Section: .. / Last 20 Advisory Files /
| /// File Name: | TA10-068A.txt | Description:
| Technical Cyber Security Alert 2010-68A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. | | Author: | US-CERT | | Homepage: | http://www.us-cert.gov/ | | File Size: | 3802 | | Last Modified: | Mar 9 18:18:07 2010 | | MD5 Checksum: | 52a06df4c61def449f7f9c9f8bcad8b7 |
|
| /// File Name: | CORE-2009-1103.txt | Description:
| Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file. | | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7741 | | Related CVE(s): | CVE-2010-0264 | | Last Modified: | Mar 9 18:13:44 2010 | | MD5 Checksum: | 3b4084cc3bd02ec3abcf8034a1cd52e2 |
|
| /// File Name: | CORE-2009-0813.txt | Description:
| Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution. | | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 12942 | | Related CVE(s): | CVE-2010-0265 | | Last Modified: | Mar 9 18:11:06 2010 | | MD5 Checksum: | c616fcba3c0a93ba3996a3ca8d8818b9 |
|
| /// File Name: | MDVSA-2010-058.txt | Description:
| Mandriva Linux Security Advisory 2010-058 - Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 62736 | | Last Modified: | Mar 9 18:06:23 2010 | | MD5 Checksum: | 07bda32325dbbfc3f66329dadbc38dc9 |
|
| /// File Name: | ZDI-10-026.txt | Description:
| Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3057 | | Related CVE(s): | CVE-2010-0447 | | Last Modified: | Mar 9 18:02:35 2010 | | MD5 Checksum: | 7e8b4a4e56efc310c9d29affb2ee9a3f |
|
| /// File Name: | HPSBMA02489-SSRT090065.txt | Description:
| HP Security Bulletin - A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands. | | Homepage: | http://www.hp.com/ | | File Size: | 6868 | | Related CVE(s): | CVE-2010-0447 | | Last Modified: | Mar 9 17:50:54 2010 | | MD5 Checksum: | d32dd84a89acc0ff85800e4c96e86450 |
|
| /// File Name: | ZDI-10-025.txt | Description:
| Zero Day Initiative Advisory 10-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XLSX file is a ZIP archive of the associated content making up the new Open XML Document. Due to the lack of validation on the ZIP header when decompressing certain XML elements it is possible to execute uninitialized memory. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user. | | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2575 | | Related CVE(s): | CVE-2010-0263 | | Last Modified: | Mar 9 16:44:29 2010 | | MD5 Checksum: | 345ea63cd930dcb5de4c5273d9c5df54 |
|
| /// File Name: | dsa-2008-1.txt | Description:
| Debian Linux Security Advisory 2008-1 - Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. | | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 3554 | | Last Modified: | Mar 8 21:08:11 2010 | | MD5 Checksum: | c46bf7d8dec6a12a4086dae8214e55c0 |
|
| /// File Name: | USN-907-1.txt | Description:
| Ubuntu Security Notice 907-1 - It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10. | | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 6239 | | Related CVE(s): | CVE-2010-0285, CVE-2010-0422 | | Last Modified: | Mar 8 17:08:49 2010 | | MD5 Checksum: | 0779341d5cb6e3ff11a2489dcba18547 |
|
| /// File Name: | MDVSA-2010-057.txt | Description:
| Mandriva Linux Security Advisory 2010-057 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 29843 | | Related CVE(s): | CVE-2010-0434 | | Last Modified: | Mar 8 16:23:47 2010 | | MD5 Checksum: | c235dd13d9ace6a2ca8327b6437ee2a6 |
|
| /// File Name: | SOS-10-002.txt | Description:
| By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache 2.2.14 mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Successful exploitation results in the execution of arbitrary code with SYSTEM privileges. | | Author: | Brett Gervasoni | | Homepage: | http://www.senseofsecurity.com/ | | Related Exploit: | pwn-isapi.cpp.txt | | File Size: | 2870 | | Related CVE(s): | CVE-2010-0425 | | Last Modified: | Mar 6 11:09:03 2010 | | MD5 Checksum: | b7b7f8d25e9287a5b3e772f09fb7d8eb |
|
| /// File Name: | ncpfs-race.txt | Description:
| The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs package, contain race conditions, information disclosures, and denial of service vulnerabilities. | | Author: | Dan Rosenberg | | File Size: | 2394 | | Related CVE(s): | CVE-2010-0788, CVE-2010-0790, CVE-2010-0791 | | Last Modified: | Mar 6 10:45:27 2010 | | MD5 Checksum: | c4f3190c00d9db2fd6a2e8908227013d |
|
| /// File Name: | junipersa-xss.txt | Description:
| Juniper Secure Access suffers from a cross site scripting vulnerability. SA Appliances running Juniper IVE OS 6.0 or higher are affected. | | Author: | Logica | | File Size: | 4333 | | Last Modified: | Mar 6 10:42:52 2010 | | MD5 Checksum: | 9b36886cd72016decdf7d91f17eadadc |
|
| /// File Name: | MDVSA-2010-055.txt | Description:
| Mandriva Linux Security Advisory 2010-055 - Denial of service, buffer overflows, integer overflows and other issues have been addressed in Poppler. | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8885 | | Related CVE(s): | CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009, CVE-2009-1188, CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609, CVE-2009-3938 | | Last Modified: | Mar 6 10:35:47 2010 | | MD5 Checksum: | 2455a21c0c713d92832579ab90a1b22b |
|
| /// File Name: | 03.04.10-1.txt | Description:
| iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition. | | Author: | Joshua J. Drake ,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 4991 | | Related CVE(s): | CVE-2009-3032 | | Last Modified: | Mar 5 16:18:30 2010 | | MD5 Checksum: | 02061082038dac3eab8518904cc3a6a6 |
|
| /// File Name: | bsplayerml-overflow.txt | Description:
| BS.Player version 2.51 build 1022 (Media Library) suffers from a remote buffer overflow vulnerability. | | Author: | LiquidWorm | | File Size: | 2569 | | Last Modified: | Mar 5 16:11:55 2010 | | MD5 Checksum: | db8e6e9a787fd586eb5a106e6dbfb0f8 |
|
| /// File Name: | vlcmediaplayer-overflow.txt | Description:
| VLC Media Player version 1.0.5 Goldeneye suffers from a remote buffer overflow vulnerability. | | Author: | LiquidWorm | | File Size: | 2006 | | Last Modified: | Mar 5 16:08:09 2010 | | MD5 Checksum: | a86824aea954354508bf9ecfd6099526 |
|
| /// File Name: | jriver-overflow.txt | Description:
| J. River Media Jukebox 12 suffers from a MP3 file handling remote heap overflow vulnerability. | | Author: | LiquidWorm | | File Size: | 2533 | | Last Modified: | Mar 5 16:05:58 2010 | | MD5 Checksum: | 4ef3d7f8666627eda39eb3258ecd945a |
|
| /// File Name: | NSOADV-2010-006.txt | Description:
| Remote exploitation of a buffer overflow vulnerability in Authentium Command On Demand Online scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user. | | Author: | Nikolas Sotiriu | | Related Exploit: | NSOPOC-2010-006.zip | | File Size: | 5578 | | Last Modified: | Mar 5 14:58:44 2010 | | MD5 Checksum: | 3ce799d522b4cfb1294d7eca4e2dfb2a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
