Section: .. / Last 20 Advisory Files /
| /// File Name: | DDIVRT-2008-15.txt | Description:
| The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-onlyfile access outside of the iPhone Configuration Web Utility 1.0 web root. | | Author: | Corey LeBleu,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1066 | | Last Modified: | Nov 21 16:18:46 2008 | | MD5 Checksum: | 07526dbd17f8e037041006f8815ffe08 |
|
| /// File Name: | openssh-cbc-adv.txt | Description:
| The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, they are unable to properly assess its impact. | | Homepage: | http://www.openssh.com/ | | File Size: | 2506 | | Last Modified: | Nov 21 16:17:37 2008 | | MD5 Checksum: | d2688c59ac428caddd0526bb0979ec68 |
|
| /// File Name: | ZDI-08-076.txt | Description:
| A vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3322 | | Last Modified: | Nov 20 18:26:11 2008 | | MD5 Checksum: | 674545c3d3f0885dd630ad4bf3b66bd8 |
|
| /// File Name: | ZDI-08-075.txt | Description:
| A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. Exploitation allows for arbitrary code execution under the context of the SYSTEM user. | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3366 | | Last Modified: | Nov 20 18:24:55 2008 | | MD5 Checksum: | baf5fcd61ddfffefe825752a5e5f8532 |
|
| /// File Name: | MDVSA-2008-233.txt | Description:
| Mandriva Linux Security Advisory 2008-233 - A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code. In addition, the fixes for were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4191 | | Related CVE(s): | CVE-2005-0706, CVE-2008-5030 | | Last Modified: | Nov 20 18:16:55 2008 | | MD5 Checksum: | 9c756b2e28e8d3771c77fdb2f9600b6d |
|
| /// File Name: | SSRT080059.txt | Description:
| HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 7471 | | Related CVE(s): | CVE-2007-6388, CVE-2007-5000 | | Last Modified: | Nov 20 14:21:09 2008 | | MD5 Checksum: | 95772fbd64f5296b53746839ca3c082f |
|
| /// File Name: | MDVSA-2008-232.txt | Description:
| Mandriva Linux Security Advisory 2008-232 - The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions. The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4496 | | Related CVE(s): | CVE-2008-4577, CVE-2008-4578 | | Last Modified: | Nov 19 18:47:25 2008 | | MD5 Checksum: | 74d6e20e2de494366564f42bf606f8cb |
|
| /// File Name: | USN-674-1.txt | Description:
| Ubuntu Security Notice USN-674-1 - It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behavior by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 10985 | | Related CVE(s): | CVE-2008-2940, CVE-2008-2941 | | Last Modified: | Nov 19 18:46:56 2008 | | MD5 Checksum: | 40785ad48c0633533c0dbc0debeac5a5 |
|
| /// File Name: | PR08-09.txt | Description:
| An unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager. | | Author: | Richard Brain | | Homepage: | http://www.procheckup.com/ | | File Size: | 2315 | | Last Modified: | Nov 19 18:15:41 2008 | | MD5 Checksum: | 027955185dafd3359535c914e02f64fa |
|
| /// File Name: | secunia-streamripper.txt | Description:
| Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system. Version 1.63.5 is affected. | | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4581 | | Related CVE(s): | CVE-2008-4829 | | Last Modified: | Nov 19 17:55:36 2008 | | MD5 Checksum: | 2a667b6f5ea4090920bfdfceb7fa6c61 |
|
| /// File Name: | tonline-multi.txt | Description:
| The T-Online software offered by Deutsche Telekom installs and includes the use of vulnerable DLLs. | | Author: | Stefan Kanthak | | File Size: | 2364 | | Last Modified: | Nov 19 17:52:19 2008 | | MD5 Checksum: | 4f545cb45287d94079f395be11241a87 |
|
| /// File Name: | MDVSA-2008-231.txt | Description:
| Mandriva Linux Security Advisory 2008-231 - Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop. The second is an integer overflow that caused a heap-based buffer overflow in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7546 | | Related CVE(s): | CVE-2008-4225, CVE-2008-4226 | | Last Modified: | Nov 18 20:11:30 2008 | | MD5 Checksum: | 3c2bacdc0c614a94c24a9030e3f7f962 |
|
| /// File Name: | USN-673-1.txt | Description:
| Ubuntu Security Notice USN-673-1 - Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 25774 | | Related CVE(s): | CVE-2008-4225, CVE-2008-4226 | | Last Modified: | Nov 18 20:10:50 2008 | | MD5 Checksum: | 64f6a2da847d9cc80f75dd91c5ce02f7 |
|
| /// File Name: | CESA-2008-009.html | Description:
| Firefox versions 2.0.0.18 and below and WebKit nightly are affected by a cross-domain arbitrary image theft vulnerability. | | Author: | Chris Evans | | File Size: | 3011 | | Related CVE(s): | CVE-2008-5012 | | Last Modified: | Nov 18 19:31:05 2008 | | MD5 Checksum: | a5218b3dbe84d9457e5d725d2e5b90c9 |
|
| /// File Name: | SSRT080164.txt | Description:
| HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. | | Homepage: | http://www.hp.com/ | | File Size: | 9279 | | Related CVE(s): | CVE-2008-4250, CVE-2008-4037, CVE-2007-0099, CVE-2008-4029, CVE-2008-4033 | | Last Modified: | Nov 18 19:25:40 2008 | | MD5 Checksum: | af2cc68c5723cced78fc00d623c7ba29 |
|
| /// File Name: | USN-672-1.txt | Description:
| Ubuntu Security Notice USN-672-1 - Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project. If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7596 | | Related CVE(s): | CVE-2008-5050 | | Last Modified: | Nov 18 01:07:08 2008 | | MD5 Checksum: | 157f26b3a109779716d5541904cd8ff7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
