Section: .. / 0703-advisories /
| /// File Name: |
glsa-200703-28.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-28 - CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection never times out. Versions less than 1.2.9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2581 | | Related CVE(s): | CVE-2007-0720 | | Last Modified: | Apr 3 00:52:04 2007 |
| MD5 Checksum: | 920c2983777a8f7036265decde3d43a8 |
|
| /// File Name: |
glsa-200703-27.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-27 - Squid incorrectly handles TRACE requests that contain a Max-Forwards header field with value 0 in the clientProcessRequest() function. Versions less than 2.6.12 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2430 | | Related CVE(s): | CVE-2007-1560 | | Last Modified: | Apr 3 00:51:34 2007 |
| MD5 Checksum: | 040a5cb09700e4437e32bb0daf91150b |
|
| /// File Name: |
TSRT-07-03.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of America Online with Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected software is America Online 9.0 Security Edition.
| | Author: | Cody Pierce | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2659 | | Related CVE(s): | CVE-2006-5820 | | Last Modified: | Apr 3 00:33:39 2007 |
| MD5 Checksum: | feed154481807e4597344131ae4096a8 |
|
| /// File Name: |
glsa-200703-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-26 - Jean-Sébastien Guay-Leroux reported an integer underflow in file_printf function. Versions less than 4.20 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2685 | | Related CVE(s): | CVE-2007-1536 | | Last Modified: | Apr 3 00:32:06 2007 |
| MD5 Checksum: | 64096e81725c67cc104d16cbc9963279 |
|
| /// File Name: |
TA07-089A.txt |
Description:
|
Technical Cyber Security Alert TA07-089A - A stack buffer overflow exists in the code that Microsoft Windows uses to processes animated cursor files. Specifically, Microsoft Windows fails to properly validate the size of an animated cursor file header supplied in animated cursor files. Animated cursor files can be included with HTML files. For instance, a web site can use an animated cursor file to specify the icon that the mouse pointer should use when hovering over a hyperlink. Because of this, malicious web pages and HTML email messages can be used to exploit this vulnerability. In addition, animated cursor files are automatically parsed by Windows Explorer when the containing folder is opened or the file is used as a cursor. Because of this, opening a folder that contains a specially crafted animated cursor file will also trigger this vulnerability. Note that Windows Explorer will process animated cursor files with several different file extensions, such as .ani, .cur, or .ico. Furthermore, Windows will automatically render animated cursor files referenced by HTML documents regardless of the animated cursor file extension. This vulnerability is actively being exploited.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4346 | | Last Modified: | Apr 3 00:28:13 2007 |
| MD5 Checksum: | 83545faadfb01d5347176a9c86e57d39 |
|
| /// File Name: |
shk-004.txt |
Description:
|
Computer Associates (CA) Brightstor Backup suffers from a remote code execution vulnerability in Mediasvr.exe.
| | Author: | M. Shirk | | Homepage: | zhttp://www.shirkdog.us/ | | File Size: | 2097 | | Last Modified: | Apr 2 23:48:21 2007 |
| MD5 Checksum: | 80804597ada65b6b15b178e9a5717a62 |
|
| /// File Name: |
MDKSA-2007-073.txt |
Description:
|
Mandriva Linux Security Advisory - Stack-based buffer overflow in the StarCalc parser in OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary code via a crafted document. OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 21570 | | Related CVE(s): | CVE-2007-0238, CVE-2007-0239 | | Last Modified: | Apr 2 23:43:55 2007 |
| MD5 Checksum: | cc4084a02836a4fc46679d725b688a54 |
|
| /// File Name: |
glsa-200703-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-25 - Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Versions less than 2.0.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2441 | | Related CVE(s): | CVE-2007-1006 | | Last Modified: | Apr 2 23:32:46 2007 |
| MD5 Checksum: | 1a13357f18a2b83fc477cd9fed9c8807 |
|
| /// File Name: |
MDKSA-2007-072.txt |
Description:
|
Mandriva Linux Security Advisory - The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5071 | | Related CVE(s): | CVE-2007-1564 | | Last Modified: | Apr 2 23:32:36 2007 |
| MD5 Checksum: | e80664e938b846e1b7aa9f3fb3ee6d61 |
|
| /// File Name: |
MDKSA-2007-071.txt |
Description:
|
Mandriva Linux Security Advisory - Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack- based buffer overflow.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4030 | | Related CVE(s): | CVE-2007-0653, CVE-2007-0654 | | Last Modified: | Apr 2 23:32:09 2007 |
| MD5 Checksum: | 342b18e956fca5df199d1e16e3964f76 |
|
| /// File Name: |
03.29.07-1.txt |
Description:
|
iDefense Security Advisory 03.29.07 - Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus Sametime allows attackers to execute arbitrary code in the context of the user viewing a malicious web page. The problem specifically exists in the STJNILoader.ocx component of IBM Corp.'s Lotus Sametime product. This ActiveX control is safe for scripting and exports a LoadLibrary function that does not properly sanitize input. iDefense has confirmed that this vulnerability is present in IBM Corp.'s Lotus Sametime STJNILoader.ocx version 3.1.0.26.
| | Author: | Andrew Christensen | | Homepage: | http://www.idefense.com/ | | File Size: | 4033 | | Last Modified: | Apr 2 23:28:54 2007 |
| MD5 Checksum: | d2a6b72234e867756deaf189de4faed8 |
|
| /// File Name: |
aol-dos.txt |
Description:
|
AOL has recently been made aware of a denial of service condition that exists in early versions of the AOL 9.0 client software.
| | Author: | Justin Seitz | | File Size: | 1027 | | Last Modified: | Apr 2 23:22:03 2007 |
| MD5 Checksum: | 0711cb74c450ea2d89b5fb1cc01a6f05 |
|
| /// File Name: |
USN-447-1.txt |
Description:
|
Ubuntu Security Notice 447-1 - It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11882 | | Related CVE(s): | CVE-2007-1308, CVE-2007-1564 | | Last Modified: | Apr 2 23:03:12 2007 |
| MD5 Checksum: | 24a78c76fde9f65c539db7fd0c570fe4 |
|
| /// File Name: |
sa24707.txt |
Description:
|
Secunia Security Advisory - yearsilent has reported a security issue in ManageEngine Firewall Analyzer, which can be exploited by malicious users to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/24707/ | | File Size: | 2166 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | 0455ac8ff90ab963279b4147f0f9fd37 |
|
| /// File Name: |
sa24703.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Sun Solaris and Sun Java Enterprise System, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24703/ | | File Size: | 2496 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | f545428c6f5ae933258c224026334cb8 |
|
| /// File Name: |
sa24702.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Flyspray, which can be exploited by malicious people to bypass certain security restrictions and to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/24702/ | | File Size: | 2593 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | 73df744c8860fa3e2b9f52a82405fff9 |
|
| /// File Name: |
sa24696.txt |
Description:
|
Secunia Security Advisory - ThE dE@Th has discovered several vulnerabilities in Kaqoo Auction Software Free Edition, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24696/ | | File Size: | 3386 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | e7a9aef069e642a04e32d111941573e8 |
|
| /// File Name: |
sa24695.txt |
Description:
|
Secunia Security Advisory - Zeni Susanto has discovered a vulnerability in Advanced Login, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24695/ | | File Size: | 2378 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | 052666f3ea08f692c100499d237bee37 |
|
| /// File Name: |
sa24693.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Hitachi products, which can be exploited by malicious users to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/24693/ | | File Size: | 2664 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | 9992b1acc9b865ce6b728e857e2d8d28 |
|
| /// File Name: |
sa24691.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Minna De Office, which can be exploited by malicious users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24691/ | | File Size: | 2286 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | b9f0b8026fed94d2db9a73c3f49216fc |
|
| /// File Name: |
sa24687.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in LDAP Account Manager, which can be exploited by malicious users to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/24687/ | | File Size: | 2305 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | 4dde6fe9a9be7558e1e9b9c7f337f220 |
|
| /// File Name: |
sa24684.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/HiCommand products, which can be exploited by malicious, local users to disclose certain sensitive information.
| | Homepage: | http://secunia.com/advisories/24684/ | | File Size: | 2811 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | 8002a5b2e558b5dba061b6af00aeae1d |
|
| /// File Name: |
sa24682.txt |
Description:
|
Secunia Security Advisory - M. Shirk has discovered a vulnerability in BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24682/ | | File Size: | 2503 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | 7a6189f3c6a914f0c44c41123a1e06d0 |
|
| /// File Name: |
sa24681.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in MailDwarf, which can be exploited by malicious people to conduct cross-site scripting attacks and to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24681/ | | File Size: | 2457 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | b11c18a7306d002c1d71198135304927 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
