what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 492 RSS Feed

Files

Debian Linux Security Advisory 1283-1
Posted May 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1283-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-1286, CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1454, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777, CVE-2007-1824, CVE-2007-1887, CVE-2007-1889, CVE-2007-1900
SHA-256 | c54d56268b90168aacfce8d14ed3df2d22e9234134cbe834f81eef7a9f542934
Gentoo Linux Security Advisory 200704-23
Posted May 3, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200704-23 - The bufprint() function in capi4k-utils fails to properly check boundaries of data coming from CAPI packets. Versions less than 20050718-r3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1217
SHA-256 | e75174b4e7229a23068160b8810cf0e4285e4e7c2d2d34e02697deae91238369
Gentoo Linux Security Advisory 200704-22
Posted May 3, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200704-22 - BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid() fails due to a user exceeding assigned resource limits. Versions less than 0.7.1 are affected.

tags | advisory, root
systems | linux, gentoo
advisories | CVE-2006-2916, CVE-2006-4447
SHA-256 | b56ad1169d97afa91c41909932984316ec9f981b85162a450a6f0d132af19acc
afflib-overflows.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple buffer overflows exist in AFFLIB version 2.2.0. Earlier versions may also be affected.

tags | advisory, overflow
advisories | CVE-2007-2053
SHA-256 | 559b496c894460a6c954813164a9b04a3bee9aa0a0423d28cdfb43a930ac0ea6
afflib-toctou.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - A Time-of-Check-Time-of-Use file race condition exists in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory
advisories | CVE-2007-2056
SHA-256 | 198a217781a92be69e6ee7057a6ba2ab8414efcd5535a2834fc9fd680333a5e1
afflib-shellinject.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple shell metacharacter injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory, shell, vulnerability
advisories | CVE-2007-2055
SHA-256 | 1b4c3f3ed71f7e73122c92241745552bde104cc387630e22fec3523c20c385af
afflib-fmtstr.txt
Posted May 3, 2007
Authored by Timothy D. Morgan | Site vsecurity.com

Virtual Security Research, LLC. Security Advisory - Multiple format string injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.

tags | advisory, vulnerability
advisories | CVE-2007-2054
SHA-256 | 1ebfffd144ea043de56b7a47b8351819da202d7d00c1f818e3aa9b8b67cf0c04
iDEFENSE Security Advisory 2007-04-26.3
Posted May 3, 2007
Authored by iDefense Labs, Pravus | Site idefense.com

iDefense Security Advisory 04.26.07 - Norton Ghost allows administrators and other power users to schedule snapshots of local disks for backup and recovery purposes. If these recovery points are set to save to a remote network share Ghost will prompt the user to enter a user name and password for the share. Password information entered into Ghost for this purpose is encrypted and saved to the local file system in the applications home directory which has read access allowed for all users. The encryption key used by Ghost to decrypt these stored credentials is derived from the MD5 hash of the plain text user name stored in the configuration file. Since every user on the system has read access to these configuration files, any user can decrypt the stored passwords. iDefense verified the existence of this vulnerability on Norton Ghost 10.0. Other versions may be vulnerable as well.

tags | advisory, remote, local
SHA-256 | 69bed37f1cc9ea0f70dde0f99a8dd66d79f82e97644a049fa71d831606047e64
iDEFENSE Security Advisory 2007-04-26.2
Posted May 3, 2007
Authored by iDefense Labs, Pravus | Site idefense.com

iDefense Security Advisory 04.26.07 - Local exploitation of a buffer overflow vulnerability in Norton Ghost could allow local attackers to run code as the SYSTEM level user. Norton Ghost Service Manager is a Local Server COM object that allows privileged Ghost Backup Operators the ability to take and restore Ghost images of the system. A function within the Service Manager can be used to trigger a buffer overflow by supplying an overly long string. iDefense verified the existence of this vulnerability on Norton Ghost 10.0. Other versions may be vulnerable as well.

tags | advisory, overflow, local
SHA-256 | a49bad2ffb7eaf68d8ecfeaff769404e2e5909da2c9c7b9742fefc10f63d5cec
Ubuntu Security Notice 454-1
Posted May 3, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 454-1 - PostgreSQL did not handle the "search_path" configuration option in a secure way for functions declared as "SECURITY DEFINER". Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. The updated version does not search the temporary table schema for functions and operators any more.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-2138
SHA-256 | f18051df98728bdb9d0d5c4ddf38e3dfda0b0ac07fb02ae43883acbbb9a61897
Ubuntu Security Notice 455-1
Posted May 3, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 455-1 - A slew of vulnerabilities for PHP5 have been patched.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1824, CVE-2007-1887, CVE-2007-1888, CVE-2007-1900
SHA-256 | 9221520c5009cf2bb524114fcbffb5b8b2f37131a7f6950913a67f0b3757c552
iDEFENSE Security Advisory 2007-04-26.1
Posted May 3, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.26.07 - Remote exploitation of a denial of service (DoS) vulnerability in Novell Inc.'s eDirectory product could allow an attacker to force the running daemon to cease servicing requests. The problem specifically exists within the NCP functionality of eDirectory. Sending a sequence of specially crafted fragmented requests will cause a DoS condition. iDefense has confirmed the existence of this vulnerability in version 8.8.1 of Novell Inc.'s eDirectory server with FTF1 applied. The earliest version tested was 8.8. Earlier versions are suspected to be vulnerable.

tags | advisory, remote, denial of service
advisories | CVE-2006-4520
SHA-256 | fa292e34397fa7b89a48136f581c39d62a5b7fa1f874b65182bda026df688e20
Debian Linux Security Advisory 1282-1
Posted May 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1282-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, debian
advisories | CVE-2007-1286, CVE-2007-1380, CVE-2007-1521, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777
SHA-256 | 7ec224cc79934c8400f1eb14d8eb03497068b510b20f6a1dd71053bcb0573561
Ubuntu Security Notice 453-2
Posted May 3, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 453-2 - USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2007-1667
SHA-256 | 28a024826f5a804f2b9463b2c3cef896e2bc3556773dc0afac85daecdecbce32
CA Security Advisory 35277
Posted May 2, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA CleverPath Portal contains a vulnerability that can allow a local attacker to access confidential data. The vulnerability is due to insufficient filtering of SQL search queries. CA has issued a patch to address the vulnerability.

tags | advisory, local
advisories | CVE-2007-2230
SHA-256 | ea5c74d47d854c08f37384a948d4e8b4340a0d0bb6f3ef77f923334836a16891
CA Security Advisory 35198
Posted May 2, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

CA BrightStor ARCserve Backup Media Server contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2007-1785, CVE-2007-2139
SHA-256 | 50cf00ebba6e500a55c1f41bdda6ade451e15f3fa8050b06f214c5c44a6563ac
Mandriva Linux Security Advisory 2007.094
Posted May 2, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-2138
SHA-256 | 8cc1ac4a80b355d4c1721d43dc91f57910fd2fe18e2257ae704b722847c3b61b
iedos-issue.txt
Posted May 2, 2007
Authored by Lostmon | Site lostmon.blogspot.com

Microsoft Internet Explorer contains a flaw that may allow a malicious user to cause IE7 to enter a loop in which IE7 become unresponsive resulting in a recoverable denial of service issue.

tags | advisory, denial of service
SHA-256 | 256971975add3b951de70cc573186c1d338f04c0aeee83d44f1c21fc71a2ca5e
Debian Linux Security Advisory 1281-1
Posted May 2, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1281-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit.

tags | advisory, remote, vulnerability, virus
systems | linux, debian
advisories | CVE-2007-1745, CVE-2007-1997, CVE-2007-2029
SHA-256 | a38856b0a907ccadaf909ee556571f3e4f9135fa58530ccb485635894387737c
ieff-split.txt
Posted May 2, 2007
Authored by Stefano Di Paola | Site wisec.it

Firefox and Internet Explorer are prone to HTTP request splitting when Digest Authentication occurs.

tags | advisory, web
SHA-256 | edf659ed906fc3bd6c2fc58b554242e8d5cd97e23770a48f1df6a9e2d0681852
Cisco Security Advisory 20070425-nfc
Posted May 2, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Versions of Cisco Network Services (CNS) NetFlow Collection Engine (NFC) prior to 6.0 create and use default accounts with identical usernames and passwords. An attacker with knowledge of these accounts can modify the application configuration and, in certain instances, gain user access to the host operating system.

tags | advisory
systems | cisco
SHA-256 | 9c79e5bb8d27389268617026e51d566e3bf51a42633a44ac6a7fa0202dee1fe0
ASA-2007-012.txt
Posted Apr 25, 2007
Site asterisk.org

Asterisk Project Security Advisory - The Asterisk Manager Interface has a remote crash vulnerability. If a manager user is configured in manager.conf without a password, and then a connection is made that attempts to use that username and MD5 authentication, Asterisk will dereference a NULL pointer and crash.

tags | advisory, remote
SHA-256 | a17f68d00918d6d34071de5f8df573e502384f3fa913837d7bf6360c91718452
ASA-2007-011.txt
Posted Apr 25, 2007
Authored by qwerty1979 | Site asterisk.org

Asterisk Project Security Advisory - Multiple problems have been identified in the Asterisk SIP channel driver (chan_sip) when handling response packets from other SIP endpoints.

tags | advisory
SHA-256 | 1466bb9117813fc5de7943aeb33b93d1848fb5d8fe9fe5ea4eb00860aa85e899
ASA-2007-010.txt
Posted Apr 25, 2007
Authored by Barrie Dempster | Site asterisk.org

Asterisk Project Security Advisory - Two closely related stack based buffer overflows exist in the SIP/SDP handler of Asterisk, the vulnerabilities are very similar but exist as two separate unsafe function calls.

tags | advisory, overflow, vulnerability
SHA-256 | a949bf50c43304dfaf9a9feae5a4076f7dd8a9e29097cee33dd9e616bb3fe0b7
Zero Day Initiative Advisory 07-022
Posted Apr 25, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.

tags | advisory, arbitrary
advisories | CVE-2007-2139
SHA-256 | 5f051d451b1cb655c302560bb76e182d99aa01278266b8298e9a10f46856cb50
Page 1 of 20
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close