Section: .. / 0707-advisories /
| /// File Name: |
n.runs-SA-2007.022.txt |
Description:
|
All Norman Antivirus solutions suffer from a detection bypass vulnerability in the .DOC OLE2 file parsing functionality.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 7590 | | Last Modified: | Jul 24 06:05:10 2007 |
| MD5 Checksum: | 9c9843a19bca58bc2492162d88b11833 |
|
| /// File Name: |
n.runs-SA-2007.023.txt |
Description:
|
All Norman Antivirus solutions suffer from a divide by zero vulnerability in the .DOC OLE2 file parsing functionality.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 7569 | | Last Modified: | Jul 24 06:08:41 2007 |
| MD5 Checksum: | 3f6bb068a735b6fe29741ad3f8388cc4 |
|
| /// File Name: |
n.runs-SA-2007.024.txt |
Description:
|
A denial of service vulnerability exists in CA eTrust Antivirus when parsing .CHM files. The vulnerability is present in CA eTrust Antivirus software previous to file arclib.dll version 7.3.0.9.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3504 | | Last Modified: | Jul 26 06:58:27 2007 |
| MD5 Checksum: | 3ccad6608188f66db6d7b1df8f6d3985 |
|
| /// File Name: |
NGS-ad.txt |
Description:
|
NGSSoftware has discovered a low risk vulnerability in Active Directory which can allow an unauthenticated user to cause a denial of service condition on any affected system.
| | Author: | Peter Winter-Smith | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 1891 | | Last Modified: | Jul 12 03:13:07 2007 |
| MD5 Checksum: | eca80fa6cf0664aee3fd00b9720dc2cb |
|
| /// File Name: |
NGS-asterisk.txt |
Description:
|
Two closely related stack based buffer overflows exist in the SIP/SDP handler of Asterisk versions below 1.4.3. The vulnerabilities are very similar but exist as two separate unsafe function calls.
| | Author: | Barrie Dempster | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 8146 | | Last Modified: | Jul 7 06:25:05 2007 |
| MD5 Checksum: | 54f4b8909d5f8fafd35f99df3d4562db |
|
| /// File Name: |
NGS-java.txt |
Description:
|
NGSSoftware has discovered a high risk vulnerability in Sun Microsystem's Java Web Start that ships with the JRE and JDK on Windows platforms. The vulnerability affects Java Web Start in JDK and JRE 5.0 Update 11 and earlier versions and Java Web Start in SDK and JRE 1.4.2_13 and earlier versions.
| | Author: | John Heasman | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 2510 | | Last Modified: | Jul 3 02:55:14 2007 |
| MD5 Checksum: | d95b26009be58db3165d46d2da6486ff |
|
| /// File Name: |
opera-redirect.txt |
Description:
|
Opera / Konqueror suffers from an arbitrary redirection vulnerability. It appears that Opera 9.21 and Konqueror 3.5.7 are susceptible.
| | Author: | Robert Swiecki | | Homepage: | http://alt.swiecki.net/ | | File Size: | 1196 | | Last Modified: | Jul 17 09:24:53 2007 |
| MD5 Checksum: | df62c3606813ff0419901df0c1610fe1 |
|
| /// File Name: |
oracle-multi.txt |
Description:
|
Multiple security vulnerabilities have been corrected in the Oracle Business Suite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU). These include SQL injection and cross site scripting vulnerabilities.
| | Author: | Stephen Kost, Jack Kanter | | Homepage: | http://www.integrigy.com/ | | File Size: | 1820 | | Related CVE(s): | CVE-2007-3865, CVE-2007-3866, CVE-2007-3867 | | Last Modified: | Jul 25 05:29:49 2007 |
| MD5 Checksum: | cfd22abaee53757319f1db989c571c46 |
|
| /// File Name: |
phlogger-sql.txt |
Description:
|
Power Phlogger version 2.2.5 suffers from a SQL injection vulnerability.
| | Author: | Attila Gerendi | | File Size: | 1665 | | Last Modified: | Jul 7 04:37:32 2007 |
| MD5 Checksum: | 954077bec66ecb88271007d156d74209 |
|
| /// File Name: |
PR07-20.txt |
Description:
|
A path disclosure issue exists in Webbler CMS version 3.1.3.
| | Author: | Adrian Pastor | | File Size: | 1955 | | Last Modified: | Jul 25 05:51:25 2007 |
| MD5 Checksum: | 26b734c5ceb88073b75a5c716a2295ba |
|
| /// File Name: |
PR07-21.txt |
Description:
|
Webbler CMS version 3.1.3 forms are susceptible to spamming and phishing abuse.
| | Author: | Adrian Pastor | | File Size: | 3234 | | Last Modified: | Jul 25 05:52:29 2007 |
| MD5 Checksum: | e735eba3e38ba4e18a22092b2233261b |
|
| /// File Name: |
psinjection-06_056.txt |
Description:
|
The P-Synch Windows domain password reset web applications style parameter allows JavaScript injection.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 1812 | | Last Modified: | Jul 11 10:24:35 2007 |
| MD5 Checksum: | 3e7ebc2ba727e8a635d76f0e70bd1136 |
|
| /// File Name: |
quickersite-xss.txt |
Description:
|
QuickerSite version 1.7.2 suffers from a cross site scripting vulnerability.
| | Author: | GeFORC3 | | Homepage: | http://WwW.GeFORC3.Org | | File Size: | 441 | | Last Modified: | Jul 18 06:28:04 2007 |
| MD5 Checksum: | 7a7720df07a35c5da1f6f61f9ede37af |
|
| /// File Name: |
rt-sa-2007-006.txt |
Description:
|
ActiveWeb Contentserver CMS versions 5.6.2929 and below suffer from a design flaw where it performs client side content filtering to restrict javascript insertion.
| | Homepage: | http://www.redteam-pentesting.de/ | | File Size: | 3872 | | Related CVE(s): | CVE-2007-3017 | | Last Modified: | Jul 14 00:22:13 2007 |
| MD5 Checksum: | 0ddb4bcd94e3a0f8bea6da9f484240bc |
|
| /// File Name: |
sa25354.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a security issue in Centennial Discovery, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25354/ | | File Size: | 2490 | | Last Modified: | Jul 24 02:06:33 2007 |
| MD5 Checksum: | ee507b1a01f5e48c2eb4c7190a273b5b |
|
| /// File Name: |
sa25374.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a security issue in Symantec Discovery, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25374/ | | File Size: | 2199 | | Last Modified: | Jul 24 02:06:33 2007 |
| MD5 Checksum: | c98a7c511b6b575cf13629b8164171e6 |
|
| /// File Name: |
sa25379.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a security issue in Numara Asset Manager, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25379/ | | File Size: | 2450 | | Last Modified: | Jul 24 02:06:33 2007 |
| MD5 Checksum: | 4c32595d2784a3958f3d5e0e87c9935c |
|
| /// File Name: |
sa25588.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25588/ | | File Size: | 9280 | | Last Modified: | Jul 24 02:06:33 2007 |
| MD5 Checksum: | 6363f6f165666e5f1c0c0f3bee94ba8c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
