.:[ packet storm ]:. - http://packetstormsecurity.org/

Section: .. / 0706-advisories /

Page 4 of 8
<< 1 2 3 4 5 6 7 8 >> Files 75 - 100 of 180

Currently sorted by: File Size Sort By: File Name, Last Modified

/// File Name:	MDKSA-2007-112.txt
Description:	Mandriva Linux Security Advisory - Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
Homepage:	http://www.mandriva.com/security/
File Size:	5193
Related CVE(s):	CVE-2006-6172
Last Modified:	Jun 7 01:06:18 2007
MD5 Checksum:	031625c37cb4542b1e4d1782a2c52e11

/// File Name:	EEYE-Yahoo.txt
Description:	eEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x.
Author:	Greg Linares
Homepage:	http://www.eeye.com/
Related Exploit:	ym1.txt
File Size:	5124
Last Modified:	Jun 10 20:28:35 2007
MD5 Checksum:	8e62e5ea987627c89d6cf20460ac4e00

/// File Name:	MDKSA-2007-129.txt
Description:	Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.
Homepage:	http://www.mandriva.com/security/
File Size:	5087
Related CVE(s):	CVE-2007-2721
Last Modified:	Jun 21 14:48:31 2007
MD5 Checksum:	27478e8de46fe19cc20e9a1370670d80

/// File Name:	dsa-1313-1.txt
Description:	Debian Security Advisory 1313-1 - Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code.
Homepage:	http://www.debian.org/security
File Size:	4991
Related CVE(s):	CVE-2007-2948
Last Modified:	Jun 20 01:05:58 2007
MD5 Checksum:	87c7c2e84d54f3cccbadcc1604519ab1

/// File Name:	dsa-1317.txt
Description:	Debian Security Advisory 1317-1 - duskwave discovered that tinymux, a text-based multi-user virtual world server, performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitrary code.
Homepage:	http://www.debian.org/security
File Size:	4841
Related CVE(s):	CVE-2007-1655
Last Modified:	Jun 26 17:41:30 2007
MD5 Checksum:	e2639f7c9260ea07902f3721e4b1483d

/// File Name:	06.26.07-1.txt
Description:	iDefense Security Advisory 06.26.07 - Remote exploitation of a buffer overflow vulnerability within MIT Kerberos kadmind allows attackers to execute arbitrary code with the privileges of the running service, usually root. The vulnerability specifically exists within the code responsible for handling requests to rename principals. The rename_principal_2_svc function fails to properly bounds-check user-supplied data before copying it to a fixed-size stack buffer. The vulnerable code is shown below. iDefense confirmed the existence of this vulnerability within MIT Kerberos 1.5-21 as distributed with the Fedora CORE 6 Linux distribution. It has also been confirmed via source code review to exist in version 1.5.3 and version 1.6.1. All other distributions, as well as those for other computing platforms are suspected to be vulnerable.
Homepage:	http://www.idefense.com/
File Size:	4825
Related CVE(s):	CVE-2007-2798
Last Modified:	Jun 29 00:09:55 2007
MD5 Checksum:	0a3aed3cee081a68d9792187e97223c2

/// File Name:	secunia-symantecsmtp.txt
Description:	Secunia Research has discovered boundary errors in the detection of executable packers in libdayzero.dll as loaded by the Filter Hub (filter-hub.exe) of Symantec Mail Security for SMTP. The errors can be exploited to cause unhandled memory access violations causing the filter hub service to crash. Symantec Mail Security for SMTP 5.0 patch 176 is affected. Other versions may also be affected.
Author:	Dyon Balding
Homepage:	http://secunia.com/
File Size:	4823
Related CVE(s):	CVE-2007-1792
Last Modified:	Jun 29 01:32:34 2007
MD5 Checksum:	02195070799671305de88ef8d97b76ac

/// File Name:	MS07-034.txt
Description:	In Internet Explorer, using the mhtml: protocol handler and using Outlook Express's feature, arbitrary resources (such as HTML, image, application file and so on) can opened as MHTML formatted file and Content-Type: is disregarded.
Author:	Yosuke HASEGAWA
File Size:	4821
Related CVE(s):	CVE-2007-2225, CVE-2007-2227
Last Modified:	Jun 26 17:10:40 2007
MD5 Checksum:	168316744bd608455c87ac2a6ce49c80

/// File Name:	secunia-kvirc.txt
Description:	Secunia Research has discovered a vulnerability in KVIrc, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "parseIrcUrl()" function in src/kvirc/kernel/kvi_ircurl.cpp not properly sanitizing parts of the URI when building the command for KVIrc's internal script system. KVIrc version 3.2.0 is affected.
Author:	Stefan Cornelius
Homepage:	http://secunia.com/
File Size:	4798
Related CVE(s):	CVE-2007-2951
Last Modified:	Jun 29 01:34:09 2007
MD5 Checksum:	eca95b670072284214a381b3ab8bddcc

/// File Name:	MDKSA-2007-132.txt
Description:	Mandriva Linux Security Advisory - The 802.11 network stack in MadWifi prior to 0.9.3.1 would allow remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. The ath_beacon_config function in MadWifi prior to 0.9.3.1 would allow a remote attacker to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggered a divide-by-zero error. An array index error in MadWifi prior to 0.9.3.1 would allow a local user to cause a denial of service (system crash) and possibly obtain kerenl memory contents, as well as possibly allowing for the execution of arbitrary code via a large negative array index value.
Homepage:	http://www.mandriva.com/security/
File Size:	4763
Related CVE(s):	CVE-2007-2829, CVE-2007-2830, CVE-2007-2831
Last Modified:	Jun 26 16:01:21 2007
MD5 Checksum:	b4e3166d8c902f2cb37ff36e742f985d

/// File Name:	CAID-35395-35396.txt
Description:	CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code.
Author:	Ken Williams
Homepage:	http://www3.ca.com/
File Size:	4759
Related OSVDB(s):	35244,35245
Related CVE(s):	CVE-2007-2863, CVE-2007-2864
Last Modified:	Jun 10 19:43:37 2007
MD5 Checksum:	b0b744d6dbf393320f5a6f02b65b6ff2

/// File Name:	MDKSA-2007-128.txt
Description:	Mandriva Linux Security Advisory - Another integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code.
Homepage:	http://www.mandriva.com/security/
File Size:	4757
Related CVE(s):	CVE-2007-4168
Last Modified:	Jun 21 14:47:59 2007
MD5 Checksum:	9f94bb3a1ce4d69a493e5abdb771f595

/// File Name:	14070612.txt
Description:	The PHP parse_str() function suffers from an arbitrary variable overwrite issue.
Author:	DarkFig
Homepage:	http://www.acid-root.new.fr/
File Size:	4620
Last Modified:	Jun 12 20:59:09 2007
MD5 Checksum:	622737b30b530a515a1bc655121bc4e6

/// File Name:	TA07-177A.txt
Description:	Technical Cyber Security Alert TA07-177A - The MIT Kerberos 5 implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Homepage:	http://www.us-cert.gov/
File Size:	4551
Last Modified:	Jun 29 00:30:07 2007
MD5 Checksum:	ca9fd5b0f8f4670723d93824b634d7f2

/// File Name:	MDKSA-2007-118.txt
Description:	Mandriva Linux Security Advisory - An integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data.
Homepage:	http://www.mandriva.com/security/
File Size:	4460
Related CVE(s):	CVE-2007-2645
Last Modified:	Jun 10 20:29:11 2007
MD5 Checksum:	9946e9eb91dac34f27fc702ecae84120

/// File Name:	n.runs-SA-2007.015.txt
Description:	Various F-Secure products are susceptible to a remotely exploitable vulnerability when parsing FSG packed files.
Author:	Sergio Alvarez
Homepage:	http://www.nruns.com/
File Size:	4432
Last Modified:	Jun 7 00:48:31 2007
MD5 Checksum:	5608701576460cdd69327843b43d82dd

/// File Name:	n.runs-SA-2007.014.txt
Description:	Various F-Secure products are susceptible to a remotely exploitable vulnerability when parsing .ARJ files.
Author:	Sergio Alvarez
Homepage:	http://www.nruns.com/
File Size:	4426
Last Modified:	Jun 7 00:47:24 2007
MD5 Checksum:	6a339419df7f57a078f097b5b4137ce3

/// File Name:	SYM07-011.txt
Description:	Symantec Security Advisory - The administrator password for Symantec Reporting Server could be disclosed after a failed login attempt.
Author:	Mikka Korppi
Homepage:	http://www.symantec.com/
File Size:	4416
Related CVE(s):	CVE-2007-3022
Last Modified:	Jun 7 02:01:15 2007
MD5 Checksum:	741b37feba2991f52b7ae27def8b7fe0

/// File Name:	06.01.07-1.txt
Description:	iDefense Security Advisory 06.01.07 - Remote exploitation of an input validation vulnerability in VERITAS Software Corp.'s Storage Foundation 4.3 Enterprise Administration service could allow an unauthenticated attacker to consume excessive resources or crash the service. The vulnerability specifically exists in the handling of packets delivered to the VVR Administration service port, TCP/8199. iDefense Labs confirmed that VERITAS Storage Foundation for Windows version 4.3.01 is vulnerable. It is suspected that all previous versions of are vulnerable.
Author:	CIRT.DK
Homepage:	http://www.idefense.com/
File Size:	4261
Related CVE(s):	CVE-2007-1593
Last Modified:	Jun 6 18:40:26 2007
MD5 Checksum:	4e09b7abf51d6d258e9b4e8dbf3cf8ae

/// File Name:	06.07.07-1.txt
Description:	iDefense Security Advisory 06.07.07 - Local exploitation of an information disclosure vulnerability within the Linux Kernel allows attackers to obtain sensitive information from kernel memory. This vulnerability specifically exists in the "cpuset_tasks_read" function. This function is responsible for supplying user-land processes with data when they read from the /dev/cpuset/tasks file. iDefense has confirmed the existence of this vulnerability in version 2.6.20 of the Linux Kernel as installed with Fedora CORE 6. It is suspected that previous versions, at least until 2.6.12, are also vulnerable.
Homepage:	http://www.idefense.com/
File Size:	4221
Related CVE(s):	CVE-2007-2875
Last Modified:	Jun 10 20:27:07 2007
MD5 Checksum:	a7fd3925366c58795f3b1f852d06c23d

/// File Name:	SYM07-009.txt
Description:	Symantec Security Advisory - An authentication bypass, remote code execution vulnerability has been identified and resolved in the Symantec Storage Foundation for Windows v5.0 Volume Manager Scheduler Service. Successful exploitation could result in potential compromise of the targeted system.
Author:	3Com/ZDI
Homepage:	http://www.symantec.com/
File Size:	4155
Related CVE(s):	CVE-2007-2279
Last Modified:	Jun 7 00:34:05 2007
MD5 Checksum:	203315689e4b6fbbe1fdb17c63cacb16

/// File Name:	MDKSA-2007-113.txt
Description:	Mandriva Linux Security Advisory - A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials. A flaw in how mutt handled certain characters in gecos fields could lead to a buffer overflow. A local user able to give themselves a carefully crafted Real Name could potentially execute arbitrary code if a victim used mutt to expand the attacker's alias.
Homepage:	http://www.mandriva.com/security/
File Size:	4130
Related CVE(s):	CVE-2007-1558, CVE-2007-2683
Last Modified:	Jun 7 01:08:58 2007
MD5 Checksum:	44522efdf33254500a24afe3d7a65841

/// File Name:	TA07-163A.txt
Description:	Technical Cyber Security Alert TA07-163A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Windows Secure Channel, Internet Explorer, Win32 API, Windows Mail and Outlook Express. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Homepage:	http://www.us-cert.gov/
File Size:	4104
Last Modified:	Jun 12 21:25:48 2007
MD5 Checksum:	e1b9b39be2763f6b1f9ee8392e97d7be

/// File Name:	advisory-2007-06-29.txt
Description:	Google suffers from re-authentication a bypass vulnerability with the SID and LSID cookies.
Author:	Susam Pal
Homepage:	http://susam.in/
File Size:	4099
Last Modified:	Jun 29 01:41:06 2007
MD5 Checksum:	459a086c430c1baab2876351e11bca5f

/// File Name:	MDKSA-2007-110.txt
Description:	Mandriva Linux Security Advisory - A security hole was discovered in all versions of the PEAR Installer (http://pear.php.net/PEAR). The security hole is the most serious hole found to date in the PEAR Installer, and would allow a malicious package to install files anywhere in the filesystem. The vulnerability only affects users who are installing an intentionally created package with a malicious intent. Because the package is easily traced to its source, this is most likely to happen if a hacker were to compromise a PEAR channel server and alter a package to install a backdoor. In other words, it must be combined with other exploits to be a problem.
Homepage:	http://www.mandriva.com/security/
File Size:	4061
Related CVE(s):	CVE-2007-2519
Last Modified:	Jun 7 01:04:11 2007
MD5 Checksum:	f6ecbce3634caf15e62dd8912f2a1b76

/// Last 10 Files

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Advisories

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Exploits

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Tools

[ Last 20 | Last 50 | Last 100 ]

/// Last 10 Misc

[ Last 20 | Last 50 | Last 100 ]