Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:30:01 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2024312579&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0807-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2024312579.1338186601.1338186601.1338186601.1%3B%2B__utmz%3D32867617.1338186601.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/68711/glsa-200807-15.txt http://packetstormsecurity.org/files/68711/glsa-200807-15.txt http://packetstormsecurity.org/files/68711/Gentoo-Linux-Security-Advisory-200807-15.html Thu, 31 Jul 2008 22:54:33 GMT Gentoo Linux Security Advisory GLSA 200807-15 - Pavel Polischouk reported a boundary error in the PartsBatch class when processing .nzb files. Versions less than 0.132-r3 are affected. http://packetstormsecurity.org/files/68710/glsa-200807-14.txt http://packetstormsecurity.org/files/68710/glsa-200807-14.txt http://packetstormsecurity.org/files/68710/Gentoo-Linux-Security-Advisory-200807-14.html Thu, 31 Jul 2008 22:54:04 GMT Gentoo Linux Security Advisory GLSA 200807-14 - A stack-based buffer overflow has been reported in the audit_log_user_command() function in the file lib/audit_logging.c when processing overly long arguments. Versions less than 1.7.3 are affected. http://packetstormsecurity.org/files/68709/glsa-200807-13.txt http://packetstormsecurity.org/files/68709/glsa-200807-13.txt http://packetstormsecurity.org/files/68709/Gentoo-Linux-Security-Advisory-200807-13.html Thu, 31 Jul 2008 22:53:55 GMT Gentoo Linux Security Advisory GLSA 200807-13 - Remi Denis-Courmont reported that VLC loads plugins from the current working directory in an unsafe manner. Versions less than 0.8.6i are affected. http://packetstormsecurity.org/files/68707/sa30856.txt http://packetstormsecurity.org/files/68707/sa30856.txt http://packetstormsecurity.org/files/68707/Secunia-Security-Advisory-30856.html Thu, 31 Jul 2008 22:52:54 GMT Secunia Security Advisory - Travis C Johnson has discovered a security issue in Acronis True Image Echo Server, which can be exploited by malicious people to disclose sensitive information. http://packetstormsecurity.org/files/68705/sa31297.txt http://packetstormsecurity.org/files/68705/sa31297.txt http://packetstormsecurity.org/files/68705/Secunia-Security-Advisory-31297.html Thu, 31 Jul 2008 22:52:54 GMT Secunia Security Advisory - R3d.W0rm has discovered a vulnerability in nzFotolog, which can be exploited by malicious people to disclose sensitive information. http://packetstormsecurity.org/files/68704/sa31304.txt http://packetstormsecurity.org/files/68704/sa31304.txt http://packetstormsecurity.org/files/68704/Secunia-Security-Advisory-31304.html Thu, 31 Jul 2008 22:52:54 GMT Secunia Security Advisory - A vulnerability has been reported in various Panasonic network cameras, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/68706/sa31307.txt http://packetstormsecurity.org/files/68706/sa31307.txt http://packetstormsecurity.org/files/68706/Secunia-Security-Advisory-31307.html Thu, 31 Jul 2008 22:52:54 GMT Secunia Security Advisory - Debian has issued an update for newsx. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/68708/sa31308.txt http://packetstormsecurity.org/files/68708/sa31308.txt http://packetstormsecurity.org/files/68708/Secunia-Security-Advisory-31308.html Thu, 31 Jul 2008 22:52:54 GMT Secunia Security Advisory - rPath has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. http://packetstormsecurity.org/files/68694/07.30.08-1.txt http://packetstormsecurity.org/files/68694/07.30.08-1.txt http://packetstormsecurity.org/files/68694/iDEFENSE-Security-Advisory-2008-07-30.1.html Thu, 31 Jul 2008 22:25:13 GMT iDefense Security Advisory 07.30.08 - Local exploitation of an untrusted path vulnerability in the "dbmsrv" program, as distributed with SAP AG's MaxDB, allow attackers to elevate privileges to that of the "sdb" user. When a local user runs the "dbmcli" program, the MaxDB executes a "dbmsrv" process on the user's behalf. The "dbmsrv" process, which is responsible for executing user commands, runs as the user "sdb" with group "sdba". This vulnerability exists due to improper sanitization of the "PATH" environment variable. By prefixing the "PATH" environment variable with a path under the attacker control, one is able to execute arbitrary code iDefense has confirmed the existence of this vulnerability in SAP MaxDB version 7.6.03.15 on Linux. Other versions may also be vulnerable. with "sdb:sdba" privileges. http://packetstormsecurity.org/files/68693/dsa-1624-1.txt http://packetstormsecurity.org/files/68693/dsa-1624-1.txt http://packetstormsecurity.org/files/68693/Debian-Linux-Security-Advisory-1624-1.html Thu, 31 Jul 2008 22:23:26 GMT Debian Security Advisory 1624-1 - Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. http://packetstormsecurity.org/files/68692/sa31247.txt http://packetstormsecurity.org/files/68692/sa31247.txt http://packetstormsecurity.org/files/68692/Secunia-Security-Advisory-31247.html Thu, 31 Jul 2008 22:23:16 GMT Secunia Security Advisory - dun has reported two vulnerabilities in M http://packetstormsecurity.org/files/68691/dsa-1623-1.txt http://packetstormsecurity.org/files/68691/dsa-1623-1.txt http://packetstormsecurity.org/files/68691/Debian-Linux-Security-Advisory-1623-1.html Thu, 31 Jul 2008 22:22:45 GMT Debian Security Advisory 1623-1 - Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. http://packetstormsecurity.org/files/68690/assurent-caarcserve.txt http://packetstormsecurity.org/files/68690/assurent-caarcserve.txt http://packetstormsecurity.org/files/68690/assurent-caarcserve.txt.html Thu, 31 Jul 2008 22:22:36 GMT There exists a buffer overflow vulnerability in the way CA ARCserve Backup for Laptops and Desktops handles incoming messages. The vulnerability is due to an integer underflow in the LGServer service. Affected includes CA ARCserve Backup for Laptops and Desktops version r11.0 through r11.5, CA Desktop Management Suite version 11.1 through 11.2, and CA Protection Suites versions r2, 3.0, and 3.1. http://packetstormsecurity.org/files/68682/sa25813.txt http://packetstormsecurity.org/files/68682/sa25813.txt http://packetstormsecurity.org/files/68682/Secunia-Security-Advisory-25813.html Thu, 31 Jul 2008 22:10:43 GMT Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in K9 Web Protection, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/68687/sa31235.txt http://packetstormsecurity.org/files/68687/sa31235.txt http://packetstormsecurity.org/files/68687/Secunia-Security-Advisory-31235.html Thu, 31 Jul 2008 22:10:43 GMT Secunia Security Advisory - Stack has discovered a vulnerability in PHP Hosting Directory, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/68684/sa31252.txt http://packetstormsecurity.org/files/68684/sa31252.txt http://packetstormsecurity.org/files/68684/Secunia-Security-Advisory-31252.html Thu, 31 Jul 2008 22:10:43 GMT Secunia Security Advisory - Mr.SQL has reported a vulnerability in fizzMedia, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/68686/sa31259.txt http://packetstormsecurity.org/files/68686/sa31259.txt http://packetstormsecurity.org/files/68686/Secunia-Security-Advisory-31259.html Thu, 31 Jul 2008 22:10:43 GMT Secunia Security Advisory - A vulnerability with an unknown impact has been reported in ImpressCMS. http://packetstormsecurity.org/files/68685/sa31285.txt http://packetstormsecurity.org/files/68685/sa31285.txt http://packetstormsecurity.org/files/68685/Secunia-Security-Advisory-31285.html Thu, 31 Jul 2008 22:10:43 GMT Secunia Security Advisory - Bboyhacks has reported some vulnerabilities in Axesstel AXW-D800, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/68683/sa31299.txt http://packetstormsecurity.org/files/68683/sa31299.txt http://packetstormsecurity.org/files/68683/Secunia-Security-Advisory-31299.html Thu, 31 Jul 2008 22:10:43 GMT Secunia Security Advisory - Ghost Hacker has discovered two vulnerabilities in HIOX Browser Statistics, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system. http://packetstormsecurity.org/files/68688/sa31300.txt http://packetstormsecurity.org/files/68688/sa31300.txt http://packetstormsecurity.org/files/68688/Secunia-Security-Advisory-31300.html Thu, 31 Jul 2008 22:10:43 GMT Secunia Security Advisory - Ghost Hacker has discovered a vulnerability in HIOX Random Ad, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system. http://packetstormsecurity.org/files/68681/sa31283.txt http://packetstormsecurity.org/files/68681/sa31283.txt http://packetstormsecurity.org/files/68681/Secunia-Security-Advisory-31283.html Thu, 31 Jul 2008 15:31:43 GMT Secunia Security Advisory - A vulnerability has been reported in phpFreeChat, which can be exploited by malicious users to conduct hijacking attacks. http://packetstormsecurity.org/files/68680/SSRT071466.txt http://packetstormsecurity.org/files/68680/SSRT071466.txt http://packetstormsecurity.org/files/68680/HP-Security-Bulletin-2007-14.66.html Thu, 31 Jul 2008 15:31:30 GMT HP Security Bulletin - A potential security vulnerability has been identified in HP-UX running System Administration Manager (SAM). This vulnerability may allow unintended remote access. http://packetstormsecurity.org/files/68679/libexslt-overflow.txt http://packetstormsecurity.org/files/68679/libexslt-overflow.txt http://packetstormsecurity.org/files/68679/libexslt-overflow.txt.html Thu, 31 Jul 2008 15:30:53 GMT The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is present in the rc4 encryption/decryption functions. Versions 1.1.8 and above and 1.1.24 and below are affected. http://packetstormsecurity.org/files/68678/secunia-bluecoathan.txt http://packetstormsecurity.org/files/68678/secunia-bluecoathan.txt http://packetstormsecurity.org/files/68678/secunia-bluecoathan.txt.html Thu, 31 Jul 2008 15:29:06 GMT Secunia Research has discovered two vulnerabilities in K9 Web Protection, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors in the filter service (k9filter.exe) when handling HTTP version information in responses from a centralized server (sp.cwfservice.net). These can be exploited to cause stack-based buffer overflows via a specially crafted response containing overly long HTTP version information. Successful exploitation allows execution of arbitrary code, but requires that requests to the centralized server can be redirected to a malicious service or otherwise intercepted. Affected is Blue Coat K9 Web Protection 3.2.44 with Filter version 3.2.32. http://packetstormsecurity.org/files/68677/secunia-bluecoatref.txt http://packetstormsecurity.org/files/68677/secunia-bluecoatref.txt http://packetstormsecurity.org/files/68677/secunia-bluecoatref.txt.html Thu, 31 Jul 2008 15:27:32 GMT Secunia Research has discovered a vulnerability in K9 Web Protection, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the filter service (k9filter.exe) during processing of "Referer" headers when the web-based K9 Web Protection Administration interface is accessed. This can be exploited to cause a stack-based buffer overflow via an overly long "Referer:" header. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious web site. Affected is Blue Coat K9 Web Protection 3.2.44 with Filter version 3.2.32.