Section: .. / 0701-advisories /
| /// File Name: |
sa23862.txt |
Description:
|
Secunia Security Advisory - porkythepig has discovered two vulnerabilities in Microsoft Help Workshop, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23862/ | | File Size: | 2695 | | Last Modified: | Jan 22 10:23:39 2007 |
| MD5 Checksum: | cbf6bbac6de3ab9f37f5a9ef0aae2514 |
|
| /// File Name: |
sa23863.txt |
Description:
|
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in ulogd.
| | Homepage: | http://secunia.com/advisories/23863/ | | File Size: | 2217 | | Last Modified: | Jan 22 10:23:39 2007 |
| MD5 Checksum: | fe4ee70fd2dbc3058df94784a96dac42 |
|
| /// File Name: |
sa23868.txt |
Description:
|
Secunia Security Advisory - Matthias Wenzel has reported a vulnerability in AVM Fritz!Box 7050, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23868/ | | File Size: | 2270 | | Last Modified: | Jan 22 10:23:39 2007 |
| MD5 Checksum: | 9a47d5c690b1aaa9b62a67d5f0350f38 |
|
| /// File Name: |
sa23870.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which have unknown impacts or can be exploited by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23870/ | | File Size: | 2600 | | Last Modified: | Jan 22 10:23:39 2007 |
| MD5 Checksum: | d5a601488360db7286504aaf64695d48 |
|
| /// File Name: |
RISE-2007001.txt |
Description:
|
The Apple Mac OS X 10.4.x kernel suffers from a memory corruption vulnerability in shared_region_map_file_np().
| | Author: | RISE Security | | Homepage: | http://www.risesecurity.org/ | | File Size: | 4092 | | Last Modified: | Jan 19 23:05:56 2007 |
| MD5 Checksum: | 1219ff1debc375c29fcff6e67f8505f6 |
|
| /// File Name: |
mhw-hpj.txt |
Description:
|
Microsoft Help Workshop is prone to stack based memory corruption vulnerability during processing (.HPJ) help project files. This vulnerability could be exploited to execute arbitrary code within the remote user context.
| | Author: | porkythepig | | Related Exploit: | hpj-x01.cpp | | File Size: | 7693 | | Last Modified: | Jan 19 23:01:19 2007 |
| MD5 Checksum: | 10e385a63f772a786eac3b5a0a126d62 |
|
| /// File Name: |
lds-18.txt |
Description:
|
A format string vulnerability has been discovered within BitDefender Client Professional Plus build 8.02.
| | Author: | Deral Heiland | | Homepage: | http://www.LayeredDefense.com | | File Size: | 1749 | | Last Modified: | Jan 19 22:51:24 2007 |
| MD5 Checksum: | 133280dc130ba6c0ed48e28b6f9afd8c |
|
| /// File Name: |
MDKSA-2007-023.txt |
Description:
|
Mandriva Linux Security Advisory - Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2876 | | Related CVE(s): | CVE-2007-0235 | | Last Modified: | Jan 19 22:42:29 2007 |
| MD5 Checksum: | 7816059ef8c1c6527a8a2d209fca1199 |
|
| /// File Name: |
MDKSA-2007-022.txt |
Description:
|
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13298 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:41:46 2007 |
| MD5 Checksum: | 2b10bfbfa6780f14a32f6897c897bad2 |
|
| /// File Name: |
MDKSA-2007-021.txt |
Description:
|
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3552 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:41:23 2007 |
| MD5 Checksum: | 2d0f8533ae35bd43147f0bbb00709b06 |
|
| /// File Name: |
MDKSA-2007-020.txt |
Description:
|
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4785 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:40:38 2007 |
| MD5 Checksum: | 23e158136694f8679874d5f1a214e74b |
|
| /// File Name: |
MDKSA-2007-019.txt |
Description:
|
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2980 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:39:44 2007 |
| MD5 Checksum: | dfb3c9b72fb6e229783449296053ebdf |
|
| /// File Name: |
MDKSA-2007-018.txt |
Description:
|
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9239 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:38:03 2007 |
| MD5 Checksum: | 69ae94aa93c138862434d5b655b9884b |
|
| /// File Name: |
SSRT071290.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP Jetdirect running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6137 | | Last Modified: | Jan 19 22:33:53 2007 |
| MD5 Checksum: | fed8320e215d7d4653023b9dc47b7404 |
|
| /// File Name: |
cisco-sa-20070118-certs.txt |
Description:
|
Cisco Security Advisory - The Cisco Security Monitoring, Analysis and Response System (CS-MARS) and the Cisco Adaptive Security Device Manager (ASDM) do not validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or Secure Shell (SSH) public keys presented by devices they are configured to connect to. Malicious users may be able to use this lack of certificate or public key validation to impersonate the devices that these affected products connect to, which could then be used to obtain sensitive information or misreport information.
| | Homepage: | http://www.cisco.com/ | | File Size: | 14521 | | Last Modified: | Jan 19 22:31:36 2007 |
| MD5 Checksum: | ded5a9321e1e23fedac2ad04811a8e2f |
|
| /// File Name: |
USN-410-1.txt |
Description:
|
Ubuntu Security Notice 410-1 - The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 64909 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:30:35 2007 |
| MD5 Checksum: | 0d13cbf8943c4ab18dd16154b4e34d5d |
|
| /// File Name: |
SSRT071296.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 9212 | | Last Modified: | Jan 19 20:53:35 2007 |
| MD5 Checksum: | dd704151be6181f79c1886b413b915c5 |
|
| /// File Name: |
SSRT061289.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running IPFilter in combination with PHNE_34474. The vulnerability could be exploited by a remote unauthorized user to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 7175 | | Last Modified: | Jan 19 20:53:03 2007 |
| MD5 Checksum: | da0124f2df8de6870a87d0ad1b624e30 |
|
| /// File Name: |
dsa-1250-1.txt |
Description:
|
Debian Security Advisory 1250-1 - It was discovered that cacti, a frontend to rrdtool, performs insufficient validation of data passed to the "cmd" script, which allows SQL injection and the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 2949 | | Related CVE(s): | CVE-2006-6799 | | Last Modified: | Jan 19 20:26:55 2007 |
| MD5 Checksum: | dc2bf06d9bd48296c0611d21fa444754 |
|
| /// File Name: |
TA07-017A.txt |
Description:
|
Technical Cyber Security Alert TA07-017A - Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 7135 | | Last Modified: | Jan 19 20:25:41 2007 |
| MD5 Checksum: | 328f37f91a4a0f569310a812317ad0c3 |
|
| /// File Name: |
ZDI-07-005.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java Virtual Machine (JVM). User interaction is required to exploit this vulnerability in that the target must visit a malicious website.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2916 | | Related CVE(s): | CVE-2007-0243 | | Last Modified: | Jan 19 20:16:45 2007 |
| MD5 Checksum: | 4be61731d61a0eeec39c080a33cbaeb7 |
|
| /// File Name: |
glsa-200701-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-12 - José Ramón Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize local pathnames which could allow server-side file content disclosure. Versions less than 1.2.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2677 | | Last Modified: | Jan 19 19:37:13 2007 |
| MD5 Checksum: | 6363c3536927f77a8df6cbd3523358aa |
|
| /// File Name: |
glsa-200701-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-11 - Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Versions less than 2.1.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2688 | | Last Modified: | Jan 19 19:36:54 2007 |
| MD5 Checksum: | a77646fe48b24d4a6757bc41bf1a949b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
