Section: .. / 0912-advisories /
| /// File Name: |
12.08.09-1.txt |
Description:
|
iDefense Security Advisory 12.08.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense confirmed the existence of this vulnerability in Internet Explorer versions 6 and 7. Internet Explorer versions 5 and 8 do not appear to be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4448 | | Related CVE(s): | CVE-2009-3672 | | Last Modified: | Dec 10 16:55:24 2009 |
| MD5 Checksum: | 1d9dcb0b3e1240b326450402d77672b3 |
|
| /// File Name: |
12.08.09-2.txt |
Description:
|
iDefense Security Advisory 12.08.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s WordPad could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in WordPad version 5.1 for Windows XP SP3 and SP2. Other versions of Windows may also be affected. However, Vista and Server 2008 are not affected as they no longer contain the Word97 converter.
| | Author: | Sean Larsson,Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4545 | | Related CVE(s): | CVE-2009-2506 | | Last Modified: | Dec 10 16:56:52 2009 |
| MD5 Checksum: | 2c4745f28174c0c357fd390356bb3767 |
|
| /// File Name: |
12.08.09-3.txt |
Description:
|
iDefense Security Advisory 12.08.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Indeo32 Codec could allow an attacker to execute arbitrary code in the context of the affected user. iDefense has confirmed that ir32_32.dll version 3.24.15.3, as included in fully patched Windows XP as of October 2008, is vulnerable. All previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3868 | | Last Modified: | Dec 10 16:58:11 2009 |
| MD5 Checksum: | 1e2f7c4a212e62fd1ecba1718f805ada |
|
| /// File Name: |
BMSA-2009-08.txt |
Description:
|
pyForum version 1.0.3 suffers from cross site scripting and cross site request forgery vulnerabilities.
| | Author: | Nam Nguyen | | Homepage: | http://www.bluemoon.com.vn/ | | File Size: | 2151 | | Last Modified: | Dec 15 15:44:30 2009 |
| MD5 Checksum: | 518f13b335b55ff9b787285c1bfb63e5 |
|
| /// File Name: |
CA20091208-01.txt |
Description:
|
CA's support is alerting customers to a security risk with CA Service Desk. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has issued patches to address the vulnerability.
| | Author: | Kevin Kotas | | Homepage: | http://www3.ca.com/ | | File Size: | 4866 | | Related CVE(s): | CVE-2009-4149 | | Last Modified: | Dec 8 19:05:43 2009 |
| MD5 Checksum: | db079c9d57bb58f43ce0d66f28130ff0 |
|
| /// File Name: |
census-2009-0003.txt |
Description:
|
CoreHTTP (up to and including version 0.5.3.1) employs an insufficient input validation method for handling HTTP requests with invalid method names and URIs. Specifically, the vulnerability is an off-by-one buffer overflow in the sscanf() call at file src/http.c line numbers 45 and 46.
| | Author: | Patroklos Argyroudis | | Homepage: | http://census-labs.com/ | | Related Exploit: | corex.py.txt | | File Size: | 2237 | | Related CVE(s): | CVE-2009-3586 | | Last Modified: | Dec 7 17:54:01 2009 |
| MD5 Checksum: | b1fc405a23881cb5dd981fce48a6ca50 |
|
| /// File Name: |
corehttp.txt |
Description:
|
CoreHTTP versions 0.5.3.1 and below suffer from a remote command execution vulnerability.
| | Author: | Aaron Conole | | Related Exploit: | corehttp_cgienabled.rb.txt | | File Size: | 2731 | | Last Modified: | Dec 23 11:55:49 2009 |
| MD5 Checksum: | d5c8fbc240bc291f7909f5462adf7c2c |
|
| /// File Name: |
cybsec-sapstartsrv.txt |
Description:
|
All SAP platforms running sapstartsrv suffer from a denial of service vulnerability.
| | Homepage: | http://www.cybsec.com/ | | File Size: | 2623 | | Last Modified: | Dec 10 19:51:11 2009 |
| MD5 Checksum: | d6e48a1397108af5c336a0de1d2cd9c2 |
|
| /// File Name: |
dsa-1943-1.txt |
Description:
|
Debian Linux Security Advisory 1943-1 - It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
| | Homepage: | http://www.debian.org/security | | File Size: | 18468 | | Related CVE(s): | CVE-2009-3767 | | Last Modified: | Dec 3 13:35:38 2009 |
| MD5 Checksum: | 3eac429ffa53f0306af5253b0ea55087 |
|
| /// File Name: |
dsa-1944-1.txt |
Description:
|
Debian Linux Security Advisory 1944-1 - Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 6854 | | Related CVE(s): | CVE-2009-3585 | | Last Modified: | Dec 3 13:36:33 2009 |
| MD5 Checksum: | dcad83f864dff7204d315eed95e99e83 |
|
| /// File Name: |
dsa-1945-1.txt |
Description:
|
Debian Linux Security Advisory 1945-1 - Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 8441 | | Related CVE(s): | CVE-2009-3304 | | Last Modified: | Dec 3 13:36:47 2009 |
| MD5 Checksum: | 57fe8db85a352b32dbed117db57ff13f |
|
| /// File Name: |
dsa-1946-1.txt |
Description:
|
Debian Linux Security Advisory 1946-1 - It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 11143 | | Related CVE(s): | CVE-2009-0049 | | Last Modified: | Dec 4 23:21:04 2009 |
| MD5 Checksum: | 0537f7835764e5ce98e30256a9f2baf6 |
|
| /// File Name: |
dsa-1947-1.txt |
Description:
|
Debian Linux Security Advisory 1947-1 - Matt Elder discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs.
| | Homepage: | http://www.debian.org/security | | File Size: | 31439 | | Related CVE(s): | CVE-2009-3300 | | Last Modified: | Dec 7 18:08:16 2009 |
| MD5 Checksum: | 0394d7547f9a06667696699e13cd6942 |
|
| /// File Name: |
dsa-1948-1.txt |
Description:
|
Debian Linux Security Advisory 1948-1 - Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 12245 | | Related CVE(s): | CVE-2009-3563 | | Last Modified: | Dec 8 19:03:34 2009 |
| MD5 Checksum: | 5c5ebb4dc32576d0ecb786bec49df9fa |
|
| /// File Name: |
dsa-1949-1.txt |
Description:
|
Debian Linux Security Advisory 1949-1 - It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments (no CVE yet) or execute arbitrary commands (CVE-2009-4024) on a system that uses php-net-ping.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 4401 | | Related CVE(s): | CVE-2009-4024 | | Last Modified: | Dec 13 18:34:41 2009 |
| MD5 Checksum: | e298ce78d0e6cf519a000f5d78b75212 |
|
| /// File Name: |
dsa-1950-1.txt |
Description:
|
Debian Linux Security Advisory 1950-1 - Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 11638 | | Related CVE(s): | CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1712, CVE-2009-1725, CVE-2009-1714, CVE-2009-1710, CVE-2009-1697, CVE-2009-1695, CVE-2009-1693, CVE-2009-1694, CVE-2009-1681, CVE-2009-1684, CVE-2009-1692 | | Last Modified: | Dec 13 18:35:12 2009 |
| MD5 Checksum: | d2ab152f44cc33b7f3f6d7fd1c037406 |
|
| /// File Name: |
dsa-1951-1.txt |
Description:
|
Debian Linux Security Advisory 1951-1 - It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitize the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 4142 | | Related CVE(s): | CVE-2009-4102 | | Last Modified: | Dec 15 16:39:02 2009 |
| MD5 Checksum: | 9125d5fc6f3fae4c371b61bf5883ba91 |
|
| /// File Name: |
dsa-1952-2.txt |
Description:
|
Debian Linux Security Advisory 1952-2 - Security support for asterisk, an Open Source PBX and telephony toolkit, has been discontinued for the oldstable distribution (etch). The current version in oldstable is not supported by upstream anymore and is affected by several security issues. Backporting fixes for these and any future issues has become unfeasible and therefore we need to drop our security support for the version in oldstable. We recommend that all asterisk users upgrade to the stable distribution (lenny).
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 1251 | | Last Modified: | Dec 15 16:52:36 2009 |
| MD5 Checksum: | ed04b9a1e9190f23e4535ed8486fe2e5 |
|
| /// File Name: |
dsa-1953-1.txt |
Description:
|
Debian Linux Security Advisory 1953-1 - Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 19538 | | Related CVE(s): | CVE-2009-3560 | | Last Modified: | Dec 16 18:25:12 2009 |
| MD5 Checksum: | 0353093460b24229476b8ea39025e422 |
|
| /// File Name: |
dsa-1953-2.txt |
Description:
|
Debian Linux Security Advisory 1953-2 - cases, expat would abort with the message "error in processing external entity reference".
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 20307 | | Related CVE(s): | CVE-2009-3560 | | Last Modified: | Dec 31 21:02:03 2009 |
| MD5 Checksum: | e6c2b012e1556349a1401cbbdbd600b9 |
|
| /// File Name: |
dsa-1955-1.txt |
Description:
|
Debian Linux Security Advisory 1955-1 - It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 15850 | | Related CVE(s): | CVE-2009-0365 | | Last Modified: | Dec 16 18:21:29 2009 |
| MD5 Checksum: | cdee573672ac2e793d3c55644a132317 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
