what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 45 RSS Feed

Files Date: 2007-07-19 to 2007-07-20

Ubuntu Security Notice 486-1
Posted Jul 19, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 486-1 - The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878
SHA-256 | c43fd07d98bdcdf574d108dc5e1dc011c52fb1f9e996c1ead5399d826163c357
msdirectx-heap.txt
Posted Jul 19, 2007
Authored by Ruben Santamarta | Site reversemode.com

Microsoft DirectX is prone to a heap overflow vulnerability due to the improper handling of targa files.

tags | advisory, overflow
SHA-256 | 03e1bb283cdd5f170e5ea16130b2dfe7f4e54b654371ea164596ad7f327b13dd
mdpro108-sql.txt
Posted Jul 19, 2007

MDPro versions 1.0.8x and below suffer from a SQL injection vulnerability.

tags | exploit, sql injection
SHA-256 | cf3fb64d3a003338b94ff80a919744935d72864ec330948cba174b3bd0a3fb76
ashop-multi.txt
Posted Jul 19, 2007
Authored by Timq | Site private-node.net

A-Shop versions 0.70 and below suffer from an arbitrary remote file deletion vulnerability.

tags | exploit, remote, arbitrary
SHA-256 | 69c701335c81bc57d018ba7018dbba52d2c1c453b9cfa03fb52b2312fa5d3d3d
phpbbsupanav-rfi.txt
Posted Jul 19, 2007
Authored by bd0rk | Site soh-crew.it.tt

phpBB module SupaNav version 1.0.0 suffers from a remote file inclusion vulnerability in link_main.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 7f7d83d238605ea7be89dd126554bbb2d156718c18b574bad275d07be1e2cdb5
bbsemarket-rfi.txt
Posted Jul 19, 2007
Authored by mozi, magenkyo.sharingan

BBS E-Market suffers from a remote file inclusion vulnerability in postscript.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | 4ad7c34ccc1d9a40cfeab0a27872cb77fd8ac8d088196d9470ff53cde4e21080
joomlaexpose-rfu.txt
Posted Jul 19, 2007
Authored by Cold z3ro | Site hack-teach.com

The Joomla component Expose versions RC35 and below suffer from a remote permission bypass and file upload vulnerability.

tags | exploit, remote, file upload
SHA-256 | e1198c7ce9f4a598f31467d0ec6afc96d710ec0254cb9494bca270e5e5d7ee28
quickestore-sql.txt
Posted Jul 19, 2007
Authored by meoconx

QuickEStore versions 8.2 and below suffer from a remote SQL injection vulnerability in insertorder.cfm.

tags | exploit, remote, sql injection
SHA-256 | c5410fa34008453ac33d052a118f2ada3d40c6a911b2fc49b1c24b11e3239300
vivvocms-sql.txt
Posted Jul 19, 2007
Authored by ajann

Vivvo CMS versions 3.4 and below remote blind SQL injection exploit that makes use of index.php.

tags | exploit, remote, php, sql injection
SHA-256 | a69abdf9097e0ab7ef918896f37677d7e1759c39599c2f5f6c5e90589987da2d
prmsgid-sql.txt
Posted Jul 19, 2007
Authored by t0pp8uzz, xprog

Pictures Rating suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0d0d7c5579d7eee074bc476a04f77a94df168270b2ecb58fa19abd0944694b07
AstKilla.c
Posted Jul 19, 2007
Authored by fbffff

Asterisk versions below 1.2.22 / 1.4.8 / 2.2.1 chan_skinny remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 64cc8a4e26bfcf491a1f465042972de07fe3bed01e14a2f8ba1b5bedddb0be1d
shatter-mdsysmd.txt
Posted Jul 19, 2007
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Alert - The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.

tags | advisory, denial of service, overflow
advisories | CVE-2007-0272
SHA-256 | b7f6615f0debbfe75e060b13acd0cdd0900a209be592fb4d5cb17d1cc4a86b48
shatter-dbmsdrs.txt
Posted Jul 19, 2007
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Alert - Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.

tags | advisory, overflow
advisories | CVE-2007-0270
SHA-256 | f258346bd6b03df6189ea2005f49b6ab5132d3b45e0b7b60c5b3544cd5a0ca45
Debian Linux Security Advisory 1335-1
Posted Jul 19, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1335-1 - Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2006-4519, CVE-2007-2949
SHA-256 | e3cc558c9a2878d8c4049a3c307564702dffaa0aea5ce8a9307fdff45497c46f
iDEFENSE Security Advisory 2007-07-18.2
Posted Jul 19, 2007
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory 07.18.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Ipswitch Inc.'s IMail Server 2006 could allow attackers to execute arbitrary code. IMail includes an IMAP daemon that users can use to access their email. The "Search" IMAP command contains an exploitable stack-based buffer overflow vulnerability. Additionally, the "Search charset" contains an exploitable heap-based buffer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in IMail Server 2006. The vulnerable executable used was version 6.8.8.1 of imapd32.exe.

tags | advisory, remote, overflow, arbitrary, vulnerability, imap
SHA-256 | 41b52517831a48c279008cd2ef61cce1a4092bccfac20b5f11c5d8229a7a5ded
iDEFENSE Security Advisory 2007-07-18.1
Posted Jul 19, 2007
Authored by iDefense Labs, Ruben Santamarta | Site idefense.com

iDefense Security Advisory 07.18.07 - Exploitation of an input validation vulnerability in Microsoft Corp.'s DirectX library could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability specifically exists in the way RLE compressed Targa format image files are opened. The Targa format allows multiple color depths and image storage options, depths and image storage options, and includes the ability to use run-length encoding (RLE), compression on the image data. This is a compression method which finds a 'run' of the pixels the same color and instead of storing the value multiple times, encodes the number of times to repeat one value. For example, instead of storing 'AAAAAAAA', it may encode that into 'store "A" 8 times'. The buffer allocated for the image data is based on the width, height and color depth stored in the image, but when decoding this type of file, no checks against writing past the end of the buffer are performed. If the encoding specifies more data than has been allocated, a controlled heap overflow can occur. iDefense has confirmed that libraries in Microsoft's DirectX SDK (February 2006) are vulnerable, as are the DirectX End User Runtimes (February 2006). It is suspected that previous versions are also affected, including the DirectX 9.0c End User Runtimes.

tags | advisory, overflow, arbitrary
advisories | CVE-2006-4183
SHA-256 | 65a8ef11d3c0825d101a4d5aa33da3d8ed332c01adf3fd8cffe1d192e5863ced
Technical Cyber Security Alert 2007-199A
Posted Jul 19, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-199A - The Mozilla web browser and derived products contain several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.

tags | advisory, remote, web, arbitrary, vulnerability
SHA-256 | c32bc157e563bb62e88896d05d61ede8874cc375bb38d0a8f5c4a55c35789dd8
Debian Linux Security Advisory 1334-1
Posted Jul 19, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1334-1 - A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-2754
SHA-256 | 06bb6b4b71b546ba421a4a5a243648d9e55cc79d1ce6286d82e281db63340834
Debian Linux Security Advisory 1333-1
Posted Jul 19, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1333-1 - It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2007-3564
SHA-256 | c66ca293c05c3b36f5c6ee4f60fb3186da8dbb802b573969ef931bd0c00e4a8f
Cisco Security Advisory 20070718-waas
Posted Jul 19, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Wide Area Application Services (WAAS) software contains a denial of service (DoS) vulnerability that may cause some devices that run WAAS software (WAE appliance and NM-WAE-502 module) to stop processing all types of traffic, including data traffic and management traffic.

tags | advisory, denial of service
systems | cisco
SHA-256 | f38de46e77ff65f9e1dcdb31e6cf46b7742c54bef88b002902e54ff2d2beeab0
ledgersmb-bypass.txt
Posted Jul 19, 2007
Authored by Chris Travers

LedgerSMB versions 1.2.0 through 1.2.6 suffer from an authentication bypass.

tags | advisory, bypass
SHA-256 | 095c2dbf209d876105110d06020263404fc91e57fbd9e2597f5c50ee7e4d301b
STEGASRC201.zip
Posted Jul 19, 2007
Authored by Asko Vuori

STEGA is a tiny 4058 byte steganography program that will hide files inside of BMP/GIF/PCX/TGA pictures, VOC/WAV sound files, RAW 8-bit data file, or LST/TXT text files.

tags | encryption, steganography
SHA-256 | 155cb312c55a1ef6aa20e9846975b8bef7dbb92b4ae37506bac88df4454afc05
oracle_apex_sql_injection_check_db_password.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle APEX suffers from a SQL injection vulnerability in the function wwv_flow_security.check_db_password.

tags | advisory, sql injection
SHA-256 | be85cdf82928543a15cd632048bd34f09111e4e5b7b86a1a31f11c3889e30768
oracle_sql_injection_dbms_prvtaqis.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in package DBMS_PRVTAQIS.

tags | advisory, sql injection
SHA-256 | 8f517541964af9ad28be18b98dc9a458db1af887ce0fdafcc0226c566e46723b
oracle_cpu_jul_2007.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g Release 2 allow updates, deletes and inserts via specially crafted views without having the right privileges.

tags | advisory
SHA-256 | f648f25b709a85c097126511d08bafb72d2ced88a799165bf3975637df3a482d
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close