Section: .. / 0803-advisories /
| /// File Name: |
acronis-null.txt |
Description:
|
Acronis True Image Windows Agent versions 1.0.0.54 and below suffer from a null pointer vulnerability. Put ??????? in a file and nc SERVER 9876 -v -v < file.txt to test for a demonstration of the vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 1951 | | Last Modified: | Mar 12 22:59:39 2008 |
| MD5 Checksum: | 9247c779480d007e0ae9c58d8c9367c1 |
|
| /// File Name: |
sa29497.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for bzip2. This fixes a vulnerability with unknown impact.
| | Homepage: | http://secunia.com/advisories/29497/ | | File Size: | 1940 | | Last Modified: | Mar 24 17:02:56 2008 |
| MD5 Checksum: | 72e0846d6f8affc984fe07f0178ca13d |
|
| /// File Name: |
zabbix-dos.txt |
Description:
|
Zabbix is susceptible to a resource consumption denial of service vulnerability when the zabbix_agentd is told to checksum a device (like /dev/urandom, etc).
| | Author: | Milen Rangelov | | File Size: | 1810 | | Last Modified: | Mar 13 16:40:36 2008 |
| MD5 Checksum: | 6ec48b5583f2b94e763b3972da82b95f |
|
| /// File Name: |
tftpx.txt |
Description:
|
Argon Client Management Services versions 1.31 and below suffer from a directory traversal vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | tftpx.zip | | File Size: | 1787 | | Last Modified: | Mar 12 23:21:17 2008 |
| MD5 Checksum: | e7a43b55e2c7a3ac47c2d1acb831da28 |
|
| /// File Name: |
squidanalysis-overflow.txt |
Description:
|
The Squid Analysis Report Generator versions 2.2.3.1 and below suffer from a buffer overflow vulnerability.
| | Author: | L4teral | | File Size: | 1652 | | Last Modified: | Mar 3 15:58:46 2008 |
| MD5 Checksum: | b8962681d2e28a0e946420554052fe51 |
|
| /// File Name: |
bootmanage-overflow.txt |
Description:
|
BootManage TFTPD versions 1.99 and below suffer from a buffer overflow vulnerability. To use the related exploit, run tftpx -f SERVER 2000 none.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | tftpx.zip | | File Size: | 1627 | | Last Modified: | Mar 17 15:47:19 2008 |
| MD5 Checksum: | ec3d22b978868311c4c9c27de4760793 |
|
| /// File Name: |
TPTI-08-03.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed tag a heap allocation can be adversely controlled. When user supplied data is copied to a heap buffer the resulting data results in a arbitrary memory overwrite. If successfully exploited this could lead to system compromise under the credentials of the currently logged in user.
| | Author: | Cody Pierce | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 1613 | | Related CVE(s): | CVE-2008-0116 | | Last Modified: | Mar 13 00:47:20 2008 |
| MD5 Checksum: | 7d12530a43a2ce9e769aa39d05521eb2 |
|
| /// File Name: |
realplayer-activex.txt |
Description:
|
The Real Networks RealPlayer ActiveX controller appears to suffer from a heap corruption vulnerability.
| | Author: | Elazar Broad | | File Size: | 1605 | | Last Modified: | Mar 12 20:28:29 2008 |
| MD5 Checksum: | e3deff0c9f224a77d42d8d83eb5fec3a |
|
| /// File Name: |
f5console-xss.txt |
Description:
|
The F5 BIG-IP web management console is susceptible to a persistent cross site scripting vulnerability.
| | Author: | nnposter | | File Size: | 1289 | | Last Modified: | Mar 12 20:21:40 2008 |
| MD5 Checksum: | a88f29039406b76fe930de6bdcb83863 |
|
| /// File Name: |
DDIVRT-2008-10.txt |
Description:
|
The PacketTrap PT360 Tool Suite version 1.1.33.1.0 TFTP server component is vulnerable to directory traversal attacks.
| | Author: | princeofnigeria | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1288 | | Last Modified: | Mar 3 17:37:18 2008 |
| MD5 Checksum: | 63a7c1cb6dc3594d286903361f7179b7 |
|
| /// File Name: |
lks-format.txt |
Description:
|
It appears that the Linux Kiss Server version 1.2 suffers from a format string vulnerability.
| | Author: | vashnukad | | Homepage: | http://www.vashnukad.com/ | | File Size: | 1200 | | Last Modified: | Mar 12 16:16:44 2008 |
| MD5 Checksum: | a3da915d25b378b059a7c7768a83c088 |
|
| /// File Name: |
DDIVRT-2008-09.txt |
Description:
|
The PacketTrap PT360 Tool Suite version 1.1.33.1.0 TFTP server component is vulnerable to a denial of service condition.
| | Author: | princeofnigeria | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1175 | | Last Modified: | Mar 3 17:37:51 2008 |
| MD5 Checksum: | 62d0c7485cdd2e557993698fd84e1921 |
|
| /// File Name: |
f5log-xss.txt |
Description:
|
The F5 BIG-IP web management interface suffers from a persistent cross site scripting vulnerability in the audit log facility. Version 9.4.3 has been identified as vulnerable and other versions may also be affected.
| | Author: | nnposter | | File Size: | 1100 | | Last Modified: | Mar 24 17:26:45 2008 |
| MD5 Checksum: | 4cf953318d916fd1c300b49c7bc8f8a5 |
|
| /// File Name: |
ie-spoof.txt |
Description:
|
It appears that Internet Explorer 7 may have an address bar spoofing vulnerability.
| | Author: | Juan Pablo Lopez Yacubian | | File Size: | 1099 | | Last Modified: | Mar 28 17:17:52 2008 |
| MD5 Checksum: | a2a9fcbc095113cb1345ed904bad851c |
|
| /// File Name: |
ircu-dos.txt |
Description:
|
ircu versions 2.10.12.12 and below and snircd versions 1.3.4 and below suffer from a denial of service vulnerability.
| | Author: | Chris Porter | | Homepage: | http://www.warp13.co.uk/ | | File Size: | 1020 | | Last Modified: | Mar 24 18:33:19 2008 |
| MD5 Checksum: | 74d2996986b18fd1e9cac7b0f213165a |
|
| /// File Name: |
jdk-overflow.txt |
Description:
|
A couple more JPEG ICC parsing bugs were fixed in the latest JDK updates. Link to a malicious JPEG included.
| | Author: | Chris Evans | | File Size: | 1009 | | Last Modified: | Mar 12 16:32:56 2008 |
| MD5 Checksum: | 6ebec7c73d336738ee4a30a00c038842 |
|
| /// File Name: |
vlc-stillbroked.txt |
Description:
|
The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is still unchecked.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | vlcboffs.zip | | File Size: | 607 | | Last Modified: | Mar 17 15:44:30 2008 |
| MD5 Checksum: | e946b5b2d991e495d3526244567d4009 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
