Section: .. / 0802-advisories /
| /// File Name: |
cacti-multi.txt |
Description:
|
Multiple security vulnerabilities such as cross site scripting and SQL injection have been discovered in Cacti versions below 0.8.7b and 0.8.6k.
| | Homepage: | http://www.cacti.net/ | | File Size: | 669 | | Last Modified: | Feb 12 17:28:01 2008 |
| MD5 Checksum: | 3a8b3b4c8b4c09880037e614260f53d5 |
|
| /// File Name: |
checkpoint-disclose.txt |
Description:
|
Checkpoint SecuRemote/Secure Client NGX R60 for Windows VPN-1 suffers from an insecure credential storage vulnerability.
| | Author: | MN Vasquez | | File Size: | 3743 | | Last Modified: | Feb 7 20:22:52 2008 |
| MD5 Checksum: | e41bd165daeeb76fa9de608893a377ac |
|
| /// File Name: |
cisco-sa-20080213-cucmsql.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager is vulnerable to a SQL Injection attack in the parameter key of the admin and user interface pages. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12066 | | Related CVE(s): | CVE-2008-0026 | | Last Modified: | Feb 13 17:28:28 2008 |
| MD5 Checksum: | aeabd726ead2531bcf956ad4dc65f3a7 |
|
| /// File Name: |
ciscoval-bypass.txt |
Description:
|
Cisco has confirmed that their 7921 Wi-Fi VoIP phone is vulnerable to a bypass vulnerability where digital certificates are not verified.
| | Author: | George Ou | | Related File: | vocera-flaw.txt | | File Size: | 1381 | | Last Modified: | Feb 25 13:20:21 2008 |
| MD5 Checksum: | e703237a6234a63dc3a23f32e0382281 |
|
| /// File Name: |
CORE-2007-1218.txt |
Description:
|
Core Security Technologies Advisory - The MPlayer package is vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers. The vulnerability is due to MPlayer not properly sanitizing certain tags on a FLAC file before using them to index an array on the stack. This can be exploited to execute arbitrary commands by opening a specially crafted file.
| | Author: | Damian Frizza, Alfredo Ortego | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 6985 | | Related CVE(s): | CVE-2008-0486 | | Last Modified: | Feb 4 14:45:56 2008 |
| MD5 Checksum: | 34ecc4e332eabd9c69806ef8fe08163e |
|
| /// File Name: |
CORE-2008-122.txt |
Description:
|
Core Security Technologies Advisory - The MPlayer package is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused by the MPlayer libmpdemux ('demux_mov.c') library not properly sanitizing certain tags on a MOV file before using them to index an array on the heap. This can be exploited to execute arbitrary commands by opening a specially crafted file.
| | Author: | Felipe Manzano, Anibal Sacco | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 11006 | | Related CVE(s): | CVE-2008-0485 | | Last Modified: | Feb 4 14:45:07 2008 |
| MD5 Checksum: | 5ca3b71e53a087bd7778f56ea27ae12f |
|
| /// File Name: |
CVE-2007-5333.txt |
Description:
|
Apache Tomcat versions 4.1.0 through 4.1.36, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14 suffers from a cookie handling vulnerability that allows for session hi-jacking.
| | Homepage: | http://tomcat.apache.org/security.html | | File Size: | 1446 | | Related CVE(s): | CVE-2007-5333 | | Last Modified: | Feb 11 13:56:07 2008 |
| MD5 Checksum: | acbae294fbaccc1ba6298805f1302c65 |
|
| /// File Name: |
CVE-2007-6286.txt |
Description:
|
Apache Tomcat versions 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15 suffer from a duplicate request processing vulnerability.
| | Homepage: | http://tomcat.apache.org/security.html | | File Size: | 1183 | | Related CVE(s): | CVE-2007-6286 | | Last Modified: | Feb 11 13:56:58 2008 |
| MD5 Checksum: | 5747a91001a9756598a25e6ad2e7200e |
|
| /// File Name: |
cyanuro.txt |
Description:
|
The Opium OPI Server versions 4.10.1028 and below along with a large amount of cyanPrintIP products suffer from a format string vulnerability in ReportSysLogEvent as well as a server crash flaw.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | cyanuro.zip | | File Size: | 2754 | | Last Modified: | Feb 11 16:38:33 2008 |
| MD5 Checksum: | 77dd3ffbfa3f0b47980a7a287806cd06 |
|
| /// File Name: |
cybsec-dmcltrace.txt |
Description:
|
CYBSEC Security Advisory - An arbitrary file overwrite vulnerability exists in Documentum Administrator version 5.3.0.313 and Documentum Webtop version 5.3.0.317.
| | Author: | Pablo Gaston Milano | | Homepage: | http://www.cybsec.com/ | | File Size: | 3194 | | Last Modified: | Feb 5 21:59:41 2008 |
| MD5 Checksum: | 9a2676d44745cb034f65cd5ee372c2c7 |
|
| /// File Name: |
DOINGSOFT-ipdiva.txt |
Description:
|
The IPDiva VPNSSL versions 2.2.8.84 and below and 2.3.2.14 and below suffer from a brute force attack vulnerability where the retry limit is based on a value provided in the cookie.
| | Author: | eagle | | File Size: | 764 | | Last Modified: | Feb 14 19:28:15 2008 |
| MD5 Checksum: | 877661d95a1a6d8ea41129e33983ebd1 |
|
| /// File Name: |
DOINGSOFT-ipdivaxss.txt |
Description:
|
The IPDiva VPNSSL versions 2.2.8.84 and below and 2.3.2.14 and below suffer from a cross site scripting vulnerability.
| | Author: | eagle | | File Size: | 508 | | Last Modified: | Feb 14 19:29:23 2008 |
| MD5 Checksum: | ad766bfb4d5a67c2e759aa67598cca8e |
|
| /// File Name: |
dsa-1480-1.txt |
Description:
|
Debian Security Advisory 1480-1 - Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened.
| | Homepage: | http://www.debian.org/security | | File Size: | 14473 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Feb 5 21:47:17 2008 |
| MD5 Checksum: | c30ee030a44ee251528b284774f55794 |
|
| /// File Name: |
dsa-1481-1.txt |
Description:
|
Debian Security Advisory 1481-1 - It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework may lead to denial of service by deleting files through malicious session IDs in cookies.
| | Homepage: | http://www.debian.org/security | | File Size: | 2980 | | Related CVE(s): | CVE-2008-0252 | | Last Modified: | Feb 5 21:48:07 2008 |
| MD5 Checksum: | c892b173a73627b6db8d47fb2e6f4e00 |
|
| /// File Name: |
dsa-1482-1.txt |
Description:
|
Debian Security Advisory 1482-1 - It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 8655 | | Related CVE(s): | CVE-2007-6239 | | Last Modified: | Feb 5 21:48:41 2008 |
| MD5 Checksum: | 62dd97be9f8d1a3bf87006f6340b12c3 |
|
| /// File Name: |
dsa-1483-1.txt |
Description:
|
Debian Security Advisory 1483-1 - The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
| | Homepage: | http://www.debian.org/security | | File Size: | 11204 | | Related CVE(s): | CVE-2007-5846 | | Last Modified: | Feb 6 16:44:28 2008 |
| MD5 Checksum: | 4d7aaaa50c6883af98328e3d067c37e3 |
|
| /// File Name: |
dsa-1484-1.txt |
Description:
|
Debian Security Advisory 1484-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. These allow for arbitrary code execution, privilege escalation, and more.
| | Homepage: | http://www.debian.org/security | | File Size: | 33756 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Feb 11 14:07:00 2008 |
| MD5 Checksum: | 46ed13a4fffcd239a28416ba21d88b3d |
|
| /// File Name: |
dsa-1485-1.txt |
Description:
|
Debian Security Advisory 1485-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. These allow for arbitrary code execution, privilege escalation, and more.
| | Homepage: | http://www.debian.org/security | | File Size: | 21696 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Feb 11 14:08:03 2008 |
| MD5 Checksum: | 9808eaa5313f5ec83f43e95ae08ab838 |
|
| /// File Name: |
dsa-1486-1.txt |
Description:
|
Debian Security Advisory 1486-1 - "r0t" discovered that gnatsweb, a web interface to GNU GNATS, did not correctly sanitize the database parameter in the main CGI script. This could allow the injection of arbitrary HTML, or javascript code.
| | Homepage: | http://www.debian.org/security | | File Size: | 2757 | | Related CVE(s): | CVE-2007-2808 | | Last Modified: | Feb 5 21:46:33 2008 |
| MD5 Checksum: | f36608eac991fabb094dc213772dd815 |
|
| /// File Name: |
dsa-1487-1.txt |
Description:
|
Debian Security Advisory 1487-1 - Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed image.
| | Homepage: | http://www.debian.org/security | | File Size: | 11366 | | Related CVE(s): | CVE-2007-2645, CVE-2007-6351, CVE-2007-6352 | | Last Modified: | Feb 8 17:27:50 2008 |
| MD5 Checksum: | 81af98f9648733bc1b0b12b3e6769280 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
