Section: .. / 0907-advisories /
| /// File Name: |
07.14.09-1.txt |
Description:
|
iDefense Security Advisory 07.14.09 - Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.'s Embedded OpenType Font Engine (T2EMBED.DLL) could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a malicious OpenType Font, an integer truncation issue can occur on a specific length value. This can result in a large overwrite of the heap using attacker controlled data. The attacker may gain arbitrary execution control by overwriting specific data structures on the heap, such as an object virtual function table. iDefense has confirmed the existence of this vulnerability in the Embedded OpenType Font Engine for Windows Vista SP1 (T2EMBED.DLL version 6.0.6001.18000) and Windows XP SP3 (T2EMBED.DLL version 5.1.2600.5512). Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 6053 | | Related CVE(s): | CVE-2009-0231 | | Last Modified: | Jul 16 17:15:33 2009 |
| MD5 Checksum: | 779aa063fcc7380f50da5a7045798bbc |
|
| /// File Name: |
07.14.09-2.txt |
Description:
|
iDefense Security Advisory 07.14.09 - Remote exploitation of an arbitrary pointer dereference vulnerability in version 2007 of Microsoft Corp.'s Publisher could allow an attacker to execute arbitrary code as the user running Publisher. This vulnerability exists in PUBCONV.DLL module in Microsoft Publisher 2007. PUBCONV.DLL module is responsible for converting legacy format Publisher files (.pub) created by older version of Publisher into the Publisher 2007 format. A programming error causes that module to dereference the arbitrary attacker-controlled value as the address of a table of function pointers. This vulnerability allows attackers to execute arbitrary code on the victim's system. iDefense confirmed PUBCONV.DLL (version 12.0.6311.5000) in Microsoft Office Publisher 2007 is vulnerable. Microsoft Office Publisher 2000, 2002 and 2003 do not appear to be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4197 | | Related CVE(s): | CVE-2009-0566 | | Last Modified: | Jul 17 14:46:28 2009 |
| MD5 Checksum: | 4caa57c0bde30d5bf9b191fac39d26a0 |
|
| /// File Name: |
akamaidm-activex.txt |
Description:
|
Akamai has become aware of a security vulnerability within the Akamai Download Manager up to and including version 2.2.4.7 of the ActiveX control. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user.
| | Homepage: | http://www.akamai.com/ | | File Size: | 4176 | | Last Modified: | Jul 22 18:51:19 2009 |
| MD5 Checksum: | dc97407f6a6b58c6c2b4c20154d85594 |
|
| /// File Name: |
americasarmy-loop.txt |
Description:
|
America's Army 3 versions 3.0.5 and below suffer from an endless packet looping vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | udpsz.zip | | File Size: | 3218 | | Last Modified: | Jul 14 15:31:50 2009 |
| MD5 Checksum: | f4b24aaf06b3ffa6553e8a4b95d60f18 |
|
| /// File Name: |
artofdefence-dos.txt |
Description:
|
The Artofdefence Hyperguard Web Application Firewall versions 3.1.1-11637 and below, 3.0.3-11636 and below, and 2.5.5-11635 and below suffer from a remote denial of service vulnerability.
| | Author: | Lukas Nothdurfter,Michael Kirchner,Wolfgang Neudorfer | | File Size: | 2700 | | Last Modified: | Jul 1 13:06:07 2009 |
| MD5 Checksum: | c82e403831376dc400bcb51f15e21199 |
|
| /// File Name: |
Bkis-10-2009.txt |
Description:
|
Photo DVD Maker Professional versions 8.02 and below suffer from a buffer overflow vulnerability.
| | Author: | SVRT | | Homepage: | http://security.bkis.vn/ | | File Size: | 1653 | | Last Modified: | Jul 6 14:52:48 2009 |
| MD5 Checksum: | ac1d229a9147b937f050f2ae013df492 |
|
| /// File Name: |
bugzilla-bypass.txt |
Description:
|
Bugzilla versions 3.1.1 through 3.2.3 and 3.3.1 through 3.3.4 suffer from an unauthorized bug change vulnerability.
| | Homepage: | http://www.bugzilla.org/ | | File Size: | 1966 | | Last Modified: | Jul 9 19:45:39 2009 |
| MD5 Checksum: | 76d1b56fe3a88281d64aa1292cc1a924 |
|
| /// File Name: |
cisco-sa-20090715-uccx.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Contact Center Express (Cisco Unified CCX) server contains both a directory traversal vulnerability and a script injection vulnerability in the administration pages of the Customer Response Solutions (CRS) and Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) products. Exploitation of these vulnerabilities could result in a denial of service condition, information disclosure, or a privilege escalation attack.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12926 | | Related CVE(s): | CVE-2009-2047, CVE-2009-2048 | | Last Modified: | Jul 16 17:12:44 2009 |
| MD5 Checksum: | 4f86e850b9a893fbe6fa930ec1a9e551 |
|
| /// File Name: |
cisco-sa-20090728-activex.txt |
Description:
|
Cisco Security Advisory - Certain Cisco products that use Microsoft Active Template Libraries (ATL) and headers may be vulnerable to remote code execution. In some instances, the vulnerability may be exploited against Microsoft Internet Explorer to perform kill bit bypass. In order to exploit this vulnerability, an attacker must convince a user to visit a malicious web site. Cisco will release free software updates for products that are affected by this vulnerability. Workarounds that mitigate this vulnerability are available.
| | Homepage: | http://www.cisco.com/ | | File Size: | 10827 | | Last Modified: | Jul 28 15:28:27 2009 |
| MD5 Checksum: | a68fb5ecbbb4f3801a241a33b4c0e7a7 |
|
| /// File Name: |
cisco-sa-20090729-bgp.txt |
Description:
|
Cisco Security Advisory - Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates. These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured. The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems. The second vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue.
| | Homepage: | http://www.cisco.com/ | | File Size: | 53763 | | Related CVE(s): | CVE-2009-1168, CVE-2009-2049 | | Last Modified: | Jul 30 11:40:53 2009 |
| MD5 Checksum: | 60221c86e9e529b6fdbbbb617369cc1a |
|
| /// File Name: |
clubmahindra-sql.txt |
Description:
|
The Indian portal at www.clubmahindra.com suffers from a remote SQL injection vulnerability. This has been posted after the author has exhausted efforts attempting to get the site to fix the issue.
| | Author: | Arvind Kumar,Dhawal Desai,Jaydeep Dave,Rohit Bansal | | File Size: | 4116 | | Last Modified: | Jul 7 13:28:23 2009 |
| MD5 Checksum: | 0fd10dfc75e35b2b2439ff671b0f4f28 |
|
| /// File Name: |
DDIVRT-2009-26.txt |
Description:
|
The login screen of the LogRover web interface is vulnerable to a SQL Injection which can allow remote attackers to login to the system via an authentication bypass. Version 2.3 for Windows XP is affected.
| | Author: | Geoff Humes,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 794 | | Last Modified: | Jul 13 14:13:35 2009 |
| MD5 Checksum: | fc9466d2f2152310983fd8cd729634fd |
|
| /// File Name: |
dsa-1813-2.txt |
Description:
|
Debian Security Advisory 1813-2 - The previous update introduced a regression that stopped encrypted and signed S/MIME messages to work properly. Also, there have been other regressions caused by the introduction of an undefined symbol. This update corrects these flaws. Several vulnerabilities have been found in evolution-data-server, the database backend server for the evolution groupware suite.
| | Homepage: | http://www.debian.org/security | | File Size: | 102664 | | Related CVE(s): | CVE-2009-0587, CVE-2009-0547, CVE-2009-0582 | | Last Modified: | Jul 22 16:36:43 2009 |
| MD5 Checksum: | 577c6a5fa9572fc09ea1e0254dfee89d |
|
| /// File Name: |
dsa-1825-1.txt |
Description:
|
Debian Security Advisory 1825-1 - It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
| | Homepage: | http://www.debian.org/security | | File Size: | 12565 | | Related CVE(s): | CVE-2009-2288 | | Last Modified: | Jul 6 13:30:47 2009 |
| MD5 Checksum: | 72e480bae243f144b9c0cfcc9c35d731 |
|
| /// File Name: |
dsa-1827-1.txt |
Description:
|
Debian Security Advisory 1827-1 - It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 3135 | | Related CVE(s): | CVE-2009-1732 | | Last Modified: | Jul 6 13:31:29 2009 |
| MD5 Checksum: | 65e94732d7850099f3b6a3821705ba7e |
|
| /// File Name: |
dsa-1828-1.txt |
Description:
|
Debian Security Advisory 1828-1 - It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory (/ in this case) is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute arbitrary code via a crafted ocsinventory-agent perl module placed on the system.
| | Homepage: | http://www.debian.org/security | | File Size: | 3656 | | Related CVE(s): | CVE-2009-0667 | | Last Modified: | Jul 7 13:45:23 2009 |
| MD5 Checksum: | 092721f04497131c9ca0ea29e5dc3133 |
|
| /// File Name: |
dsa-1829-1.txt |
Description:
|
Debian Security Advisory 1829-1 - It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 4122 | | Related CVE(s): | CVE-2009-2360 | | Last Modified: | Jul 13 11:44:40 2009 |
| MD5 Checksum: | 349702c70f36e3cfd5765ac6119b70e7 |
|
| /// File Name: |
dsa-1829-2.txt |
Description:
|
Debian Security Advisory 1829-2 - The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 4583 | | Related CVE(s): | CVE-2009-2360 | | Last Modified: | Jul 14 14:36:34 2009 |
| MD5 Checksum: | b881031aea974e2a0b897e090b1376e7 |
|
| /// File Name: |
dsa-1830-1.txt |
Description:
|
Debian Security Advisory 1830-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.
| | Homepage: | http://www.debian.org/security | | File Size: | 15502 | | Related CVE(s): | CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-1302, CVE-2009-1303, CVE-2009-1307, CVE-2009-1832, CVE-2009-1392, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841 | | Last Modified: | Jul 13 11:45:47 2009 |
| MD5 Checksum: | 3d65362c1f3925b631feb50cdfab2cc1 |
|
| /// File Name: |
dsa-1831-1.txt |
Description:
|
Debian Security Advisory 1831-1 - Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain Name System server, does not constrain offsets in the required manner, which allows remote attackers with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.
| | Homepage: | http://www.debian.org/security | | File Size: | 7395 | | Related CVE(s): | CVE-2009-0858 | | Last Modified: | Jul 13 20:44:30 2009 |
| MD5 Checksum: | a740394b39782ba30639f38fcce446b9 |
|
| /// File Name: |
dsa-1832-1.txt |
Description:
|
Debian Security Advisory 1832-1 - Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.
| | Homepage: | http://www.debian.org/security | | File Size: | 11982 | | Related CVE(s): | CVE-2009-2295 | | Last Modified: | Jul 13 20:44:46 2009 |
| MD5 Checksum: | 59a241891b9038baa77dad80559342d0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
