Section: .. / 0507-advisories /
| /// File Name: |
07.05.05.txt |
Description:
|
iDEFENSE Security Advisory 07.05.05 - Remote exploitation of a buffer overflow in Adobe Acrobat Reader for Unix could allow an attacker to execute arbitrary code. iDEFENSE has confirmed the existence of this vulnerability in Adobe Acrobat Reader version 5.0.9 for Unix and Adobe Acrobat Reader version 5.0.10 for Unix. Adobe Acrobat for Windows is not affected. Adobe Acrobat 7.0 for Unix is not affected.
| | Homepage: | http://www.idefense.com | | File Size: | 4304 | | Related CVE(s): | CAN-2005-1625 | | Last Modified: | Jul 7 10:43:11 2005 |
| MD5 Checksum: | 161cd1396112c87e0a7be61abd3f7db5 |
|
| /// File Name: |
07.12.05.txt |
Description:
|
iDEFENSE Security Advisory 07.12.05 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word could allow execution of arbitrary code. A specially crafted .doc file, containing long font information, can cause Word to overwrite stack space. No checks are made on the length of data being copied, allowing the return address on the stack to be overwritten.
| | Homepage: | http://www.idefense.com | | File Size: | 3369 | | Related CVE(s): | CAN-2005-0564 | | Last Modified: | Jul 13 08:47:05 2005 |
| MD5 Checksum: | 7c0686309820251406b07fd09cba93a2 |
|
| /// File Name: |
07.14.05.txt |
Description:
|
iDEFENSE Security Advisory 07.14.05 - Remote exploitation of a denial of service vulnerability in Sophos Plc.'s Sophos Anti-Virus engine allows attackers to exhaust CPU resources on the target system and prevent further scans.
| | Homepage: | http://www.idefense.com/ | | File Size: | 5229 | | Related CVE(s): | CAN-2005-1530 | | Last Modified: | Jul 15 07:48:10 2005 |
| MD5 Checksum: | af57f77b93fcea88a7af2bea336ea153 |
|
| /// File Name: |
6.adv.en.txt |
Description:
|
PHPSlash versions 0.7.1, 0.7.2, and 0.8.* suffer from an input validation flaw that can allow for account hijacking.
| | Author: | tobozo, crashfr | | Homepage: | http://www.phpsecure.info | | File Size: | 6420 | | Last Modified: | Jul 8 09:00:49 2005 |
| MD5 Checksum: | 9c23c1c98291688b6675ae1321e5603d |
|
| /// File Name: |
AD20050713.txt |
Description:
|
Darwin Streaming Server is distributed with a web-based admin application that allows it to be configured through a web browser. Version 5.5 and below of the Windows 2000/2003 Server distribution of this package is vulnerable to a denial of service.
| | Author: | Sowhat | | Homepage: | http://secway.org/ | | File Size: | 1465 | | Last Modified: | Jul 14 07:49:16 2005 |
| MD5 Checksum: | 23f820319e8487803b8b02f173f81e4b |
|
| /// File Name: |
adv4.pdf |
Description:
|
A race condition vulnerability has been found in the ia32 compatibility execve() systemcall of the Linux kernel. The race condition may lead to heap corruption. Versions up to 2.4.31 and 2.6.6 are affected.
| | Author: | Ilja van Sprundel | | Homepage: | http://www.suresec.org/ | | File Size: | 56041 | | Related CVE(s): | CAN-2005-1768 | | Last Modified: | Jul 12 16:35:56 2005 |
| MD5 Checksum: | d3d8659f1b53b656ded2430e67270208 |
|
| /// File Name: |
advisory-20050718-1.txt |
Description:
|
KDE Security Advisory: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by other users. All maintained versions of Kate and Kwrite as shipped with KDE 3.2.x up to including 3.4.0. KDE 3.1.x and older and KDE 3.4.1 and newer are not affected.
| | Homepage: | http://www.kde.org/ | | File Size: | 1692 | | Related CVE(s): | CAN-2005-1920 | | Last Modified: | Jul 19 16:30:43 2005 |
| MD5 Checksum: | f7346e280ce9a768445fd5983b052faf |
|
| /// File Name: |
advisory-20050721-1.txt |
Description:
|
KDE Security Advisory: Kopete contains a copy of libgadu that is used if no compatible version is installed in the system. Several input validation errors have been reported in libgadu that can lead to integer overflows and remote DoS or arbitrary code execution. All versions of Kopete as included in KDE 3.3.x up to including 3.4.1 are affected. KDE 3.2.x and older are not affected.
| | Homepage: | http://www.kde.org/ | | File Size: | 1457 | | Related CVE(s): | CAN-2005-1852 | | Last Modified: | Jul 22 08:27:15 2005 |
| MD5 Checksum: | 6501bb5db4bff1d0c1010613d599b16c |
|
| /// File Name: |
advisory_122005.60.txt |
Description:
|
UseBB versions 0.5.1 and below suffer from multiple SQL injection and cross site scripting vulnerabilities.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net | | File Size: | 3763 | | Last Modified: | Aug 5 07:09:13 2005 |
| MD5 Checksum: | 87efe74fcdd09005ec610e4a68e249d4 |
|
| /// File Name: |
AKSEC2003-006-1.txt |
Description:
|
Red-Database-Security GmbH Advisory - Oracle JDeveloper versions 9.0.4, 9.0.5, and 10.1.2 suffer from a security issue where they pass a plaintext password to sqlplus.
| | Author: | Alexander Kornbrust | | File Size: | 1513 | | Last Modified: | Jul 14 08:42:30 2005 |
| MD5 Checksum: | a576fbd781d4c8559863c28d5fa3a865 |
|
| /// File Name: |
AKSEC2003-006-2.txt |
Description:
|
Red-Database-Security GmbH Advisory - Oracle JDeveloper versions 9.0.4, 9.0.5, and 10.1.2 suffer from a security issue where they store passwords in the clear.
| | Author: | Alexander Kornbrust | | File Size: | 2288 | | Last Modified: | Jul 14 08:43:23 2005 |
| MD5 Checksum: | 608c9ca6dec15c8f0b02322d92daae0b |
|
| /// File Name: |
AKSEC2003-006-3.txt |
Description:
|
Red-Database-Security GmbH Advisory - Oracle Formsbuilder version 9.0.4 fails to remove files from a temporary directory after closing. These files hold passwords.
| | Author: | Alexander Kornbrust | | File Size: | 2074 | | Last Modified: | Jul 14 08:48:26 2005 |
| MD5 Checksum: | 2cef080dc4e7896f94e564725ae681e4 |
|
| /// File Name: |
AKSEC2003-006-4.txt |
Description:
|
Red-Database-Security GmbH Advisory - Oracle Forms 4.5, 6.0, 6i, and 9i suffer from an insecure file handling vulnerability.
| | Author: | Alexander Kornbrust | | File Size: | 1815 | | Last Modified: | Jul 14 08:49:53 2005 |
| MD5 Checksum: | e39f324207c12fc43e92605857b13548 |
|
| /// File Name: |
aresFileshare11.txt |
Description:
|
Remote exploitation of a buffer overflow vulnerability in Ares FileShare 1.1 could allow execution of arbitrary code.
| | Author: | Kozan, ATmaCA | | Homepage: | http://www.spyinstructors.com | | File Size: | 2469 | | Last Modified: | Jul 28 08:01:55 2005 |
| MD5 Checksum: | 9f8531c7ad4ee83dcb611769af317c7f |
|
| /// File Name: |
aspRCP.txt |
Description:
|
ASP.NET RCP/Encoded web services suffer from a denial of service vulnerability.
| | Author: | Bryan Sullivan, Sacha Faust | | File Size: | 4482 | | Last Modified: | Jul 12 16:50:27 2005 |
| MD5 Checksum: | dba0ffc66a8e5d63a0926d92a9259bb1 |
|
| /// File Name: |
bedatecRealchat.txt |
Description:
|
Realchat version 3.5.1b fails to properly authenticate any logins allowing for user impersonation.
| | Author: | Andreas Beck | | Homepage: | http://www.bedatec.de/ | | File Size: | 3647 | | Last Modified: | Jul 28 07:28:56 2005 |
| MD5 Checksum: | 292651db262bcf3159bbd5181c2566b4 |
|
| /// File Name: |
belkinWireless.txt |
Description:
|
Belkin wireless routers appear to ship with a default telnetd backdoor, password-less administrative account, and other oddities.
| | Author: | pagvac (Adrian Pastor) | | File Size: | 17241 | | Last Modified: | Jul 15 18:24:55 2005 |
| MD5 Checksum: | a80790d2121644bc9455f8505bb395be |
|
| /// File Name: |
bitdefend161.txt |
Description:
|
The BitDefender engine versions 1.6.1 and below only scan the first attachment in a message and ignore the rest.
| | Author: | x a i t a x - s e c u r i t y | | Homepage: | http://xaitax.de | | File Size: | 2283 | | Last Modified: | Jul 15 07:44:11 2005 |
| MD5 Checksum: | 03cd8a2c1be82415b7aa03712a964883 |
|
| /// File Name: |
bugzillaLeak.txt |
Description:
|
Bugzilla versions prior to 2.18.2 are susceptible to multiple information leak vulnerabilities.
| | Author: | Frederic Buclin, Matthias Versen, Joel Peshkin, Myk Melez | | File Size: | 3914 | | Last Modified: | Jul 9 09:22:17 2005 |
| MD5 Checksum: | 7a22002a753c17e2d63241b5e72a623e |
|
| /// File Name: |
cactiSQL086e-bypass.txt |
Description:
|
Cacti versions 0.8.6e and below suffer from a bypass vulnerability.
| | Author: | Stefan Esser | | File Size: | 5705 | | Last Modified: | Jul 7 09:37:16 2005 |
| MD5 Checksum: | 8a450717ab6be045b80d9adc44587e11 |
|
| /// File Name: |
cactiSQL086e-exec.txt |
Description:
|
Cacti versions 0.8.6e and below suffer from a remote command execution vulnerability.
| | Author: | Stefan Esser | | File Size: | 5745 | | Last Modified: | Jul 7 09:36:39 2005 |
| MD5 Checksum: | 28a380b8974a64655416e4c86b805aa8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
