Section: .. / 0707-advisories /
| /// File Name: |
shatter-mdsysmd.txt |
Description:
|
Team SHATTER Security Alert - The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2277 | | Related CVE(s): | CVE-2007-0272 | | Last Modified: | Jul 19 05:42:37 2007 |
| MD5 Checksum: | afba5f5746af8553dd304410e1145eb9 |
|
| /// File Name: |
sitescape-xss.txt |
Description:
|
SiteScape Forum versions below 7.3 suffer form a cross site scripting vulnerability.
| | Author: | Marc Ruef | | Homepage: | http://www.scip.ch/ | | File Size: | 4040 | | Last Modified: | Jul 17 08:26:40 2007 |
| MD5 Checksum: | 8f91255d47204d82c9642d4331c95b49 |
|
| /// File Name: |
SSRT071404.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with an ActiveX control in HP Instant Support - Driver Check running on Microsoft Windows. The vulnerability could be remotely exploited to allow unauthorized access to the system.
| | Homepage: | http://www.hp.com | | File Size: | 5974 | | Last Modified: | Jul 7 06:46:00 2007 |
| MD5 Checksum: | 5a58a8137d152ef755d359053c0b857c |
|
| /// File Name: |
SSRT071424-1.txt |
Description:
|
HP Security Bulletin - Potential vulnerabilities have been identified with Samba provided with HP Internet Express for Tru64 UNIX (IX) v 6.6. The potential vulnerabilities could be exploited by a remote, unauthenticated user to execute arbitrary commands or by a local, unauthorized user to gain privilege elevation.
| | Homepage: | http://www.hp.com/ | | File Size: | 6153 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | Jul 11 09:05:36 2007 |
| MD5 Checksum: | 0991bc3f4f0c48427f55531db4ac65ea |
|
| /// File Name: |
SSRT071435.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard for Linux. The vulnerability could be exploited to allow local unauthorized access or to increase privilege.
| | Homepage: | http://www.hp.com/ | | File Size: | 6502 | | Last Modified: | Jul 17 09:33:04 2007 |
| MD5 Checksum: | d92949bba66c79c4205e176e791036a1 |
|
| /// File Name: |
SSRT071446.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA.
| | Homepage: | http://www.hp.com/ | | File Size: | 9851 | | Last Modified: | Jul 24 05:30:55 2007 |
| MD5 Checksum: | c3ac779fb88e5e90a6596af79e694299 |
|
| /// File Name: |
statcounter-xss.txt |
Description:
|
StatCounter.com suffers from cross site scripting vulnerabilities due to completely trusting the user supplied HTTP referrer field.
| | Author: | Matteo Carli | | Homepage: | http://www.matteocarli.com/ | | File Size: | 3437 | | Last Modified: | Jul 24 05:03:08 2007 |
| MD5 Checksum: | cc29a79d825f6a82471c5aa4d477acc2 |
|
| /// File Name: |
SYMSA-2007-005.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-005 - Due to an implementation issue, the Windows Firewall does not apply firewall rules correctly on the Teredo Interface. This allows a level of remote access to TCP and UDP ports and services that exceeds what Microsoft expected and what an administrator would expect.
| | Author: | Jim Hoagland, Ollie Whitehouse | | Homepage: | http://www.symantec.com/research | | File Size: | 7139 | | Related CVE(s): | CVE-2007-3038 | | Last Modified: | Jul 11 08:08:12 2007 |
| MD5 Checksum: | eae03b3c9a9fce0f86440a00133e2842 |
|
| /// File Name: |
SYMSA-2007-006.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-006 - The Citrix Access Gateway suffers from a vulnerability where any executable module can be downloaded and executed.
| | Author: | Michael White | | Homepage: | http://www.symantec.com/research | | File Size: | 4147 | | Related CVE(s): | CVE-2007-3679 | | Last Modified: | Jul 21 04:16:01 2007 |
| MD5 Checksum: | 04e13641bf63fe30023d44e24e9ff7eb |
|
| /// File Name: |
t1lib.txt |
Description:
|
T1Lib suffers from a buffer overflow vulnerability.
| | Author: | Hamid Ebadi | | Homepage: | http://www.bugtraq.ir/ | | File Size: | 4065 | | Last Modified: | Jul 28 04:32:50 2007 |
| MD5 Checksum: | f8dce01a5f9bfff8cd3dc692a044e4c0 |
|
| /// File Name: |
TA07-191A.txt |
Description:
|
Technical Cyber Security Alert TA07-191A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Excel, Publisher, .NET Framework, Internet Information Services, and Windows Vista Firewall. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4213 | | Last Modified: | Jul 11 10:49:24 2007 |
| MD5 Checksum: | 3ba69b3268d35605b44ae45334dbd5d9 |
|
| /// File Name: |
TA07-192A.txt |
Description:
|
Technical Cyber Security Alert TA07-192A - There are critical vulnerabilities in Adobe Flash player and related software. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4175 | | Last Modified: | Jul 12 04:09:46 2007 |
| MD5 Checksum: | 2849962a8d6cbd7e802dea568dc4d748 |
|
| /// File Name: |
TA07-193A.txt |
Description:
|
Technical Cyber Security Alert TA07-193A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime version 7.2 resolves these vulnerabilities.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4813 | | Last Modified: | Jul 13 03:43:24 2007 |
| MD5 Checksum: | 27e5a3bcf326cbe5b068abcda1c72fef |
|
| /// File Name: |
TA07-199A.txt |
Description:
|
Technical Cyber Security Alert TA07-199A - The Mozilla web browser and derived products contain several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3826 | | Last Modified: | Jul 19 05:23:56 2007 |
| MD5 Checksum: | 2901de1606f0f2ca8aa29e8e289c4b59 |
|
| /// File Name: |
TA07-200A.txt |
Description:
|
Technical Cyber Security Alert TA07-200A - Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 6224 | | Last Modified: | Jul 20 08:45:05 2007 |
| MD5 Checksum: | 7ec017aab5d0e9b1e0fe583299f1275b |
|
| /// File Name: |
tipping-bypass.txt |
Description:
|
During security analysis of the Tippingpoint IPS product a signature evasion vulnerability was discovered. The use of specific Unicode characters on particular web servers allows a remote user to bypass IPS detection. TippingPoint IPS running TOS versions 2.1 and 2.2.0 through 2.2.4 are affected.
| | Author: | Paul Craig | | Homepage: | http://www.security-assessment.com/ | | File Size: | 3410 | | Last Modified: | Jul 11 10:52:07 2007 |
| MD5 Checksum: | b75f7017f9550e4dfe22e1b71c777f55 |
|
| /// File Name: |
TISA2007-03-Public.pdf |
Description:
|
TeamIntell has discovered a local buffer overflow vulnerability in Poslovni Informator Republike Slovenije 2007 aka PIRS2007, a data collection of companies and active business subjects in Slovenia.
| | Author: | Edi Strosar | | Homepage: | http://www.teamintell.com/ | | File Size: | 26353 | | Last Modified: | Jul 14 00:51:10 2007 |
| MD5 Checksum: | 919831362bf3d6210792106c6233a5a2 |
|
| /// File Name: |
TPTI-07-12.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of RSA Authentication Manager and other products that include the Progress server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the Progress Server listening by default on TCP ports 5520 and 5530. The _mprosrv.exe process trusts a user-supplied DWORD size and attempts to receive that amount of data into a statically allocated heap buffer
| | Author: | Aaron Portnoy | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 3728 | | Related CVE(s): | CVE-2007-2417 | | Last Modified: | Jul 13 23:57:10 2007 |
| MD5 Checksum: | 5e0ed789c25b8e4dd5a76e87be3f6576 |
|
| /// File Name: |
TPTI-07-13.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service, ibserver.exe, which binds to TCP port 3050.
| | Author: | Cody Pierce | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 2818 | | Related CVE(s): | CVE-2007-3566 | | Last Modified: | Jul 25 06:34:21 2007 |
| MD5 Checksum: | 8cf4fbcf329b25381c70d8c3caf254d6 |
|
| /// File Name: |
TS-2007-001-0.txt |
Description:
|
Template Security has discovered a serious denial of service vulnerability in the BlueCat Networks Adonis DNS/DHCP Appliance. When XHA is configured to place two Adonis servers in an active-passive pair to provide high availability, a remote attacker can transmit a single UDP datagram to crash the heartbeat control process. This can be used for example to create an active/active condition in the cluster pair.
| | Author: | forloop, defaultroute | | File Size: | 4319 | | Last Modified: | Jul 31 08:03:54 2007 |
| MD5 Checksum: | 93327c040982d60f65ac09b19795f2e6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
