Section: .. / 0807-advisories /
| /// File Name: |
MDVSA-2008-152.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in Wireshark, that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.2, which is not vulnerable to that.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7468 | | Related CVE(s): | CVE-2008-3145 | | Last Modified: | Jul 23 19:26:33 2008 |
| MD5 Checksum: | 9deb077f278a874b21006d319120b3bb |
|
| /// File Name: |
MDVSA-2008-153.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in emacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by emacs. The updated packages have been patched to correct this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8619 | | Related CVE(s): | CVE-2008-2142 | | Last Modified: | Jul 23 19:26:54 2008 |
| MD5 Checksum: | 317520423f82ed3a15b919a528d64ba9 |
|
| /// File Name: |
MDVSA-2008-154.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in xemacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by xemacs. The updated packages have been patched to correct this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3385 | | Related CVE(s): | CVE-2008-2142 | | Last Modified: | Jul 23 19:39:45 2008 |
| MD5 Checksum: | 02de82850dc988def1ef4ff9e0c8f68e |
|
| /// File Name: |
MDVSA-2008-155-1.txt |
Description:
|
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15962 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 28 11:46:36 2008 |
| MD5 Checksum: | 66f5f6377fd559f737b581f46c2053bf |
|
| /// File Name: |
MDVSA-2008-155.txt |
Description:
|
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 50277 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 25 21:02:23 2008 |
| MD5 Checksum: | c42b0d5c1d78fe93fed6e40c07dbe7cc |
|
| /// File Name: |
MDVSA-2008-156.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy of the Google Security Team discovered a flaw in how libpng handles zero-length unknown chunks in PNG files, which could lead to memory corruption in applications that make use of certain functions. The updated packages have been patched to correct this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6844 | | Related CVE(s): | CVE-2008-1382 | | Last Modified: | Jul 28 21:01:52 2008 |
| MD5 Checksum: | c762fa86f5124a5d2f6fe8cbbfb224ec |
|
| /// File Name: |
MDVSA-2008-157.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in how ffmpeg handled STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg. The updated packages have been patched to correct this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5923 | | Related CVE(s): | CVE-2008-3162 | | Last Modified: | Jul 29 22:15:09 2008 |
| MD5 Checksum: | 772f1739fb3464d51de82e71fe199e5a |
|
| /// File Name: |
MDVSA-2008-158.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in the SILC toolkit before version 1.1.5 that allowed a remote attacker to cause a denial of service (crash), or possibly execute arbitrary code via long input data. A vulnerability was found in the SILC toolkit before version 1.1.7 that allowed a remote attacker to execute arbitrary code via a crafted PKCS#2 message. The updated packages have been patched to correct these issues.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3196 | | Related CVE(s): | CVE-2008-1227, CVE-2008-1552 | | Last Modified: | Jul 30 23:56:04 2008 |
| MD5 Checksum: | f9177e51b3805067cb1425c203b43251 |
|
| /// File Name: |
MDVSA-2008-159.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw was discovered in licq versions prior to 1.3.6 that allowed a remote attacker to cause a denial of service (crash) via a large number of connections. The updated packages have been patched to correct this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3264 | | Related CVE(s): | CVE-2008-1996 | | Last Modified: | Jul 30 23:56:23 2008 |
| MD5 Checksum: | acabef4806d17f7e7ffaaaf99f2a35b9 |
|
| /// File Name: |
msowa-xss.txt |
Description:
|
Several cross site scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining persistent control over a victim's use of Outlook Web Access.
| | Author: | Michael Jordon | | Homepage: | http://www.contextis.co.uk/ | | File Size: | 3890 | | Related CVE(s): | CVE-2008-2247, CVE-2008-2248 | | Last Modified: | Jul 10 18:46:39 2008 |
| MD5 Checksum: | 0592215043fc314dfab9727e7150652a |
|
| /// File Name: |
MU-200807-01.txt |
Description:
|
The Mu Security Research team has found that repro SIP proxy/registrar version 1.3.2 suffers from a remote denial of service vulnerability.
| | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 3370 | | Last Modified: | Jul 14 23:03:06 2008 |
| MD5 Checksum: | eeb40dfbac45b032d6f1e46704df7437 |
|
| /// File Name: |
n.runs-SA-2008.002.txt |
Description:
|
The F-Prot Anti-Virus engine versions below 4.4.4 suffer form an out-of-bounds memory access denial of service vulnerability.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 5248 | | Last Modified: | Jul 16 15:48:37 2008 |
| MD5 Checksum: | f9e5ad9d51dc0e30c8a0d4478a729c61 |
|
| /// File Name: |
n.runs-SA-2008.003.txt |
Description:
|
Apple QuickTime versions prior to 7.5 suffer from a heap overflow vulnerability when handling PICT images.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 9491 | | Last Modified: | Jul 16 15:49:48 2008 |
| MD5 Checksum: | 86cef345102da7283cb680756f7c7847 |
|
| /// File Name: |
n.runs-SA-2008.004.txt |
Description:
|
A remotely exploitable vulnerability has been found in the files parsing engine of AVG Anti-Virus that allows for a denial of service condition.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3551 | | Last Modified: | Jul 29 11:47:03 2008 |
| MD5 Checksum: | 14a4381a4f525e9d0c3a8d567a16d1c7 |
|
| /// File Name: |
netrw-exec.txt |
Description:
|
Lack of sanitization throughout Netrw can lead to arbitrary code execution upon opening a directory with a crafted name.
| | Author: | Jan Minar | | File Size: | 5137 | | Last Modified: | Jul 16 15:43:19 2008 |
| MD5 Checksum: | 0a45093ff0e3eb716b14884b0b054a39 |
|
| /// File Name: |
NISR15072008.txt |
Description:
|
NGSSoftware Insight Security Research Advisory - Oracle Application Server installs a number of PLSQL packages in the backend database server. One of these is the WWV_RENDER_REPORT package and it is vulnerable to PLSQL injection. This package uses definer rights execution and therefore executes with the privileges of the owner, in this case the highly privileged PORTAL user.
| | Author: | David Litchfield | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3709 | | Related CVE(s): | CVE-2008-2589 | | Last Modified: | Jul 15 20:18:26 2008 |
| MD5 Checksum: | c6bc69f8abb9b4ec0ab0dfecf8149c3d |
|
| /// File Name: |
oCERT-2008-007.txt |
Description:
|
The Poppler PDF rendering library versions 0.8.4 and below suffers from a memory management bug which can allows for arbitrary code execution.
| | Author: | Andrea Barisani | | Homepage: | http://www.ocert.org/ | | File Size: | 1921 | | Related CVE(s): | CVE-2008-2950 | | Last Modified: | Jul 10 01:55:10 2008 |
| MD5 Checksum: | 8492209d4f5194751f5e439b831e5867 |
|
| /// File Name: |
oracleuntrust-local.txt |
Description:
|
Oracle 10g R2 and Oracle 11g suffers from a local root compromise vulnerable via the extjob binary.
| | Author: | Joxean Koret | | File Size: | 3833 | | Related CVE(s): | CVE-2008-2613 | | Last Modified: | Jul 21 17:07:34 2008 |
| MD5 Checksum: | 3a19a5731f94ea904531a9aee0a3f8c6 |
|
| /// File Name: |
PR08-15.txt |
Description:
|
Moodle version 1.6.5 is vulnerable to web root disclosure issues.
| | Homepage: | http://www.procheckup.com/ | | File Size: | 2320 | | Last Modified: | Jul 23 19:19:09 2008 |
| MD5 Checksum: | 476269f39413dda45632d4b71746ac13 |
|
| /// File Name: |
realnetworks-activex.txt |
Description:
|
An illegal resource reference vulnerability exists in the ActiveX Control of RealNetworks RealPlayer versions 10.6 and below.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 1222 | | Related CVE(s): | CVE-2008-3064 | | Last Modified: | Jul 30 22:20:13 2008 |
| MD5 Checksum: | 5e0580a4fb9317a3b4025c4fad6c48b4 |
|
| /// File Name: |
realplayer-exec.txt |
Description:
|
RealPlayer suffers from a vulnerability where the WindowName and Controls properties of rmoc3260.dll do not manage heap memory properly resulting in a use after free condition which can overwrite heap management structures resulting in code execution. RealPlayer 11, 10.5, 10, and Enterprise are all affected.
| | Author: | Elazar Broad | | File Size: | 1485 | | Last Modified: | Jul 25 20:57:26 2008 |
| MD5 Checksum: | 6770b3f1177517eb6841ebc11efa2528 |
|
| /// File Name: |
sa25813.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in K9 Web Protection, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25813/ | | File Size: | 2996 | | Last Modified: | Jul 31 18:10:43 2008 |
| MD5 Checksum: | bad5f89d52cbab7adc37fd1680d43dbf |
|
| /// File Name: |
sa27620.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in RealPlayer, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27620/ | | File Size: | 2272 | | Last Modified: | Jul 25 13:41:34 2008 |
| MD5 Checksum: | 7383a474abf09e488ef296c87ace7684 |
|
| /// File Name: |
sa30177.txt |
Description:
|
Secunia Security Advisory - Thomas Pollet has discovered two vulnerabilities in OpenCart, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
| | Homepage: | http://secunia.com/advisories/30177/ | | File Size: | 2593 | | Last Modified: | Jul 2 13:42:37 2008 |
| MD5 Checksum: | 41acb9ced227edce67dfcdba2cb6f721 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
