Authored by p4imi0

ezContents version 1.4.5 suffers from a remote file disclosure vulnerability. Exploitation details included.

tags | exploit, remote, info disclosure
MD5 | 9c40302d9b97ddf3245bc8ec050c7793
Debian Linux Security Advisory 1420-1
Posted Dec 6, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1420-1 - Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation.

tags | advisory, root
systems | linux, debian
advisories | CVE-2007-6210
MD5 | 1021459e5bdabe31e5d3c3e215fcff28
Cisco Security Advisory 20071205-csa
Posted Dec 6, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | cisco, windows
MD5 | c4dd03d41fbee887a43ee7ed09a62f03
cisco7940-dos.txt
Posted Dec 6, 2007
Authored by Radu State, Humberto J. Abdelnur, Olivier Festor

The Cisco 7940 is susceptible to a denial of service vulnerability when sent a sequence of SIP INVITE transactions. Demonstration exploit included.

tags | exploit, denial of service
systems | cisco
MD5 | 476d20825458cc4dc9ed9f787cda002e
nokia-dos.txt
Posted Dec 6, 2007
Authored by Radu State, Humberto J. Abdelnur, Olivier Festor

The Nokia RM-159 version 12.0.013 suffers from a denial of service vulnerability when accepting a special sequence of SIP messages. Demonstration exploit included.

tags | exploit, denial of service
MD5 | 427fc82126eac8abc607bf6ba463852a
Debian Linux Security Advisory 1419-1
Posted Dec 6, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1419-1 - A vulnerability has been discovered in HSQLDB, the default database engine shipped with OpenOffice.org. This could result in the execution of arbitrary Java code embedded in a OpenOffice.org database document with the user's privilege. This update requires an update of both openoffice.org and hsqldb.

tags | advisory, java, arbitrary
systems | linux, debian
advisories | CVE-2007-4575
MD5 | 92c68412dd99e3d0a337050d62388dd3
matahari-0.1.22.tar.gz
Posted Dec 6, 2007
Authored by Martin Obiols Herrera | Site matahari.sourceforge.net

This is a script to obtain a basic shell remotely on unix systems behind firewalls. Client gets commands by periodically polling the server and sends the output back after executing them. Traffic traverses firewall as standard outgoing HTTP GET/POST requests. HTTP requests/responses carry payload b64 encoded.

tags | tool, web, shell, rootkit
systems | unix
MD5 | f2af954042cff389b9466b34890ea5da
ciscoworks-xss.txt
Posted Dec 6, 2007
Authored by Dave Lewis | Site liquidmatrix.org

CiscoWorks versions 2.6 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 9b84cccc8260ebaeb7ba41ddf2ebfff6
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Dec 6, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Fixes and improvements to multithreading code. Various other tweaks.
tags | kernel, encryption
systems | linux
MD5 | 2178acf194f4c99cdee2ddc38cfb7a94
nufw-2.2.10.tar.gz
Posted Dec 6, 2007
Authored by regit | Site nufw.org

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Changes: This is a maintenance release which fixes some bugs.
tags | tool, remote, firewall
systems | unix
MD5 | 07107398521eec44bf7661aa36a7d03c
sinecms-sql.txt
Posted Dec 6, 2007
Authored by KiNgOfThEwOrLd | Site inj3ct-it.org

SineCMS versions 2.3.4 and below with the Calendar module suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8b0c4f06fcf765fe59c902b1942cefc7
adv86-K-159-2007.txt
Posted Dec 6, 2007
Authored by M.Hasran Addahroni | Site advisories.echo.or.id

The Mambo/Joomla component rsgallery versions 2.0 beta 5 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 43b8c1c71f87ee130d5133e667df87dc
opera9-dos.txt
Posted Dec 6, 2007
Authored by Gynvael Coldwind

Opera is vulnerable to a remote denial of service attack, using specially crafted BMP files, that causes the browser to freeze for a short amount of time (around 4 minutes on fast computer).

tags | advisory, remote, denial of service
MD5 | a3edda8658493c8e107b5bba62d7cd2d
mpaa-xss.txt
Posted Dec 6, 2007
Authored by Kristian Hermansen

The MPAA web site suffers from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 3b9dc6bc500b98fcd582ed4ec8eae1bf
Mandriva Linux Security Advisory 2007.237
Posted Dec 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4995
MD5 | 3da9e6824cdc78f35bcc7df2c9865f62
Mandriva Linux Security Advisory 2007.236
Posted Dec 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-4752
MD5 | fbd6eaf14eebbb0b688a45ef45ee6de1
eleytt-various.txt
Posted Dec 6, 2007
Authored by Michal Bucko, Tomasz Polis | Site eleytt.com

Eleytt has discovered cross site scripting and username enumeration vulnerabilities in the IBM Tivoli Provisioning Manager Express, a HTML injection vulnerability in the Computer Associates eTrust Threat Management Console, and a denial of service and remote user addition vulnerability in Gadu-Gadu.

tags | advisory, remote, denial of service, vulnerability, xss
MD5 | 5c1482d536691a3868f0e2029cdfc0df
Ubuntu Security Notice 553-1
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-5197
MD5 | a2d4438d070903934179bd745f3c5e2b
Ubuntu Security Notice 552-1
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 552-1 - It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2007-5116
MD5 | 4bd5e0f01a7720c0a74954c65614f89c
Ubuntu Security Notice 546-2
Posted Dec 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 546-2 - USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960
MD5 | 13b757256e5685b4c55ffd9bb75d453e
HP Security Bulletin 2007-14.94
Posted Dec 6, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited remotely to gain unauthorized access.

tags | advisory
advisories | CVE-2007-6194
MD5 | d13bdc793452435d6d81aa0d4d33f6e3
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close