.:[ packet storm ]:.
                         
education is not a crime
education is not a crime

 Section:  .. / Last 50 Advisory Files /

 ///  File Name:MDVSA-2010-060.txt
Description:
Mandriva Linux Security Advisory 2010-060 - The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:5924
Related CVE(s):CVE-2010-0639
Last Modified:Mar 10 21:34:20 2010
MD5 Checksum:414b8437f31d74850426f8a525a3e1e8

 ///  File Name:USN-908-1.txt
Description:
Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:38935
Related CVE(s):CVE-2010-0408, CVE-2010-0434
Last Modified:Mar 10 21:26:31 2010
MD5 Checksum:c325fa7847fc469032e3592c119cde4f

 ///  File Name:MDVSA-2010-059.txt
Description:
Mandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:18565
Related CVE(s):CVE-2009-3940
Last Modified:Mar 10 21:26:09 2010
MD5 Checksum:48a4c84f6d63d9b13bd485a788bc892d

 ///  File Name:dsa-2010-1.txt
Description:
Debian Linux Security Advisory 2010-1 - Several local vulnerabilities have been discovered in kvm, a full virtualization system.
Author:Debian
Homepage:http://www.debian.org/security
File Size:4055
Related CVE(s):CVE-2010-0298, CVE-2010-0306, CVE-2010-0309, CVE-2010-0419
Last Modified:Mar 10 21:25:16 2010
MD5 Checksum:9788cbb573058e0b20c9bfce74f717e5

 ///  File Name:secunia-xnviewdicom.txt
Description:
Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected.
Author:Stefan Cornelius
Homepage:http://secunia.com/
File Size:4126
Related CVE(s):CVE-2009-4001
Last Modified:Mar 10 21:23:39 2010
MD5 Checksum:06aae772fe010c07ca5d04fd20ac13e2

 ///  File Name:excel-codeexec.txt
Description:
VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The flaw is caused by a memory corruption error when processing malformed "EntExU2" records in an Excel document, which could be exploited by attackers to execute arbitrary code.
Author:Nicolas JOLY
Homepage:http://www.vupen.com/
File Size:2681
Related CVE(s):CVE-2010-0257
Last Modified:Mar 10 21:21:05 2010
MD5 Checksum:f66a1be4abfb1a54cae69d7791394e13

 ///  File Name:secunia-etsdisclose.txt
Description:
Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the "mysqldump" utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected.
Homepage:http://secunia.com/
File Size:4385
Related CVE(s):CVE-2010-0124
Last Modified:Mar 10 10:57:24 2010
MD5 Checksum:5c55f50ca9c91dbe8978a3bb60746a6c

 ///  File Name:secunia-etssql.txt
Description:
Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "username" and "password" parameters in auth.php and login_action.php is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 0.99 is affected.
Homepage:http://secunia.com/
File Size:4407
Related CVE(s):CVE-2010-0122
Last Modified:Mar 10 10:55:45 2010
MD5 Checksum:97deca06ff6efb5d59e274ff9355eacb

 ///  File Name:tarcpio-overflow.txt
Description:
GNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected.
Author:Jakob Lell
File Size:5110
Related CVE(s):CVE-2010-0624
Last Modified:Mar 10 10:48:29 2010
MD5 Checksum:f12725e9c18845e64dcff526a6f7d29f

 ///  File Name:secunia-etsb.txt
Description:
Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious people to disclose sensitive information. The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. Version 0.99 is affected.
Homepage:http://secunia.com/
File Size:4397
Related CVE(s):CVE-2010-0123
Last Modified:Mar 10 10:44:55 2010
MD5 Checksum:691c19edbe543e11cd7b2a8326ea3cd9

 ///  File Name:03.09.10-4.txt
Description:
iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXTUPLE record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXTUPLE record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
Author:Sean Larsson,iDefense Labs
Homepage:http://www.idefense.com/
File Size:3817
Related CVE(s):CVE-2010-0260
Last Modified:Mar 10 10:20:50 2010
MD5 Checksum:361cae51b434d20705f58c6f7cde7793

 ///  File Name:03.09.10-3.txt
Description:
iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXSET record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXSET record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
Author:Sean Larsson,iDefense Labs
Homepage:http://www.idefense.com/
File Size:3813
Related CVE(s):CVE-2010-0261
Last Modified:Mar 10 10:19:19 2010
MD5 Checksum:fcd3d4df59f6a8656e954ecae6950e45

 ///  File Name:03.09.10-2.txt
Description:
iDefense Security Advisory 03.09.10 - Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs due to Excel using a local function variable without properly initializing it. This error occurs when parsing several related records inside of an Excel worksheet. When Excel parses certain records in a particular order, a stack variable may not be initialized properly. If an attacker can control the area of memory used for this variable, then it is possible to execute arbitrary code on the targeted host. iDefense has confirmed the existence of this vulnerability in Excel versions 2003 SP3, 2007 SP0, SP1, and SP3 . Previous versions do not appear to be affected. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
Author:Sean Larsson,iDefense Labs
Homepage:http://www.idefense.com/
File Size:3939
Related CVE(s):CVE-2010-0262
Last Modified:Mar 10 10:17:18 2010
MD5 Checksum:4c6d869c98aaa46c8b7d0dec92b565e3

 ///  File Name:03.09.10-1.txt
Description:
iDefense Security Advisory 03.09.10 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is a type confusion vulnerability that occurs when parsing several related Excel record types. In this case, the type confusion is due to multiple records containing fields that identify the type of an object shared between them. By controlling memory outside of the bounds of the allocated heap chunk, an attacker can control a C++ object pointer used in a virtual function call. This can result in an area of memory being treated as a different type of object than it actually is, resulting in access outside of the bounds of the allocated object. iDefense has confirmed the existence of this vulnerability in all currently supported versions of Excel (2007 SP1/SP2, 2003 SP3, XP SP3), and also the currently unsupported Excel 2000 SP3. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
Author:Sean Larsson,iDefense Labs
Homepage:http://www.idefense.com/
File Size:4148
Related CVE(s):CVE-2010-0258
Last Modified:Mar 10 10:09:49 2010
MD5 Checksum:bc5319861ff9ff807a6e7bfce8180ecb

 ///  File Name:dsa-2009-1.txt
Description:
Debian Linux Security Advisory 2009-1 - It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitizing in the TrackBack transmission plugin.
Author:Debian
Homepage:http://www.debian.org/security
File Size:3903
Related CVE(s):CVE-2010-0726
Last Modified:Mar 10 10:04:15 2010
MD5 Checksum:17479d9fa7fc431d68a341d436fda6a2

 ///  File Name:TA10-068A.txt
Description:
Technical Cyber Security Alert 2010-68A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.
Author:US-CERT
Homepage:http://www.us-cert.gov/
File Size:3802
Last Modified:Mar 9 18:18:07 2010
MD5 Checksum:52a06df4c61def449f7f9c9f8bcad8b7

 ///  File Name:CORE-2009-1103.txt
Description:
Core Security Technologies Advisory - A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file.
Author:Core Security Technologies,Damian Frizza
Homepage:http://www.coresecurity.com/corelabs/
File Size:7741
Related CVE(s):CVE-2010-0264
Last Modified:Mar 9 18:13:44 2010
MD5 Checksum:3b4084cc3bd02ec3abcf8034a1cd52e2

 ///  File Name:CORE-2009-0813.txt
Description:
Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution.
Author:Core Security Technologies,Damian Frizza
Homepage:http://www.coresecurity.com/corelabs/
File Size:12942
Related CVE(s):CVE-2010-0265
Last Modified:Mar 9 18:11:06 2010
MD5 Checksum:c616fcba3c0a93ba3996a3ca8d8818b9

 ///  File Name:MDVSA-2010-058.txt
Description:
Mandriva Linux Security Advisory 2010-058 - Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:62736
Last Modified:Mar 9 18:06:23 2010
MD5 Checksum:07bda32325dbbfc3f66329dadbc38dc9

 ///  File Name:ZDI-10-026.txt
Description:
Zero Day Initiative Advisory 10-026 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:3057
Related CVE(s):CVE-2010-0447
Last Modified:Mar 9 18:02:35 2010
MD5 Checksum:7e8b4a4e56efc310c9d29affb2ee9a3f

 ///  File Name:HPSBMA02489-SSRT090065.txt
Description:
HP Security Bulletin - A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands.
Homepage:http://www.hp.com/
File Size:6868
Related CVE(s):CVE-2010-0447
Last Modified:Mar 9 17:50:54 2010
MD5 Checksum:d32dd84a89acc0ff85800e4c96e86450

 ///  File Name:ZDI-10-025.txt
Description:
Zero Day Initiative Advisory 10-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XLSX file is a ZIP archive of the associated content making up the new Open XML Document. Due to the lack of validation on the ZIP header when decompressing certain XML elements it is possible to execute uninitialized memory. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2575
Related CVE(s):CVE-2010-0263
Last Modified:Mar 9 16:44:29 2010
MD5 Checksum:345ea63cd930dcb5de4c5273d9c5df54

 ///  File Name:dsa-2008-1.txt
Description:
Debian Linux Security Advisory 2008-1 - Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked.
Author:Debian
Homepage:http://www.debian.org/security
File Size:3554
Last Modified:Mar 8 21:08:11 2010
MD5 Checksum:c46bf7d8dec6a12a4086dae8214e55c0

 ///  File Name:USN-907-1.txt
Description:
Ubuntu Security Notice 907-1 - It was discovered that gnome-screensaver did not correctly lock all screens when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. It was discovered that gnome-screensaver did not correctly handle keyboard grab when monitors get hotplugged. An attacker with physical access could use this flaw to gain access to a locked session. This issue only affected Ubuntu 9.10.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:6239
Related CVE(s):CVE-2010-0285, CVE-2010-0422
Last Modified:Mar 8 17:08:49 2010
MD5 Checksum:0779341d5cb6e3ff11a2489dcba18547

 ///  File Name:MDVSA-2010-057.txt
Description:
Mandriva Linux Security Advisory 2010-057 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:29843
Related CVE(s):CVE-2010-0434
Last Modified:Mar 8 16:23:47 2010
MD5 Checksum:c235dd13d9ace6a2ca8327b6437ee2a6

 ///  File Name:SOS-10-002.txt
Description:
By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache 2.2.14 mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.
Author:Brett Gervasoni
Homepage:http://www.senseofsecurity.com/
Related Exploit:pwn-isapi.cpp.txt
File Size:2870
Related CVE(s):CVE-2010-0425
Last Modified:Mar 6 11:09:03 2010
MD5 Checksum:b7b7f8d25e9287a5b3e772f09fb7d8eb

 ///  File Name:MDVSA-2010-056.txt
Description:
Mandriva Linux Security Advisory 2010-056 - This update provides the OpenOffice.org 3.0 major version and holds multiple security updates relating to integer and heap buffer overflows.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:33672
Related CVE(s):CVE-2009-0200, CVE-2009-0201, CVE-2009-2140, CVE-2009-3736
Last Modified:Mar 6 10:51:15 2010
MD5 Checksum:9563a13d89363c67fc3cf254ed129006

 ///  File Name:ncpfs-race.txt
Description:
The ncpmount, ncpumount, and ncplogin utilities, installed as part of the ncpfs package, contain race conditions, information disclosures, and denial of service vulnerabilities.
Author:Dan Rosenberg
File Size:2394
Related CVE(s):CVE-2010-0788, CVE-2010-0790, CVE-2010-0791
Last Modified:Mar 6 10:45:27 2010
MD5 Checksum:c4f3190c00d9db2fd6a2e8908227013d

 ///  File Name:junipersa-xss.txt
Description:
Juniper Secure Access suffers from a cross site scripting vulnerability. SA Appliances running Juniper IVE OS 6.0 or higher are affected.
Author:Logica
File Size:4333
Last Modified:Mar 6 10:42:52 2010
MD5 Checksum:9b36886cd72016decdf7d91f17eadadc

 ///  File Name:MDVSA-2010-055.txt
Description:
Mandriva Linux Security Advisory 2010-055 - Denial of service, buffer overflows, integer overflows and other issues have been addressed in Poppler.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:8885
Related CVE(s):CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009, CVE-2009-1188, CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609, CVE-2009-3938
Last Modified:Mar 6 10:35:47 2010
MD5 Checksum:2455a21c0c713d92832579ab90a1b22b

 ///  File Name:03.04.10-1.txt
Description:
iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.
Author:Joshua J. Drake ,iDefense Labs
Homepage:http://www.idefense.com/
File Size:4991
Related CVE(s):CVE-2009-3032
Last Modified:Mar 5 16:18:30 2010
MD5 Checksum:02061082038dac3eab8518904cc3a6a6

 ///  File Name:bsplayerml-overflow.txt
Description:
BS.Player version 2.51 build 1022 (Media Library) suffers from a remote buffer overflow vulnerability.
Author:LiquidWorm
File Size:2569
Last Modified:Mar 5 16:11:55 2010
MD5 Checksum:db8e6e9a787fd586eb5a106e6dbfb0f8

 ///  File Name:vlcmediaplayer-overflow.txt
Description:
VLC Media Player version 1.0.5 Goldeneye suffers from a remote buffer overflow vulnerability.
Author:LiquidWorm
File Size:2006
Last Modified:Mar 5 16:08:09 2010
MD5 Checksum:a86824aea954354508bf9ecfd6099526

 ///  File Name:jriver-overflow.txt
Description:
J. River Media Jukebox 12 suffers from a MP3 file handling remote heap overflow vulnerability.
Author:LiquidWorm
File Size:2533
Last Modified:Mar 5 16:05:58 2010
MD5 Checksum:4ef3d7f8666627eda39eb3258ecd945a

 ///  File Name:NSOADV-2010-006.txt
Description:
Remote exploitation of a buffer overflow vulnerability in Authentium Command On Demand Online scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user.
Author:Nikolas Sotiriu
Related Exploit:NSOPOC-2010-006.zip
File Size:5578
Last Modified:Mar 5 14:58:44 2010
MD5 Checksum:3ce799d522b4cfb1294d7eca4e2dfb2a

 ///  File Name:fcrontab-race.txt
Description:
fcrontab, part of the fcron scheduler, is vulnerable to several race conditions that allow a local attacker to use symbolic links to read unauthorized files.  Versions before 3.0.5 are affected.
Author:Dan Rosenberg
File Size:1154
Related CVE(s):CVE-2010-0792
Last Modified:Mar 5 14:35:20 2010
MD5 Checksum:ee1afe06e1fc4171975ed438e0aabf5e

 ///  File Name:CA20100304-01.txt
Description:
CA's support is alerting customers to a security risk with CA SiteMinder. Multiple cross site scripting (XSS) vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.
Author:Ken Williams
Homepage:http://www3.ca.com/
File Size:3176
Related CVE(s):CVE-2009-3731
Last Modified:Mar 4 23:06:25 2010
MD5 Checksum:c5e4abac93849cb90447a5c73fd5b883

 ///  File Name:MDVSA-2010-054.txt
Description:
Mandriva Linux Security Advisory 2010-054 - Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:3214
Related CVE(s):CVE-2009-1384
Last Modified:Mar 4 23:03:37 2010
MD5 Checksum:ef415f90257e771135bf236a39a74697

 ///  File Name:VMSA-2010-0004.txt
Description:
VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued.
Homepage:http://www.vmware.com/
File Size:20620
Related CVE(s):CVE-2009-2905, CVE-2008-4552, CVE-2008-4316, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-0590, CVE-2009-4022, CVE-2009-3560, CVE-2009-3720, CVE-2009-2904, CVE-2009-3563, CVE-2009-2695, CVE-2009-2849, CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613, CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726, CVE-2008-3916, CVE-2009-1189, CVE-2009-0115
Last Modified:Mar 4 22:32:24 2010
MD5 Checksum:e7771d8406b79f65ee870397e15c5e8a

 ///  File Name:dsa-2007-1.txt
Description:
Debian Linux Security Advisory 2007-1 - Ronald Volgers discovered that the lppasswd component of the cups suite, the Common UNIX Printing System, is vulnerable to format string attacks due to insecure use of the LOCALEDIR environment variable. An attacker can abuse this behaviour to execute arbitrary code via crafted localization files and triggering calls to _cupsLangprintf(). This works as the lppasswd binary happens to be installed with setuid 0 permissions.
Author:Debian
Homepage:http://www.debian.org/security
File Size:18385
Related CVE(s):CVE-2010-0393
Last Modified:Mar 4 22:31:50 2010
MD5 Checksum:e2eadef2b930afc5b158fdb9f0cd4593

 ///  File Name:ZSL-2010-4929.txt
Description:
Deimos Kasa versions 2.58 and below suffer from a local integer overflow vulnerability.
Author:LiquidWorm
File Size:1225
Last Modified:Mar 3 17:10:26 2010
MD5 Checksum:aff495543ea775a39ac10c39b4da1e1d

 ///  File Name:cisco-sa-20100303-dmp.txt
Description:
Cisco Security Advisory - A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display.
Author:Cisco Systems
Homepage:http://www.cisco.com/
File Size:10311
Related CVE(s):CVE-2010-0573
Last Modified:Mar 3 16:59:38 2010
MD5 Checksum:761596ce9c824b2c8dc4fcdfed2a5380

 ///  File Name:cisco-sa-20100303-dmm.txt
Description:
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco Digital Media Manager (DMM). These issues relate to default credentials, privilege escalation, and information leakage.
Author:Cisco Systems
Homepage:http://www.cisco.com/
File Size:13712
Related CVE(s):CVE-2010-0570, CVE-2010-0571, CVE-2010-0572
Last Modified:Mar 3 16:55:39 2010
MD5 Checksum:84c0143efc25d93477edce55189bcee9

 ///  File Name:cisco-sa-20100303-cucm.txt
Description:
Cisco Security Advisory - Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.
Author:Cisco Systems
Homepage:http://www.cisco.com/
File Size:18602
Related CVE(s):CVE-2010-0587, CVE-2010-0588, CVE-2010-0590, CVE-2010-0591, CVE-2010-0592
Last Modified:Mar 3 16:18:25 2010
MD5 Checksum:8f79a3ba09942f130027f105ff436d73

 ///  File Name:USN-906-1.txt
Description:
Ubuntu Security Notice 906-1 - It was discovered that the CUPS scheduler did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. Ronald Volgers discovered that the CUPS lppasswd tool could be made to load localized message strings from arbitrary files by setting an environment variable. A local attacker could exploit this with a format-string vulnerability leading to a root privilege escalation. The default compiler options for Ubuntu 8.10, 9.04 and 9.10 should reduce this vulnerability to a denial of service.
Author:Ubuntu
Homepage:http://security.ubuntu.com/
File Size:43536
Related CVE(s):CVE-2009-3553, CVE-2010-0302, CVE-2010-0393
Last Modified:Mar 3 16:12:43 2010
MD5 Checksum:2a2daef48fbe21b5cab2ae0d59be49a5

 ///  File Name:glsa-201003-01.txt
Description:
Gentoo Linux Security Advisory 201003-1 - Two vulnerabilities in sudo might allow local users to escalate privileges and execute arbitrary code with root privileges. Versions less than 1.7.2_p4 are affected.
Author:Gentoo
Homepage:http://security.gentoo.org
File Size:3007
Last Modified:Mar 3 16:10:59 2010
MD5 Checksum:9e00ee59e6a6c0091ba4c3af4f8739d5

 ///  File Name:NSOADV-2010-004.txt
Description:
McAfee LinuxShield suffers from remote and local code execution vulnerabilities. Versions 1.5.1 and below are affected.
Author:Nikolas Sotiriu
Homepage:http://sotiriu.de/
Related Exploit:NSOPOC-2010-004.tar.gz
File Size:11179
Related CVE(s):CVE-2010-0689
Last Modified:Mar 2 21:54:45 2010
MD5 Checksum:d91779af8c5549a593884da139e78d24

 ///  File Name:ZDI-10-024.txt
Description:
Zero Day Initiative Advisory 10-024 - This vulnerability allows remote attackers to deny services on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NDS daemon's SOAP service. When a malformed request is made to the novell.embox.connmgr.serverinfo SOAP action, the daemon makes an illegal reference thereby resulting in a denial of service.
Author:TippingPoint
Homepage:http://www.zerodayinitiative.com/
File Size:2532
Last Modified:Mar 2 21:54:10 2010
MD5 Checksum:e25b3e2ca0cc4c489707de4ee829e336

 ///  File Name:dsa-2006-1.txt
Description:
Debian Linux Security Advisory 2006-1 - Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users database server.
Author:Debian
Homepage:http://www.debian.org/security
File Size:7081
Related CVE(s):CVE-2010-0426, CVE-2010-0427
Last Modified:Mar 2 21:52:46 2010
MD5 Checksum:5776920f8194143cf7a9406ee7a62548

 ///  File Name:MDVSA-2010-053.txt
Description:
Mandriva Linux Security Advisory 2010-053 - mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
Author:Mandriva
Homepage:http://www.mandriva.com/security/
File Size:29547
Related CVE(s):CVE-2010-0408
Last Modified:Mar 2 21:27:09 2010
MD5 Checksum:ae046a50754226da45275ca539cae606