what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2007-05-11 to 2007-05-12

phpmur-xss.txt
Posted May 11, 2007
Authored by the_Edit0r | Site xmors-security.com

phpMUR suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 82f4cc9a99107138fbbffd8cfbc8689961ae78f46e1cabe25aed7f6c8252995f
iDEFENSE Security Advisory 2007-05-10.3
Posted May 11, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.10.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Apple Inc.'s Darwin Streaming Proxy allows attackers to execute arbitrary code with the privileges of running service, usually root. Due to insufficient sanity checking, a stack-based buffer overflow could occur while trying to extract commands from the request buffer. The "is_command" function, located in proxy.c, lacks bounds checking when filling the 'cmd' and 'server' buffers. Additionally, a heap-based buffer overflow could occur while processing the "trackID" values contained within a "SETUP" request. If a request with more than 32 values is encountered, memory corruption will occur. iDefense has confirmed the existence of these vulnerabilities in Darwin Streaming Server 5.5.4 and Darwin Streaming Proxy 4.1. It is suspected that earlier versions are also vulnerable.

tags | advisory, remote, overflow, arbitrary, root, vulnerability
systems | apple
advisories | CVE-2007-0749, CVE-2007-0748
SHA-256 | f78fee0d8b63de9cc27fccb559c04b01ce3724d7bc2dcedabc6b197b5c472d26
iDEFENSE Security Advisory 2007-05-10.2
Posted May 11, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.10.07 - Remote exploitation of a buffer overflow vulnerability within Novell Inc.'s NetMail allows attackers to execute arbitrary code with the privileges of the service. This vulnerability specifically exists within the SSL version of the "NMDMC.EXE" service. The application does not perform sufficient input validation when copying data into a fixed size stack buffer. When processing a specially crafted request made to this service, a stack-based buffer overflow occurs leading to corruption of program control registers saved on the stack. iDefense has confirmed the existence of this vulnerability within version 3.52e_FTF2 of Novell Inc's NetMail. Older versions are suspected to be vulnerable.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 7c4224fd04fdf501163a3652b70255e6a67bedbbac0803f93921ededa636574a
iDEFENSE Security Advisory 2007-05-10.1
Posted May 11, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.10.07 - Local exploitation of a design error vulnerability in the srsexec binary optionally included in Sun Microsystems Inc., Solaris 10 allows attackers to gain access to sensitive information, such as the root password hash. The vulnerability specifically exists because of a failure to drop permissions or check the permissions on the file specified for the target file. If a user specified verify only mode (-v) as well as debug mode (-d), and specified a protected file such as /etc/shadow, srsexec will display the first line of /etc/shadow in the debug messages. iDefense has confirmed the existence of this vulnerability in Solaris 10 with the SUNWsrspx package installed.

tags | advisory, local, root
systems | solaris
SHA-256 | b0cb09576fffd6a9ae951ce05d4db56aeefe07c697fb437b66ae44d3dee246bc
iDEFENSE Security Advisory 2007-05-09.2
Posted May 11, 2007
Authored by iDefense Labs, binagres | Site idefense.com

iDefense Security Advisory 05.09.07 - Local exploitation of a buffer overflow vulnerability in Computer Associates International Inc.'s (CA) eTrust Antivirus allows attackers to execute arbitrary code with SYSTEM privileges. The Task Service component of eTrust Antivirus, InoTask.exe, is used to schedule and execute tasks such as scanning the system for virii. The service uses a shared file mapping to share information about scheduled tasks. The file mapping has a NULL security descriptor, which allows any user to modify its contents. By modifying a string inside of this mapping an attacker can trigger a stack based overflow in the InoTask process. iDefense confirmed that CA eTrust Antivirus r8 on Windows is vulnerable.

tags | advisory, overflow, arbitrary, local
systems | windows
advisories | CVE-2007-2523
SHA-256 | 23745af47fac9dfdd602231dff89be840467e8837cb44af4d3af559b2314a15f
squirrel-csrf.txt
Posted May 11, 2007
Authored by Avinash Shenoi, Vivek Relan

SquirrelMail versions 1.4.8-4.fc6 and below are susceptible to a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | c6523cb6f9240785bc1be6778c5fb6692dfcce73d99be8855036977ff696f739
Gentoo Linux Security Advisory 200705-13
Posted May 11, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-13 - iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are used to process DCM and XWD files. Versions less than 6.3.3 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-1797
SHA-256 | 4b00eb3f21d36bc2732e635d2ac4b591b01b0967a343cf468344db2da2c66f6c
Gentoo Linux Security Advisory 200705-12
Posted May 11, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-12 - An error involving insecure search_path settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Versions less than 8.0.13 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-2138
SHA-256 | 34d2224268a137d54c76ded99e6d07e4106235b06f0ffb7104ba62c314f4fab4
secunia-iehtml.txt
Posted May 11, 2007
Authored by JJ Reyes | Site secunia.com

Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of HTML objects as a CMarkup object is used in certain cases after it has been freed. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code.

tags | advisory, web, arbitrary
advisories | CVE-2007-0947
SHA-256 | bd9fbc1b569234a863aa82f6487b629aac76b61d799bbed6b1f29904dafd3d50
secunia-bearshare.txt
Posted May 11, 2007
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in BearShare, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the NCTAudioFile2.AudioFile ActiveX control when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method. BearShare version 6.0.2.26789 is affected.

tags | advisory, overflow, activex
advisories | CVE-2007-0018
SHA-256 | dbc7db2e6f1936fe435111cb1d2036c76efcb80ed20555b401a15cf6773cc0de
Mandriva Linux Security Advisory 2007.101
Posted May 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2438
SHA-256 | 47d095c34a87489ebce6d5d79410de588957dfaacc3076c387a39116aeb7f7af
Secunia Security Advisory 25140
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jean-Sebastien Guay-Leroux has reported a vulnerability in Avira AntiVir, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | da50ab86ce4c28ff3c0e18911b16adf6d6b0ea1eeb873f572992422da09f8f49
Secunia Security Advisory 25172
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in various Symantec products, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | b0f9362a524212c9b1a32e526fa2c19913c66ae2cf6a1faab57c02a340239ab3
Secunia Security Advisory 25182
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for vim. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, mandriva
SHA-256 | 1f2281298790917ce7a292de287d54086babaf645f834e83ab094cef9cd8fd04
Secunia Security Advisory 25188
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Neil Kettle has reported a vulnerability in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 6e6cab633bbb04e3a23a4e02a15079c946b89c3abf76d607b40c9b8621ca8e30
Secunia Security Advisory 25199
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious users and malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | cisco
SHA-256 | be2408133a3192ff8aee88008ddc52d03ff724523208681a9ad94831cd610761
Secunia Security Advisory 25200
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | b36fe0dcea33acbca03469dfce1bb833bc3ad17672306ab8a19f4dda57a6756a
Secunia Security Advisory 25207
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in SurgeMail, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | 4f7b778a71b48cbcc28bf2f8d1ddf2423512bc5afb3c9db47fdd77155e738f46
Secunia Security Advisory 25210
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mahmood_ali has discovered a vulnerability in phpMyPortal, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 1f110097df3687aacc89a4655da9d2c7d1164310c0e0ff0d30ce436f71fb37cc
Secunia Security Advisory 25216
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in Avaya CMS and IR, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
SHA-256 | d6d91002ec9f478e5ed462a32077cb69cc07333798a54446f80526f65925937c
Secunia Security Advisory 25222
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Silentz has discovered some vulnerabilities in TutorialCMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 64a655447960d2e2522b72ea80e4276a79ae7b7e100ef50479afeb507222d1c1
Secunia Security Advisory 25223
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Silentz has discovered a vulnerability in SimpleNews, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | d1a9b4e20f8af2ecace27167673c8f4f97b144f19ff5adaa14254a66deafae96
Secunia Security Advisory 25224
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in AForum, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 7c24808eaf3162bc3bedab1e22e2f4261a5598b93248e38cc30d057c7ca8ccbf
Secunia Security Advisory 25226
Posted May 11, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges, and by malicious people to cause a DoS.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, suse
SHA-256 | a42415ddfe087e5f58d26dd20cd551067fd6215b8892080496010a30aebd2394
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close