exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 39 of 39 RSS Feed

Files Date: 2007-11-01 to 2007-11-02

Zero Day Initiative Advisory 07-064
Posted Nov 1, 2007
Authored by Tipping Point, uvinc | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell software which utilize the Novell Client Trust. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Novell Client Trust application, clntrust.exe, which listens by default on UDP port 3024 on Novell client machines. During a validation request, the Client Trust process copies a user-supplied Novell tree name until a wide-character backslash or a NULL is encountered. If neither is found within the data, the process will copy excess data which later overflows a static buffer during a call to wsprintfA. BorderManager version 3.8 is affected.

tags | advisory, remote, overflow, arbitrary, udp
advisories | CVE-2007-5767
SHA-256 | 9350aec3d8769fc8d19d02e0ee5ad4f8e02c94b3ad788ab080bda817d61b9568
Secunia Security Advisory 27441
Posted Nov 1, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Apple has acknowledged some vulnerabilities in Apple Xcode, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
systems | apple
SHA-256 | 4343d65a57700299a0fbe6b3194e7db295b220c5a92aecefc450bd639530b084
Zero Day Initiative Advisory 07-063
Posted Nov 1, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined size field in the RA header. Specifying a large unsigned value data can trigger a heap corruption and further result in arbitrary code execution under the context of the logged in user. RealPlayer version 6.x is affected.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2007-2264
SHA-256 | bfe5e169e16e4573b31c1d946486c9635a80c5cc7312448f5d3b05984f95cf44
Zero Day Initiative Advisory 07-062
Posted Nov 1, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .pls file or visit a malicious web site. The specific flaw exists during the parsing of corrupted playlist files. Malicious corruption causes RealPlayer to call into a static heap address which can be leveraged by an attacker resulting in arbitrary code execution under the context of the logged in user. RealPlayer version 10.5 is affected.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2007-4599
SHA-256 | 8d7c732b892d944bb831537a16cb1d7ed639ab61dcfb03bc720e3f76da7fd1a6
Zero Day Initiative Advisory 07-061
Posted Nov 1, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's parsing of SWF files. The SWF rendering DLL RealPlayer uses fails to properly handle malformed record headers leading to an exploitable overflow. An attacker could exploit this vulnerability using an ActiveX control {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} and embedding the malicious swf file in the page or by convincing an affected user to directly open a SWF file using RealPlayer. RealPlayer version 10.5 is affected.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2007-2263
SHA-256 | a9ae3f8eb941836aa5d8a47fb064d534c038d3274df77e52f785d11a0f3d844b
Zero Day Initiative Advisory 07-060
Posted Nov 1, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to access arbitrary files on systems with vulnerable installations of Hewlett-Packard OpenView Radia Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server bound by default to TCP port 3465. Insufficient checks on URLs containing paths such as '~root' allows attackers to access arbitrary files in the underlying OS. Accessing configuration files that contain LDAP and database credentials can lead to further compromise.

tags | advisory, remote, web, arbitrary, root, tcp
advisories | CVE-2007-5413
SHA-256 | af925338a7cf70c91fe32c9bd6931bda87f7ed85ea2a9df0ad0a8003cb578315
Zero Day Initiative Advisory 07-059
Posted Nov 1, 2007
Authored by Tipping Point, Eric DETOISIEN | Site zerodayinitiative.com

Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of the currently logged in user. The problem lies when copying user supplied data to a stack based buffer without any boundary conditions.

tags | advisory, overflow, vulnerability
SHA-256 | 4863ff0d14c0d7c847a96dda4581225ea04b1b5536d6a6fa81b49fe813521e2e
Zero Day Initiative Advisory 07-058
Posted Nov 1, 2007
Authored by Joxean Koret, Tipping Point | Site zerodayinitiative.com

This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. E-Business Suite 11 and 12 are affected.

tags | advisory, remote, arbitrary
advisories | CVE-2007-5766
SHA-256 | 96684c7132ac3e55d227aa3711a66591be381cb18aa2e292f322af5e49447875
Secunia Security Advisory 27233
Posted Nov 1, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 3cd1ecaffd2d61c069df4ab81179503366ae09f29b1300da90d41ab5535daeb6
Secunia Security Advisory 27412
Posted Nov 1, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Symantec Altiris Deployment Solution, which can be exploited by malicious, local users to disclose potentially sensitive information and gain escalated privileges.

tags | advisory, local, vulnerability
SHA-256 | 471fc3765894f60fc028c65ad227dfde08092fbc4518cd6e7e865325e0ae5395
Secunia Security Advisory 27451
Posted Nov 1, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | 0b23f27ba145c1278a2a74369066b8eabcec4da944eea41fed8cf2291ce56045
Secunia Security Advisory 27459
Posted Nov 1, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya CMS and IR, which can be exploited by malicious people to poison the DNS cache.

tags | advisory
SHA-256 | 7d58e1de583aac5d25b60534f2de4f19b985b91b441fc313755369c5210d43fa
Secunia Security Advisory 27464
Posted Nov 1, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in WebSphere Application Server Community Edition, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 03a2bf6f8d5efcca6f9ccc3cbe67425479ebc9236e77a690d749c522fa709e9a
Secunia Security Advisory 27465
Posted Nov 1, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in AIX, which can be exploited by malicious people to poison the DNS cache.

tags | advisory
systems | aix
SHA-256 | 0cba1b964bfaa01dbd302fc378299f5de1b046f7763e6ec6af0aefbc8a8a2a1a
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close