Section: .. / 0710-advisories /
| /// File Name: |
bosbad-xsssql.txt |
Description:
|
BosMarket and BosNews version 4 suffer from cross site scripting vulnerabilities.
| | Author: | Joseph Giron | | File Size: | 1199 | | Last Modified: | Oct 24 23:53:44 2007 |
| MD5 Checksum: | 681c1d6937291f93d3249aa34c2cb9e0 |
|
| /// File Name: |
bthomehub.txt |
Description:
|
It appears that the BT Home Hub is susceptible to some critical vulnerabilities.
| | Author: | pagvac | | File Size: | 3469 | | Last Modified: | Oct 10 01:36:17 2007 |
| MD5 Checksum: | bdb5d6bad9d4d27dc5d6883def4166aa |
|
| /// File Name: |
cabright-overflow.txt |
Description:
|
A remote stack overflow vulnerability exist in the RPC interface of CA BrightStor ARCServe BackUp. An arbitrary anonymous attacker can execute arbitrary code on the affected system by exploiting this vulnerability.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 4614 | | Related CVE(s): | CVE-2007-5327 | | Last Modified: | Oct 12 00:47:55 2007 |
| MD5 Checksum: | 071bd1c98eb8cb949325a319bf630a91 |
|
| /// File Name: |
CAID-35754.txt |
Description:
|
CA Host-Based Intrusion Prevention System (CA HIPS) contains a vulnerability in the Server installation that can allow a remote attacker to take unauthorized administrative action. The vulnerability occurs due to raw request data being displayed in the log when viewed by a browser. The client installation is not vulnerable.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3063 | | Related CVE(s): | CVE-2007-5472 | | Last Modified: | Oct 22 18:50:26 2007 |
| MD5 Checksum: | 26296d663e5bc8ed3f4ebea3490cefc7 |
|
| /// File Name: |
CAID-ARCserve.txt |
Description:
|
Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action. The first set of vulnerabilities occur due to insufficient bounds checking by multiple components. The second vulnerability occurs due to privileged functions being available for use without proper authorization. The third set of vulnerabilities are due to a memory corruption occurring with the processing of RPC procedure arguments by multiple services. The vulnerabilities allow an attacker to cause a denial of service, or potentially to execute arbitrary code.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 7170 | | Related CVE(s): | CVE-2007-5325, CVE-2007-5326, CVE-2007-5327, CVE-2007-5328, CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332 | | Last Modified: | Oct 12 00:45:16 2007 |
| MD5 Checksum: | 4b9058618aa139e33922525d849a8ced |
|
| /// File Name: |
cisco-sa-20071010-wcs.txt |
Description:
|
Cisco Security Advisory - Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a conversion utility to convert over to a Cisco Wireless Control System (WCS). This conversion utility creates and uses administrative accounts with default credentials. Because there is no requirement to change these credentials during the conversion process, an attacker may be able to leverage the accounts that have default credentials to take full administrative control of the WCS after the conversion has been completed.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12248 | | Last Modified: | Oct 10 23:52:19 2007 |
| MD5 Checksum: | 88515006ebec8b1fa0285611c0e5dee7 |
|
| /// File Name: |
cisco-sa-20071017-asa.txt |
Description:
|
Cisco Security Advisory - Two crafted packet vulnerabilities exist in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. These vulnerabilities are triggered during processing of Media Gateway Control Protocol (MGCP) packets, or during processing of Transport Layer Security (TLS) traffic that terminates on the PIX or ASA security appliance.
| | Homepage: | http://www.cisco.com/ | | File Size: | 22757 | | Last Modified: | Oct 18 18:33:22 2007 |
| MD5 Checksum: | e4ff59388364c154911f65adff3df622 |
|
| /// File Name: |
cisco-sa-20071017-cucm.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two denial of service (DoS) vulnerabilities. Large volumes of UDP Session Initiation Protocol (SIP) INVITE messages may cause a resource exhaustion condition on CUCM systems resulting in a kernel panic. The CUCM Trivial File Transfer Protocol (TFTP) service contains a buffer overflow vulnerability that may result in a denial of service condition or allow a remote, unauthenticated user to execute arbitrary code. There are no workarounds for these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15285 | | Last Modified: | Oct 18 18:31:26 2007 |
| MD5 Checksum: | 12346c759f4592e4e636e40e7256679e |
|
| /// File Name: |
cisco-sa-20071017-fwsm.txt |
Description:
|
Cisco Security Advisory - Two crafted packet vulnerabilities exist in the Cisco Firewall Services Module (FWSM) that may result in a reload of the FWSM. These vulnerabilities can be triggered during the processing of HTTPS requests, or during the processing of Media Gateway Control Protocol (MGCP) packets. A third vulnerability may cause access control list (ACL) entries to not be evaluated after the access list has been manipulated.
| | Homepage: | http://www.cisco.com/ | | File Size: | 23416 | | Last Modified: | Oct 18 18:32:46 2007 |
| MD5 Checksum: | ee86a4edae50825cdb3ae77457a4bd1c |
|
| /// File Name: |
cisco-sa-20071017-IPCC.txt |
Description:
|
Cisco Security Advisory - Unified Contact Center and Intelligent Contact Management products contain a vulnerability that may result in unauthorized access to the web-based reporting and script monitoring tool (Web View) and the web-based configuration tool (Web Admin).
| | Homepage: | http://www.cisco.com/ | | File Size: | 13405 | | Last Modified: | Oct 18 18:32:04 2007 |
| MD5 Checksum: | 244e079104e4868a9ff5bec548531d60 |
|
| /// File Name: |
ciscosip.txt |
Description:
|
Cisco CallManager and OpenSer suffer from a SIP toll fraud and authentication forward vulnerability.
| | Author: | Humberto J. Abdelnur, Olivier Festor, Radu State | | File Size: | 2379 | | Last Modified: | Oct 15 16:55:11 2007 |
| MD5 Checksum: | 38d7172765e6072c201fcb9141c23afe |
|
| /// File Name: |
CORE-2007-0928.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability found in OpenBSD's dhcpd allows attackers on the local network to remotely cause the DHCP server to corrupt its process memory and crash; or continue functioning erratically thus denying service to all DHCP clients on the network and, if PF updates are in use, potentially affecting egress/ingress filtering as well. OpenBSD 4.0, 4.1, and 4.2 are affected.
| | Author: | Nahuel Riva, Gerardo Richarte | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 14380 | | Related CVE(s): | CVE-2007-0063 | | Last Modified: | Oct 11 00:28:53 2007 |
| MD5 Checksum: | 4f54934bbd0acff7397c83a86dcce243 |
|
| /// File Name: |
corsaire-citrix.txt |
Description:
|
The Citrix Access Gateway product suffers from a flaw that allows an attacker to gain access to an authenticated user's session ID.
| | Author: | Martin O'Neal | | File Size: | 4301 | | Related CVE(s): | CVE-2007-0011 | | Last Modified: | Oct 22 23:57:48 2007 |
| MD5 Checksum: | 3e891095a8fbf6693cb268510e70f00f |
|
| /// File Name: |
curl-zlib.txt |
Description:
|
The Microsoft Windows binary of curl contains a vulnerable version of zlib.
| | Author: | Stefan Kanthak | | File Size: | 815 | | Related CVE(s): | CAN-2005-2096 | | Last Modified: | Oct 22 17:56:40 2007 |
| MD5 Checksum: | 9c0b704918182c4b5c0f0bc0c6aca43c |
|
| /// File Name: |
CVE-2007-4600.txt |
Description:
|
The Protect Worksheet functionality, used to protect sections Mathcad sheets from alterations, is easily bypassed allowing access to the protected data due to the implementation of the file format used to save the files. Versions 12 through 14 are susceptible.
| | File Size: | 4153 | | Related CVE(s): | CVE-2007-4600 | | Last Modified: | Oct 16 18:47:30 2007 |
| MD5 Checksum: | 83651ae896318aefdeff22b7a7109e05 |
|
| /// File Name: |
d3engfspb.txt |
Description:
|
The Doom 3 engine suffers from a format string vulnerability. Doom 3 versions 1.3.1 and below, Quake 4 versions 1.4.2 and below, and Prey versions 1.3 and below are affected.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | d3engfspb.zip | | File Size: | 2953 | | Last Modified: | Oct 2 00:35:26 2007 |
| MD5 Checksum: | deed2567fa26aed88ab08bc35c53f2e5 |
|
| /// File Name: |
DDIVRT-2007-05.txt |
Description:
|
The NetSupport Manager client that listens on TCP port 5405 does not properly validate input supplied during the initial connection sequence. Specifically, during the configuration exchange part of the initial connection setup, the client does not appear to validate the supplied data which can result in a DoS of the NetSupport Manager Client. Remote code exploitation is also thought to be possible.
| | Homepage: | http://www.netsupportmanager.com/ | | File Size: | 1576 | | Last Modified: | Oct 5 02:07:56 2007 |
| MD5 Checksum: | ed61af9ea9612fc1c77af1eadba03aa3 |
|
| /// File Name: |
dot169-format.txt |
Description:
|
The Dawn of Time versions 1.69s beta4 and below suffer from a format string vulnerability during web server authorization.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 2579 | | Last Modified: | Oct 5 23:02:26 2007 |
| MD5 Checksum: | 55721a79c739852c77847536fbf17862 |
|
| /// File Name: |
dropteamz.txt |
Description:
|
Dropteam versions 1.3.3 and below suffer from format string, buffer overflow, and various other vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | dropteamz.zip | | File Size: | 3513 | | Last Modified: | Oct 5 22:58:58 2007 |
| MD5 Checksum: | a910e08f8d7f3080129bd9908b0b416c |
|
| /// File Name: |
dsa-1362-2.txt |
Description:
|
Debian Security Advisory 1362-2 - A problem was discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitary code via the overflow of CGI variables when mod_fcgi was enabled. This updated advisory correctly patches the security issue, which was not handled in DSA-1362-1.
| | Homepage: | http://www.debian.org/security | | File Size: | 11974 | | Related CVE(s): | CVE-2007-4727 | | Last Modified: | Oct 8 20:26:33 2007 |
| MD5 Checksum: | 826063a55c14e8a2be9717c3362feb6e |
|
| /// File Name: |
dsa-1365-3.txt |
Description:
|
Debian Security Advisory 1365-3 - Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 11932 | | Related CVE(s): | CVE-2007-4460 | | Last Modified: | Oct 2 20:20:29 2007 |
| MD5 Checksum: | 33560aae79d1bc515125ac61d6f593f2 |
|
| /// File Name: |
dsa-1373-2.txt |
Description:
|
Debian Security Advisory 1373-2 - It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files. This updated advisory correctly increases the version number of the fixed package such that it is installable upon the etch release of Debian.
| | Homepage: | http://www.debian.org/security | | File Size: | 4869 | | Related CVE(s): | CVE-2007-1799 | | Last Modified: | Oct 23 19:21:28 2007 |
| MD5 Checksum: | 3698c02a94c0bc9ae0aa4ebc064144f3 |
|
| /// File Name: |
dsa-1379-1.txt |
Description:
|
Debian Security Advisory 1379-1 - An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.
| | Homepage: | http://www.debian.org/security | | File Size: | 20892 | | Related CVE(s): | CVE-2007-5135 | | Last Modified: | Oct 2 20:21:25 2007 |
| MD5 Checksum: | 3f5aa96b7fa0f56cd5a7c9bd5759073e |
|
| /// File Name: |
dsa-1379-2.txt |
Description:
|
Debian Security Advisory 1379-2 - An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application. This update to DSA 1379 announces the availability of the libssl0.9.6 and libssl0.9.7 compatibility libraries for sarge (oldstable) and etch (stable), respectively.
| | Homepage: | http://www.debian.org/security | | File Size: | 9731 | | Related CVE(s): | CVE-2007-5135 | | Last Modified: | Oct 10 23:55:15 2007 |
| MD5 Checksum: | 628f0f87d55a87adecd6ac70dc98e253 |
|
| /// File Name: |
dsa-1380-1.txt |
Description:
|
Debian Security Advisory 1380-1 - Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed.
| | Homepage: | http://www.debian.org/security | | File Size: | 6792 | | Related CVE(s): | CVE-2007-5034 | | Last Modified: | Oct 2 20:31:53 2007 |
| MD5 Checksum: | 69cd282fc888fb0462f9333dbb97be6c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
