.:[ packet storm ]:.
                         
know your enemy
know your enemy

 Section:  .. / Last 100 Advisory Files /

 ///  File Name:ie8-forcedtweet.txt
Description:
Microsoft Internet Explorer 8 suffers from a vulnerability that allows an arbitrary web site the ability to force a victim to make tweets.
Author:Chris Evans
File Size:1131
Last Modified:Sep 3 19:25:48 2010
MD5 Checksum:51e26942b1d61bf8696ece2a57b00b66

 ///  File Name:moaub03-trendmicro.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Trend Micro Internet Security Pro 2010 suffers from an Active-X extSetOwner remote code execution vulnerability.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-trendmicro.txt
File Size:359668
Last Modified:Sep 3 19:17:17 2010
MD5 Checksum:81b892dac8eb292ac0b50174b0d75657

 ///  File Name:moaub03-visinia.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Visinia version 1.3 suffers from cross site request forgery and local file inclusion vulnerabilities.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-visinia.txt
File Size:362975
Last Modified:Sep 3 19:15:33 2010
MD5 Checksum:619881b402da33983acd8bed63e7fe1d

 ///  File Name:googlechrome-corruption.txt
Description:
VUPEN Vulnerability Research Team discovered a high risk vulnerability affecting Google Chrome. The vulnerability is caused by a memory corruption error when processing focus events, which could be exploited by remote attackers to potentially execute arbitrary code by tricking a user into visiting a specially crafted web page. Google Chrome versions prior to 6.0.472.53 are affected.
Author:Matthieu Bonetti
Homepage:http://www.vupen.com/
File Size:2371
Last Modified:Sep 3 19:12:55 2010
MD5 Checksum:d7bb1c9543aec34baff17e3f886116fb

 ///  File Name:dsa-2102-1.txt
Description:
Debian Linux Security Advisory 2102-1 - It has been discovered that in barnowl, a curses-based instant-messaging client, the return codes of calls to the ZPending and ZReceiveNotice functions in libzephyr were not checked, allowing attackers to cause a denial of service (crash of the application), and possibly execute arbitrary code.
Author:Debian
Homepage:http://www.debian.org/security
File Size:5479
Related CVE(s):CVE-2010-2725
Last Modified:Sep 3 19:08:51 2010
MD5 Checksum:de4af2887f97b53bbc11ac63308a1a5c

 ///  File Name:HPSBMA02572-SSRT100082.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP Operations Agent running on Windows. The vulnerabilities could be exploited locally resulting in an elevation of privileges and remotely allowing execution of arbitrary code.
Homepage:http://www.hp.com/
File Size:6011
Related CVE(s):CVE-2010-3004, CVE-2010-3005
Last Modified:Sep 3 19:04:55 2010
MD5 Checksum:3a249f396673948dfc9c54350c90b961

 ///  File Name:MDVSA-2010-170.txt
Description:
Mandriva Linux Security Advisory 2010-170 - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a.wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:5600
Related CVE(s):CVE-2010-2252
Last Modified:Sep 2 23:47:14 2010
MD5 Checksum:1d5d76c35a7524b8752e4dfab043cf0f

 ///  File Name:glsa-201009-01.txt
Description:
Gentoo Linux Security Advisory 201009-1 - An integer overflow vulnerability in wxGTK might enable remote attackers to cause the execution of arbitrary code. wxGTK is prone to an integer overflow error in the wxImage::Create() function in src/common/image.cpp, possibly leading to a heap-based buffer overflow. Versions less than 2.8.10.1-r1 are affected.
Author:Gentoo
Homepage:http://security.gentoo.org
File Size:3040
Related CVE(s):CVE-2009-2369
Last Modified:Sep 2 23:46:38 2010
MD5 Checksum:fdf7e822a65781e0b83fcc9be4491798

 ///  File Name:moaub02-apple.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Apple QuickTime player version 7.6.5 FlashPix NumberOfTiles remote code execution exploit.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-quicktime.txt
File Size:154759
Related CVE(s):CVE-2010-0519
Last Modified:Sep 2 23:37:47 2010
MD5 Checksum:e1e2b6f4c40321ac93c73434a39dc229

 ///  File Name:USN-982-1.txt
Description:
Ubuntu Security Notice 982-1 - It was discovered that Wget would use filenames provided by the server when following 3xx redirects. If a user or automated system were tricked into downloading a file from a malicious site, a remote attacker could create the file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrary code.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:11134
Related CVE(s):CVE-2010-2252
Last Modified:Sep 2 23:15:02 2010
MD5 Checksum:772e3ecddbb0e78f9ad1482e49e5c2b0

 ///  File Name:MDVSA-2010-169.txt
Description:
Mandriva Linux Security Advisory 2010-169 - dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. Mozilla Firefox permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document. Various other Mozilla related vulnerabilities have been addressed.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:74322
Related CVE(s):CVE-2010-2754, CVE-2010-0654, CVE-2010-1213, CVE-2010-2753, CVE-2010-1211
Last Modified:Sep 2 23:08:28 2010
MD5 Checksum:0f02f3eda393e2a0d929deb75ea471a5

 ///  File Name:moaub01-cpanel.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Cpanel suffers from a PHP restriction bypass vulnerability. Versions 11.25 and below are affected.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-cpanel.txt
File Size:111765
Last Modified:Sep 1 16:33:24 2010
MD5 Checksum:742e27e87f22754fb5fce6e831b68d44

 ///  File Name:moaub01-adobe.pdf
Description:
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader and Flash Player suffer from a "newclass" invalid pointer vulnerability.
Author:Abysssec,Shahin
Homepage:http://www.abysssec.com/
Related Exploit:moaub-adobenewclass.txt
File Size:141640
Related CVE(s):CVE-2010-1297
Last Modified:Sep 1 16:29:42 2010
MD5 Checksum:fdb5c4d67a6da028140181593899cb19

 ///  File Name:MDVSA-2010-168.txt
Description:
Mandriva Linux Security Advisory 2010-168 - Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service and possibly execute some sources refer to this as a use-after-free issue. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:3636
Related CVE(s):CVE-2010-2939
Last Modified:Sep 1 16:28:29 2010
MD5 Checksum:f0c6c2f4720853cfe16f3b61747fe479

 ///  File Name:macosxparental-bypass.txt
Description:
The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent.
Author:Jonathan Kamens
File Size:4344
Last Modified:Sep 1 16:14:38 2010
MD5 Checksum:a9781fd5642b187fa7ed3b0e9f72ac7f

 ///  File Name:VMSA-2010-0013.txt
Description:
VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3.
Homepage:http://www.vmware.com/
File Size:10502
Related CVE(s):CVE-2005-4268, CVE-2010-0624, CVE-2010-0624, CVE-2010-2063, CVE-2010-1321, CVE-2010-1168, CVE-2010-1447
Last Modified:Sep 1 13:39:58 2010
MD5 Checksum:b09485d6be1c4762b45d7696cf3e5929

 ///  File Name:MDVSA-2010-167.txt
Description:
Mandriva Linux Security Advisory 2010-167 - lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a. character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:5605
Related CVE(s):CVE-2010-2253
Last Modified:Sep 1 13:36:21 2010
MD5 Checksum:a51472767c3f02ea5ccf9de1e8f2c8ef

 ///  File Name:dsa-2101-1.txt
Description:
Debian Linux Security Advisory 2101-1 - Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code.
Author:Debian
Homepage:http://www.debian.org/security
File Size:11187
Related CVE(s):CVE-2010-2994, CVE-2010-2995
Last Modified:Aug 31 19:55:01 2010
MD5 Checksum:9e4517c5c11a2c8679174a546d3783a4

 ///  File Name:apphp-xssxsrf.txt
Description:
ApPHP suffers from cross site request forgery and cross site scripting vulnerabilities.
Author:Edgard Chammas
File Size:827
Last Modified:Aug 31 19:50:07 2010
MD5 Checksum:98d1db1212daa5664ef8d0e3227ebf09

 ///  File Name:HPSBMA02571-SSRT100034.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Diagnostics Online Edition running on Linux. The vulnerability could be exploited remotely resulting in cross site scripting (XSS).
Homepage:http://www.hp.com/
File Size:6111
Related CVE(s):CVE-2010-3003
Last Modified:Aug 31 14:49:21 2010
MD5 Checksum:4e1948b4fa0864277f76dc2ab1b3e3e0

 ///  File Name:tortoisesvn-dllhijack.txt
Description:
Tortoise SVN version 1.6.10 build 19898 suffers from the Windows DLL hijacking vulnerability.
Author:Nikhil Mittal
File Size:1131
Last Modified:Aug 31 14:48:05 2010
MD5 Checksum:18c757c53461202273321eb91c9e2d09

 ///  File Name:ZDI-10-168.txt
Description:
Zero Day Initiative Advisory 10-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QTPlugin.ocx ActiveX control. The plugin accepts a parameter named _Marshaled_pUnk that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2990
Last Modified:Aug 31 14:47:29 2010
MD5 Checksum:f1e202e02d5bb2b6edce390377069eac

 ///  File Name:MDVSA-2010-166.txt
Description:
Mandriva Linux Security Advisory 2010-166 - Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:5483
Related CVE(s):CVE-2010-1526
Last Modified:Aug 31 14:47:03 2010
MD5 Checksum:74a5e32dcc8de585e13eaffbfbd944b5

 ///  File Name:USN-981-1.txt
Description:
Ubuntu Security Notice 981-1 - It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user's directory.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:4848
Related CVE(s):CVE-2010-2253
Last Modified:Aug 31 14:40:21 2010
MD5 Checksum:1b6f8fba75621cbb77aeb7061fc7668c

 ///  File Name:USN-980-1.txt
Description:
Ubuntu Security Notice 980-1 - Julius Plenz discovered that bogofilter incorrectly handled certain malformed encodings. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:13555
Related CVE(s):CVE-2010-2494
Last Modified:Aug 31 14:38:55 2010
MD5 Checksum:3e230abdd37c42ca6371757ffe07ce1b

 ///  File Name:HPSBUX02552-SSRT100062.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Software Distributor (sd). The vulnerability could be exploited locally to grant an increase in privilege, or to permit unauthorized access.
Homepage:http://www.hp.com/
File Size:6949
Related CVE(s):CVE-2010-2712
Last Modified:Aug 31 14:32:17 2010
MD5 Checksum:acc794ce0bdf65f028c00b56a9387ca4

 ///  File Name:dsa-2100-1.txt
Description:
Debian Linux Security Advisory 2100-1 - George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code.
Author:Debian
Homepage:http://www.debian.org/security
File Size:12897
Related CVE(s):CVE-2010-2939
Last Modified:Aug 30 19:21:02 2010
MD5 Checksum:778bdc01f758228ffbcc2e477119adc1

 ///  File Name:MDVSA-2010-165.txt
Description:
Mandriva Linux Security Advisory 2010-165 - Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service via a string that is inconsistent with the expected number of fields. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:4359
Related CVE(s):CVE-2010-2947
Last Modified:Aug 30 19:20:45 2010
MD5 Checksum:400b8ccbc492684a50d95e2110209de1

 ///  File Name:MDVSA-2010-164.txt
Description:
Mandriva Linux Security Advisory 2010-164 - It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 3.3.5.1 which is not vulnerable for this security issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:2403
Related CVE(s):CVE-2010-3056
Last Modified:Aug 30 18:44:21 2010
MD5 Checksum:3be3a6120fce5c38be0b4281112147da

 ///  File Name:dsa-2099-1.txt
Description:
Debian Linux Security Advisory 2099-1 - Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code.
Author:Debian
Homepage:http://www.debian.org/security
File Size:69317
Related CVE(s):CVE-2010-2935, CVE-2010-2936
Last Modified:Aug 30 18:41:38 2010
MD5 Checksum:78c12e5aea3880b86988e87ed64e14f2

 ///  File Name:orangespain-disclose.txt
Description:
Orange Spain is adding the user MSISDN in every HTTP request it sends. Due to this, any web site you visit now has your number.
Author:xuf
File Size:1190
Last Modified:Aug 30 18:15:11 2010
MD5 Checksum:fb788f399f4ea82ce7c3034d9fd9b97e

 ///  File Name:MDVSA-2010-163.txt
Description:
Mandriva Linux Security Advisory 2010-163 - The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with the ability to save files on the server, this can allow unauthenticated users to execute arbitrary PHP code. It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable for these security issues.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:2791
Related CVE(s):CVE-2010-3055, CVE-2010-3056
Last Modified:Aug 30 18:02:54 2010
MD5 Checksum:d248f7348fefef070fc9b5eb58537666

 ///  File Name:dsa-2098-1.txt
Description:
Debian Linux Security Advisory 2098-1 - Several remote vulnerabilities have been discovered in the TYPO3 web SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution.
Author:Debian
Homepage:http://www.debian.org/security
File Size:3580
Last Modified:Aug 30 17:58:33 2010
MD5 Checksum:3f95a2a22284f1eddb22cc015afa5722

 ///  File Name:tandbergsnmp-dos.txt
Description:
Tandberg MXP systems with a firmware prior to 9.0 suffer from a SNMP related denial of service vulnerability.
Author:David Klein
File Size:1392
Last Modified:Aug 30 16:47:59 2010
MD5 Checksum:94fa4412d87b81d07357e6dcd9434898

 ///  File Name:dsa-2097-1.txt
Description:
Debian Linux Security Advisory 2097-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
Author:Debian
Homepage:http://www.debian.org/security
File Size:3633
Related CVE(s):CVE-2010-3055, CVE-2010-3056
Last Modified:Aug 30 16:36:12 2010
MD5 Checksum:0758b9b00958e8334979c7bd51696702

 ///  File Name:cisco-sa-20100827-bgp.txt
Description:
Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session.
Author:Cisco Systems
Homepage:http://www.cisco.com/
File Size:20786
Last Modified:Aug 28 03:07:30 2010
MD5 Checksum:b4b431878fb3b62cfb0ac3c1ca398fee

 ///  File Name:wp-10-0001.txt
Description:
It appears that many browsers will gladly accept wildcard certificates for IP addresses versus expecting proper domain names for the CN. This is,.. well, very interesting and violates RFC 2818.
Author:Richard Moore
File Size:3922
Last Modified:Aug 28 02:49:20 2010
MD5 Checksum:1a46bac1f7079d8de9c0cd072d73cbdd

 ///  File Name:TA10-238A.txt
Description:
Technical Cyber Security Alert 2010-238A - Due to the way Microsoft Windows loads dynamically linked libraries (DLLs), an application may load an attacker-supplied DLL instead of the legitimate one, resulting in the execution of arbitrary code.
Author:US-CERT
Homepage:http://www.us-cert.gov/
File Size:4813
Last Modified:Aug 26 22:58:57 2010
MD5 Checksum:d00b1627b380c10f021ded0d34c7689f

 ///  File Name:USN-979-1.txt
Description:
Ubuntu Security Notice 979-1 - Stefan Cornelius of Secunia Research discovered a boundary error during RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/inplug/image.cpp of okular when processing images embedded in PDB files, which can be exploited to cause a heap-based buffer overflow.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:49436
Related CVE(s):CVE-2010-2575
Last Modified:Aug 26 22:58:15 2010
MD5 Checksum:74535dda002d578f0a113adf8c78113a

 ///  File Name:USN-974-2.txt
Description:
Ubuntu Security Notice 974-2 - USN-974-1 fixed vulnerabilities in the Linux kernel. The fixes for CVE-2010-2240 caused failures for Xen hosts. This update fixes the problem. Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:43559
Related CVE(s):CVE-2010-2240, CVE-2010-2803, CVE-2010-2959
Last Modified:Aug 26 22:56:18 2010
MD5 Checksum:3aab12c90f2cb1286a5d95fa9c8754fe

 ///  File Name:MDVSA-2010-162.txt
Description:
Mandriva Linux Security Advisory 2010-162 - A specially crafted PDF or PS file could cause okular to crash or execute arbitrary code. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:13681
Related CVE(s):CVE-2010-2575
Last Modified:Aug 26 22:55:25 2010
MD5 Checksum:828e0e1c1bf3669dd61800bcabe534e9

 ///  File Name:ZDI-10-167.txt
Description:
Zero Day Initiative Advisory 10-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the module responsible for handling the FLV file format. While parsing the HX_FLV_META_AMF_TYPE_MIXEDARRAY and the HX_FLV_META_AMF_TYPE_ARRAY data types the ParseKnownType function makes two improper calculations that can force integers to wrap. A remote attacker can exploit these vulnerabilities to execute arbitrary code under the context of the user playing the file.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2863
Related CVE(s):CVE-2010-3000
Last Modified:Aug 26 22:26:29 2010
MD5 Checksum:b9185efa4eb6de6d380867c0480c44ac

 ///  File Name:ZDI-10-166.txt
Description:
Zero Day Initiative Advisory 10-166 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing a malformed data header. The application explicitly trusts an index in this data structure to seek into a list of objects. If one specifies an index outside the bounds of the array, the application will later dereference an object from the calculated pointer and then call it, leading to code execution under the context of the current user.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2922
Related CVE(s):CVE-2010-2996
Last Modified:Aug 26 22:17:22 2010
MD5 Checksum:f37c24d980d804b8558467fd71874741

 ///  File Name:applecoregraphics-memcorrupt.txt
Description:
Apple Preview.app is the default application used in Apple MacOS systems in order to visualize PDF files and does not properly parse PDF files, which leads to memory corruption when opening a malformed file with an invalid size on JBIG2 structure at offset 0x2C1 as in PoC Repro1.pdf or offset 0x2C5 as in PoC Repro2.pdf (both values trigger the same vulnerability).
Author:Rodrigo Rubira Branco
File Size:3986
Related CVE(s):CVE-2010-1801
Last Modified:Aug 26 21:44:13 2010
MD5 Checksum:81a365eab7eb44bc60ed52a063dd3946

 ///  File Name:USN-977-1.txt
Description:
Ubuntu Security Notice 977-1 - It was discovered that MoinMoin did not properly sanitize its input, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:5184
Related CVE(s):CVE-2010-2487, CVE-2010-2969, CVE-2010-2970
Last Modified:Aug 26 02:36:45 2010
MD5 Checksum:f68f3a58fdfc97baf2600337ecdae858

 ///  File Name:cisco-sa-20100825-cucm.txt
Description:
Cisco Security Advisory - Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of voice services.
Author:Cisco Systems
Homepage:http://www.cisco.com/
File Size:14084
Related CVE(s):CVE-2010-2837, CVE-2010-2838
Last Modified:Aug 26 02:35:41 2010
MD5 Checksum:39b956735d64474208f2097bb325129d

 ///  File Name:cisco-sa-20100825-cup.txt
Description:
Cisco Security Advisory - Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of presence services. suffers from a denial of service vulnerability.
Author:Cisco Systems
Homepage:http://www.cisco.com/
File Size:11789
Related CVE(s):CVE-2010-2839, CVE-2010-2840
Last Modified:Aug 26 02:34:27 2010
MD5 Checksum:33edb5f3958a5e2477649763ba65dfab

 ///  File Name:TPTI-10-15.txt
Description:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DIRAPIX module responsible for parsing the RIFF-based Director file format. When handling the mmap chunk, the process trusts the chunk size immediately following the fourCC value. It is passed to Ordinal1111 exported by the IML32X module which is responsible for allocating a heap buffer for processing the rest of the chunk. If an incorrect size is provided, later memory copies can corrupt data beyond the allocated buffer. This can be abused to execute remote code under the context of the user running the web browser.
Author:Aaron Portnoy,Logan Brown
Homepage:http://dvlabs.tippingpoint.com/
File Size:1516
Related CVE(s):CVE-2010-2870
Last Modified:Aug 26 02:28:09 2010
MD5 Checksum:33e5b0573ece83e983beb2adc72c6a91

 ///  File Name:gfi-inject.txt
Description:
The GFI WebMonitor administrative interface suffers from a remote script code injection vulnerability.
Author:Oliver Karow
Homepage:http://www.oliverkarow.de
File Size:2037
Last Modified:Aug 26 02:26:53 2010
MD5 Checksum:e852ee5571207a5c8ba662b8b597b2bf

 ///  File Name:USN-976-1.txt
Description:
Ubuntu Security Notice 976-1 - It was discovered that Tomcat incorrectly handled invalid Transfer-Encoding headers. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a denial of service, or possibly obtain sensitive information from other requests.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:6930
Related CVE(s):CVE-2010-2227
Last Modified:Aug 26 02:16:48 2010
MD5 Checksum:0b74366029786f67cded22e3a6d3a27b

 ///  File Name:ZDI-10-165.txt
Description:
Zero Day Initiative Advisory 10-165 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Internet Security Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the UfPBCtrl.dll ActiveX control. The extSetOwner function accepts a parameter and assumes it is an initialized pointer. By specifying an invalid address, an attacker can force the process to call into a controlled memory region. This can be exploited to execute remote code under the context of the user invoking the browser.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2935
Last Modified:Aug 26 02:14:43 2010
MD5 Checksum:79d435b7566cb78ed40a20bd51f2e7e9

 ///  File Name:TPTI-10-14.txt
Description:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing the Director RIFF based file format. While handling the rcsL chunk, code within DIRAPIX sign-extends a return value from a call to Ordinal1412 within the IML32X module. This ordinal is responsible for unmarshalling a WORD value from the RIFF chunk. If the value is signed, DIRAPIX sign-extends the value, performs arithmetic on it, and then proceeds to use it as an offset into a heap-based buffer. By supplying any of a specific range of values, an attacker can exploit this condition to execute arbitrary code under the context of the user running the web browser.
Author:Aaron Portnoy,Logan Brown
Homepage:http://dvlabs.tippingpoint.com/
File Size:1598
Related CVE(s):CVE-2010-2867
Last Modified:Aug 26 02:04:34 2010
MD5 Checksum:96d9afaf64e2fd149b9f8514366fefeb

 ///  File Name:ZDI-10-164.txt
Description:
Zero Day Initiative Advisory 10-164 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing .dir and .dcr files. The director file format is RIFF based. While parsing an undocumented record of type 0xFFFFFFF8 the process trusts two user supplied word values when performing arithmetic to calculate a heap buffer size. By specifying large enough values an integer wrap can occur. The allocated heap buffer can later be overflowed with user supplied data. This can be leveraged by attackers to execute remote code under the context of the user running the browser.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:3059
Related CVE(s):CVE-2010-2876
Last Modified:Aug 26 01:45:57 2010
MD5 Checksum:f88a2fce9ddae8378727aca40c2218d5

 ///  File Name:08.24.10-1.txt
Description:
iDefense Security Advisory 08.24.10 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Shockwave Player could allow an attacker to execute arbitrary code with the privileges of the current user.

The vulnerability takes place during the processing of a tSAC chunk within an Adobe Director file. A length value is read from the tSAC chunk and a signed comparison is made against the length value. If the length value is negative, a memory address is incorrectly calculated and a null byte is written to the memory address. This condition may lead to arbitrary code execution. Shockwave Player 11.5.7.609 and earlier versions for Windows and Macintosh are vulnerable.
Author:iDefense Labs
Homepage:http://www.idefense.com/
File Size:3647
Related CVE(s):CVE-2010-2875
Last Modified:Aug 26 01:44:09 2010
MD5 Checksum:673f32f198f653669b5abfe8d0c23244

 ///  File Name:secunia-kdeokular.txt
Description:
Secunia Research has discovered a vulnerability in KDE Okular, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error within the RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/unpluck/image.cpp. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDB file. Version 4.4.5 is affected.
Author:Stefan Cornelius
Homepage:http://secunia.com/
File Size:4195
Related CVE(s):CVE-2010-2575
Last Modified:Aug 26 01:41:38 2010
MD5 Checksum:4206064fb3450a30a10689d42f8e9717

 ///  File Name:ZDI-10-163.txt
Description:
Zero Day Initiative Advisory 10-163 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the undocumented tSAC RIFF chunk. By setting a specified field within this structure to NULL, the application fails to initialize an object pointer. This uninitialized pointer is later called which causes the application to jump into random heap memory. By crafting the applications memory state an attacker can utilize this issue to execute arbitrary code under the context of the user running the browser.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2694
Related CVE(s):CVE-2010-2874
Last Modified:Aug 26 01:38:41 2010
MD5 Checksum:6a2e35fb9820458f0e7d9468d4110d5d

 ///  File Name:TPTI-10-13.txt
Description:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director's RIFF-based file format. While parsing the tSAC chunk, the DIRAPI module does not properly verify the signedness of a count value within an undocumented structure. By providing a large enough negative value a pointer can be miscalculated leading to memory corruption. This can be exploited by a remote attacker to execute arbitrary code under the context of the user running the web browser.
Author:Aaron Portnoy,Logan Brown
Homepage:http://dvlabs.tippingpoint.com/
File Size:1461
Related CVE(s):CVE-2010-2866
Last Modified:Aug 26 01:26:25 2010
MD5 Checksum:736c5617203c5b53da252e5f37817519

 ///  File Name:ZDI-10-162.txt
Description:
Zero Day Initiative Advisory 10-162 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rcsL RIFF chunk within director files of extension DIR or DCR. While parsing this undocumented structure, the application blindly trusts an offset value and uses it while operating on heap memory. An attacker can abuse this to corrupt a function pointer which can lead to arbitrary code execution under the context of the user running the web browser.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2636
Related CVE(s):CVE-2010-2873
Last Modified:Aug 26 01:06:14 2010
MD5 Checksum:d3eccaba4dc4136b3e88d6daadb7a545

 ///  File Name:checkpointadobe-corrupt.tgz
Description:
Checkpoint has released advisories detailing memory corruption vulnerabilities in Adobe Shockwave Player.
Author:Rodrigo Rubira Branco
File Size:2659
Related CVE(s):CVE-2010-2868, CVE-2010-2882, CVE-2010-2869, CVE-2010-2864, CVE-2010-2881, CVE-2010-2880
Last Modified:Aug 26 00:44:40 2010
MD5 Checksum:a66391257c7b3d3211959dbfd31fa865

 ///  File Name:TPTI-10-12.txt
Description:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a faulty allocation routine within the TextXtra.x32 module. This allocator allocates a buffer on the heap based on arithmetic involving a number of elements and a size of an individual element. As the fields come from the file, if either of them are large enough, the value used for the number of bytes to allocate can be made to overflow. As the return value is rarely checked any caller of this function can usually be made to overflow the returned buffer with user-supplied data. An attacker can leverage this to execute remote code under the context of the user running the browser.
Author:Aaron Portnoy,Logan Brown,Team Montreal Hotties
Homepage:http://dvlabs.tippingpoint.com/
File Size:1618
Related CVE(s):CVE-2010-2879
Last Modified:Aug 26 00:35:30 2010
MD5 Checksum:1efcb63386c705f3ba2d992f8651326a

 ///  File Name:TPTI-10-11.txt
Description:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DIRAPIX.dll which is responsible for parsing the Director movies, a RIFF-based file format. The code sign-extends a value from the input file and uses it as an offset to seek into a heap buffer before performing a write operation. By crafting particular values for this field, an attacker can force the process to seek beyond the allocated bounds of the buffer. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.
Author:Aaron Portnoy,Logan Brown,Team lollersk8erz
Homepage:http://dvlabs.tippingpoint.com/
File Size:1516
Related CVE(s):CVE-2010-2874
Last Modified:Aug 26 00:18:24 2010
MD5 Checksum:ef9a3e7281ca06a5f1329b9f96d30dcb

 ///  File Name:TPTI-10-10.txt
Description:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DIRAPIX.dll which is responsible for parsing the Director movies, a RIFF-based file format. The code directly uses a value from the file while seeking into a heap buffer. The process then attempts to write a NULL byte to the seeked address. By specifying a large enough value for this field, an attacker can force the process to seek beyond the allocated bounds of the buffer. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.
Author:Aaron Portnoy,Logan Brown,Team lollersk8erz
Homepage:http://dvlabs.tippingpoint.com/
File Size:1528
Related CVE(s):CVE-2010-2878
Last Modified:Aug 26 00:10:27 2010
MD5 Checksum:31a319c3e399b39147ef752cad8810f4

 ///  File Name:TPTI-10-09.txt
Description:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IML32X.dll and DIRAPIX.dll which are responsible for parsing the Director movies, a RIFF-based file format. The code trusts a value from the file as a count and performs an endian-flipping loop on data in heap memory. If the value is large enough the process can be made to seek outside the bounds of the allocation and thus corrupt memory in a controlled fashion. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.
Author:Aaron Portnoy,Logan Brown,Team lollersk8erz
Homepage:http://dvlabs.tippingpoint.com/
File Size:1503
Related CVE(s):CVE-2010-2877
Last Modified:Aug 26 00:04:48 2010
MD5 Checksum:6ecda7d93cb6fbf864cbd79cfd4c01fe

 ///  File Name:ZDI-10-161.txt
Description:
Zero Day Initiative Advisory 10-161 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. This can be abused by an attacker to execute arbitrary code under the context of the user running the browser.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2947
Related CVE(s):CVE-2010-2872
Last Modified:Aug 26 00:03:34 2010
MD5 Checksum:194443576010e8257ffa5bf448c10608

 ///  File Name:ZDI-10-160.txt
Description:
Zero Day Initiative Advisory 10-160 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for 3D objects. While parsing the 0xFFFFFF45 RIFF record type, the process performs arithmetic on a size value and uses the result for a heap-based allocation. By specifying a large enough value an attacker can force the integer to wrap and thus the process will under-allocate the buffer. This memory is later copied into using a different size value which results in object corruption that can be leveraged to execute arbitrary code under the context of the user running the browser.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:3068
Related CVE(s):CVE-2010-2871
Last Modified:Aug 26 00:01:38 2010
MD5 Checksum:1d217b0773015dd064752af0789f5f48

 ///  File Name:dsa-2096-1.txt
Description:
Debian Linux Security Advisory 2096-1 - Jeremy James discovered that in zope-ldapuserfolder, a Zope extension used to authenticate against an LDAP server, the authentication code does not verify the password provided for the emergency user. Malicious users that manage to get the emergency user login can use this flaw to gain administrative access to the Zope instance, by providing an arbitrary password.
Author:Debian
Homepage:http://www.debian.org/security
File Size:3268
Related CVE(s):CVE-2010-2944
Last Modified:Aug 25 23:50:43 2010
MD5 Checksum:35901262381437c07f36ee31c08a21b0

 ///  File Name:MDVSA-2010-161.txt
Description:
Mandriva Linux Security Advisory 2010-161 - The vte_sequence_handler_window_manipulation function in vteseq.c in libvte in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:5010
Related CVE(s):CVE-2010-2713
Last Modified:Aug 25 23:50:19 2010
MD5 Checksum:1e127ca4467c74ac5ccb22f8cf2dbe98

 ///  File Name:MDVSA-2010-160.txt
Description:
Mandriva Linux Security Advisory 2010-160 - Multiple cross-site scripting vulnerabilities in Cacti before 0.8.7f, allow remote attackers to inject arbitrary web script or HTML via the description parameter to host.php, or the host_id parameter to data_sources.php. Cacti before 0.8.7f, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the FQDN field of a Device or the Vertical Label field of a Graph Template. Cross-site scripting vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. Cross-site scripting vulnerability in utilities.php in Cacti before 0.8.7g, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Multiple cross-site scripting vulnerabilities in Cacti before 0.8.7g, allow remote attackers to inject arbitrary web script or HTML via the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to data_input.php, gprint_presets.php, graphs.php, graph_templates_items.php, host_templates.php, lib/html_form.php, lib/html_tree.php, tree.php, and user_admin.php. This update provides cacti 0.8.7f, which is not vulnerable to these issues.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:4795
Related CVE(s):CVE-2010-1644, CVE-2010-1645, CVE-2010-2543, CVE-2010-2544, CVE-2010-2545
Last Modified:Aug 25 23:43:35 2010
MD5 Checksum:d92eff179795519c3a5e977da938e592

 ///  File Name:HPSBGN02569-SSRT100200.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified in HP MagCould iPad App. The vulnerability could be exploited remotely to gain unauthorized read and write access to MagCloud application data.
Homepage:http://www.hp.com/
File Size:5504
Related CVE(s):CVE-2010-2711
Last Modified:Aug 25 23:39:49 2010
MD5 Checksum:8ee7762324a362554ae89d9173b230e0

 ///  File Name:ZDI-10-159.txt
Description:
Zero Day Initiative Advisory 10-159 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed .wk3 document. The application will trust a length specified in the file in order to read a number of bytes into a statically allocated buffer. This leads to a buffer overflow and can lead to code execution under the context of the application.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:3113
Last Modified:Aug 23 21:05:30 2010
MD5 Checksum:f9a5eb0d6854fc03cdc0df0af60c759c

 ///  File Name:ZDI-10-158.txt
Description:
Zero Day Initiative Advisory 10-158 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed .wk3 document. The application will mistrust a length used to allocate a buffer. Later, the application will use a differently calculated length in a copy used to initialize that buffer. This leads to a buffer overflow and can lead to code execution under the context of the application.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:3161
Last Modified:Aug 23 21:05:06 2010
MD5 Checksum:0d21aefa7e56b2e4339e4b05cf076402

 ///  File Name:secunia-libgdiplus.txt
Description:
Secunia Research has discovered three integer overflow vulnerabilities in libgdiplus for Mono, which can be exploited by malicious people to compromise an application using the library. Version 2.6.7 is affected.
Author:Stefan Cornelius
Homepage:http://secunia.com/
File Size:4708
Related CVE(s):CVE-2010-1526
Last Modified:Aug 23 21:02:36 2010
MD5 Checksum:edd8180baf4f75f6b26ee4e642069834

 ///  File Name:ZDI-10-157.txt
Description:
Zero Day Initiative Advisory 10-157 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a Word document containing a malformed shape. The application will calculate a length incorrectly when using it to copy data into an allocated buffer. This can lead to code execution under the context of the application.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:3086
Last Modified:Aug 23 21:02:04 2010
MD5 Checksum:4c61134644896e50f50af6b60359d893

 ///  File Name:ZDI-10-156.txt
Description:
Zero Day Initiative Advisory 10-156 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed Word document. The application will copy an arbitrarily sized ASCII string representing the font name into a constant sized buffer located on the stack. If large enough this will lead to a buffer overflow and can lead to code execution under the context of the application.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:3142
Last Modified:Aug 23 21:01:48 2010
MD5 Checksum:909ed32dca49e40b0a055c251680e13f

 ///  File Name:Bkis-04-2010.txt
Description:
OpenBlog versions prior to 1.2.1 suffer from bypass authentication, cross site scripting and cross site request forgery.
Homepage:http://www.bkis.com/
File Size:2914
Last Modified:Aug 23 20:56:08 2010
MD5 Checksum:bc500af6765d93d13d3b620e8dc42929

 ///  File Name:TPTI-10-08.txt
Description:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Novell iPrint client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the ienipp.ocx ActiveX control with CLSID 36723f97-7aa0-11d4-8919-FF2D71D0D32C. The function exposes a GetDriverFile method. When this method is invoked for the first time a pointer in the .data section is mapped to an external function within another module. When invoked the second time, the process fails to load the library and assumes the pointer is still valid. When the uninitialized pointer is called the process jumps to an address space easily controlled by an attacker. This can be leveraged to execute remote code under the context of the user running the browser.
Author:Aaron Portnoy
Homepage:http://www.tippingpoint.com/
File Size:2014
Last Modified:Aug 23 20:53:54 2010
MD5 Checksum:67de327a8f798bba346bfa99edaa6d2f

 ///  File Name:MDVSA-2010-159.txt
Description:
Mandriva Linux Security Advisory 2010-159 - GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. This update provides gv 3.7.1, which is not vulnerable to this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:3716
Related CVE(s):CVE-2010-2056
Last Modified:Aug 23 20:53:23 2010
MD5 Checksum:fc44e2c1112db62901b8748c1f83c665

 ///  File Name:dsa-2095-1.txt
Description:
Debian Linux Security Advisory 2095-1 - Alasdair Kergon discovered that the cluster logical volume manager daemon (clvmd) in lvm2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service.
Author:Debian
Homepage:http://www.debian.org/security
File Size:8080
Related CVE(s):CVE-2010-2526
Last Modified:Aug 23 20:48:55 2010
MD5 Checksum:df971778832e7336a30c996e976bfda9

 ///  File Name:MDVSA-2010-158.txt
Description:
Mandriva Linux Security Advisory 2010-158 - functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. This update provides squirrelmail 1.4.21, which is not vulnerable to this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:24074
Related CVE(s):CVE-2010-2813
Last Modified:Aug 23 20:40:16 2010
MD5 Checksum:448ed7cf62098bf570f69c0304412867

 ///  File Name:e107-xssxsrf.txt
Description:
e107 version 0.7.22 suffers from cross site request forgery and cross site scripting vulnerabilities.
Author:Justin C. Klein Keane
File Size:2835
Last Modified:Aug 23 20:35:10 2010
MD5 Checksum:9e57b50fa8474bcf2bc7ab43cde466b5

 ///  File Name:ZDI-10-155.txt
Description:
Zero Day Initiative Advisory 10-155 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of strings defined within the ARF file format. Strings are typically prefixed by their valid length. By supplying a string much longer than the defined length a heap overflow will occur which can be further leveraged to execute arbitrary code under the context of the current user.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2933
Last Modified:Aug 23 20:17:30 2010
MD5 Checksum:d48ce6b153fd277b1b1fbe6d01531827

 ///  File Name:MDVSA-2010-157.txt
Description:
Mandriva Linux Security Advisory 2010-157 - The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. The updated packages have been patched to correct these issues.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:5072
Related CVE(s):CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-3053
Last Modified:Aug 23 19:58:42 2010
MD5 Checksum:babef798c9a7ac143dd0af5ad896d414

 ///  File Name:MDVSA-2010-156.txt
Description:
Mandriva Linux Security Advisory 2010-156 - The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:8166
Related CVE(s):CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-3053, CVE-2010-3054
Last Modified:Aug 23 19:57:57 2010
MD5 Checksum:92c6cdf08fefda2ef8ee18bdf8ef06f5

 ///  File Name:MDVSA-2010-155.txt
Description:
Mandriva Linux Security Advisory 2010-155 - Multiple vulnerabilities has been found and corrected in mysql. MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service. Additionally many security issues noted in the 5.1.49 release notes have been addressed with this advisory as well.The updated packages have been patched to correct these issues.
Author:Mandriva
File Size:9797
Last Modified:Aug 20 21:16:23 2010
MD5 Checksum:fb6cb194d0f2791335b0dca2bade24de

 ///  File Name:secunia-novelliprint.txt
Description:
Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the handling of the "call-back-url" parameter value for a "op-client-interface-version" operation where the "result-type" parameter is set to "url". This can be exploited to cause a stack-based buffer overflow via an overly long "call-back-url" parameter value. Successful exploitation allows execution of arbitrary code when a user visits a malicious website. Version 5.42 is affected.
Author:Carsten Eiram
Homepage:http://secunia.com/
File Size:4581
Related CVE(s):CVE-2010-1527
Last Modified:Aug 20 21:13:32 2010
MD5 Checksum:0a7067086c1057afdfa89dec5e8739d3

 ///  File Name:dsa-2094-1.txt
Description:
Debian Linux Security Advisory 2094-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
Author:Debian
Homepage:http://www.debian.org/security
File Size:35165
Related CVE(s):CVE-2009-4895, CVE-2010-2226, CVE-2010-2240, CVE-2010-2248, CVE-2010-2521, CVE-2010-2798, CVE-2010-2803, CVE-2010-2959, CVE-2010-3015
Last Modified:Aug 20 20:47:15 2010
MD5 Checksum:5193cd6c08da4c23384565ae1037c40f

 ///  File Name:USN-974-1.txt
Description:
Ubuntu Security Notice 974-1 - Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memory manager did not properly handle when applications grow stacks into adjacent memory regions. A local attacker could exploit this to gain control of certain applications, potentially leading to privilege escalation, as demonstrated in attacks against the X server. Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. A local attacker could exploit this to read previously freed kernel memory, leading to a loss of privacy. Ben Hawkes discovered an integer overflow in the Controller Area Network (CAN) subsystem when setting up frame content and filtering certain messages. An attacker could send specially crafted CAN traffic to crash the system or gain root privileges.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:186960
Related CVE(s):CVE-2010-2240, CVE-2010-2803, CVE-2010-2959
Last Modified:Aug 19 20:59:05 2010
MD5 Checksum:9a178270b8a45436233a9d99b085bc7d

 ///  File Name:TA10-231A.txt
Description:
Technical Cyber Security Alert 2010-231A - Adobe has released Security Bulletin APSB10-17, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
Author:US-CERT
Homepage:http://www.us-cert.gov/
File Size:5118
Last Modified:Aug 19 20:51:40 2010
MD5 Checksum:253b466afa9959f0caf7a96832bca273

 ///  File Name:dsa-2093-1.txt
Description:
Debian Linux Security Advisory 2093-1 - Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter.
Author:Debian
Homepage:http://www.debian.org/security
File Size:12231
Related CVE(s):CVE-2009-4897, CVE-2010-1628
Last Modified:Aug 19 20:46:07 2010
MD5 Checksum:65bad16d92e2b7f32376852e89c356f1

 ///  File Name:ASPR-2010-08-18-1-PUB.txt
Description:
ACROS Security Problem Report #2010-08-18-1 - A "binary planting" vulnerability in Apple iTunes for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
Author:ACROS Security,Mitja Kolsek
Homepage:http://www.acrossecurity.com/
File Size:5766
Last Modified:Aug 18 20:05:25 2010
MD5 Checksum:beaf2efd4b1f9c820129b1239660c781

 ///  File Name:dsa-1919-2.txt
Description:
Debian Linux Security Advisory 1919-2 - A regression was found in the patch applied in DSA 1919-1 to smarty, which caused compilation failures on some specific templates. This update corrects the fix.
Author:Debian
Homepage:http://www.debian.org/security
File Size:3661
Related CVE(s):CVE-2008-4810, CVE-2009-1669
Last Modified:Aug 18 19:34:25 2010
MD5 Checksum:d4bdeaf0de00fc9010c1bfa121d89d9b

 ///  File Name:dsa-2092-1.txt
Description:
Debian Linux Security Advisory 2092-1 - Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a web frontend, not enough sanitation of user input is performed; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks.
Author:Debian
Homepage:http://www.debian.org/security
File Size:3190
Related CVE(s):CVE-2010-1625, CVE-2010-1738, CVE-2010-1448, CVE-2009-4497
Last Modified:Aug 17 19:19:15 2010
MD5 Checksum:5c7ffaa09167e2762ee7162974c026e9

 ///  File Name:CVE-2010-2234.txt
Description:
Apache CouchDB versions prior to version 0.11.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious website can POST arbitrary JavaScript code to well known CouchDB installation URLs (like http://localhost:5984/) and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon.
Author:Jan Lehnardt
Homepage:http://couchdb.apache.org/
File Size:1142
Last Modified:Aug 17 19:12:30 2010
MD5 Checksum:65d8869788216e6c830f5184962e2e09

 ///  File Name:USN-973-1.txt
Description:
Ubuntu Security Notice 973-1 - Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the Xpdf used in KOffice contained multiple security issues in its JBIG2 decoder. It was discovered that the Xpdf used in KOffice contained multiple security issues when parsing malformed PDF documents.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:15677
Related CVE(s):CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609
Last Modified:Aug 17 18:47:11 2010
MD5 Checksum:53a5e37eb800557c3b2c154e9a831713

 ///  File Name:USN-972-1.txt
Description:
Ubuntu Security Notice 972-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:19610
Related CVE(s):CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808
Last Modified:Aug 17 18:38:46 2010
MD5 Checksum:d0ff33eeeb8bed90c3310a32cc55e8ba

 ///  File Name:USN-971-1.txt
Description:
Ubuntu Security Notice 971-1 - It was discovered that the IcedTea plugin did not correctly check certain accesses. If a user or automated system were tricked into running a specially crafted Java applet, a remote attacker could read arbitrary files with user privileges, leading to a loss of privacy.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:22234
Related CVE(s):CVE-2010-2548, CVE-2010-2783, CVE-2010-2783
Last Modified:Aug 17 00:05:25 2010
MD5 Checksum:8071a2e5afa6749ae0ac9dfef979f1b2

 ///  File Name:coda-disclose.txt
Description:
Virtual Security Research, LLC. Security Advisory - VSR identified a vulnerability in the Coda filesystem kernel module, as implemented for FreeBSD and NetBSD. By sending a specially crafted ioctl request to a mounted Coda filesystem, an unprivileged local user could read large portions of kernel heap memory, leading to the disclosure of potentially sensitive information.
Author:Dan Rosenberg
Homepage:http://www.vsecurity.com/
File Size:5919
Related CVE(s):CVE-2010-3014
Last Modified:Aug 17 00:02:49 2010
MD5 Checksum:041bc9d810c2772873778475c8af4e61

 ///  File Name:MDVSA-2010-154.txt
Description:
Mandriva Linux Security Advisory 2010-154 - The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service via a malformed MSZIP archive in a.cab file during a test or extract action, related to the libmspack library. Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Quantum archive in a.cab file, related to the libmspack library.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:5588
Related CVE(s):CVE-2010-2800, CVE-2010-2801
Last Modified:Aug 16 23:53:05 2010
MD5 Checksum:90e9845e4253cd69d130d1cf18b065dd

 ///  File Name:MDVSA-2010-153.txt
Description:
Mandriva Linux Security Advisory 2010-153 - The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service via a request that lacks a path. mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:12070
Related CVE(s):CVE-2010-1452, CVE-2010-2791
Last Modified:Aug 16 23:39:33 2010
MD5 Checksum:212308e468d40ad73c1e17b0a36f2806

 ///  File Name:MDVSA-2010-152.txt
Description:
Mandriva Linux Security Advisory 2010-152 - The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service via a request that lacks a path.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:25630
Related CVE(s):CVE-2010-1452
Last Modified:Aug 16 23:39:01 2010
MD5 Checksum:ca08edeae0f32faaefe11df01c556aee