Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:51:03 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2069109965&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1007-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2069109965.1338180663.1338180663.1338180663.1%3B%2B__utmz%3D32867617.1338180663.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/92260/MDVSA-2010-142.txt http://packetstormsecurity.org/files/92260/MDVSA-2010-142.txt http://packetstormsecurity.org/files/92260/Mandriva-Linux-Security-Advisory-2010-142.html Wed, 28 Jul 2010 22:42:06 GMT Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. http://packetstormsecurity.org/files/92249/secunia-autonomykvrp.txt http://packetstormsecurity.org/files/92249/secunia-autonomykvrp.txt http://packetstormsecurity.org/files/92249/Autonomy-KeyView-wkssr.dll-Record-Parsing-Buffer-Overflows.html Wed, 28 Jul 2010 18:18:24 GMT Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/files/92248/secunia-autonomykvindex.txt http://packetstormsecurity.org/files/92248/secunia-autonomykvindex.txt http://packetstormsecurity.org/files/92248/Autonomy-KeyView-wkssr.dll-String-Indexing-Vulnerability.html Wed, 28 Jul 2010 18:17:09 GMT Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/files/92245/secunia-wkssriu.txt http://packetstormsecurity.org/files/92245/secunia-wkssriu.txt http://packetstormsecurity.org/files/92245/Autonomy-KeyView-wkssr.dll-Integer-Underflow-Vulnerability.html Wed, 28 Jul 2010 18:05:08 GMT Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/files/92244/secunia-autonomywosr.txt http://packetstormsecurity.org/files/92244/secunia-autonomywosr.txt http://packetstormsecurity.org/files/92244/Autonomy-KeyView-wosr.dll-Data-Block-Parsing-Buffer-Overflow.html Wed, 28 Jul 2010 18:03:59 GMT Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/files/92243/secunia-autonomyrtfsigned.txt http://packetstormsecurity.org/files/92243/secunia-autonomyrtfsigned.txt http://packetstormsecurity.org/files/92243/Autonomy-KeyView-rtfsr.dll-RTF-Parsing-Signedness-Error.html Wed, 28 Jul 2010 18:02:22 GMT Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the "\\ls" keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/files/92242/secunia-autonomywkssr.txt http://packetstormsecurity.org/files/92242/secunia-autonomywkssr.txt http://packetstormsecurity.org/files/92242/Autonomy-KeyView-wkssr.dll-Floating-Point-Conversion-Buffer-Overflow.html Wed, 28 Jul 2010 17:59:30 GMT Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/files/92241/secunia-autonomycfp.txt http://packetstormsecurity.org/files/92241/secunia-autonomycfp.txt http://packetstormsecurity.org/files/92241/Autonomy-KeyView-Compound-File-Parsing-Buffer-Overflow.html Wed, 28 Jul 2010 17:55:45 GMT Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. http://packetstormsecurity.org/files/92259/sa40741.txt http://packetstormsecurity.org/files/92259/sa40741.txt http://packetstormsecurity.org/files/92259/Secunia-Security-Advisory-40741.html Wed, 28 Jul 2010 14:42:06 GMT Secunia Security Advisory - Red Hat has issued an update for jboss-seam2. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/92258/sa40740.txt http://packetstormsecurity.org/files/92258/sa40740.txt http://packetstormsecurity.org/files/92258/Secunia-Security-Advisory-40740.html Wed, 28 Jul 2010 14:42:04 GMT Secunia Security Advisory - A security issue and a vulnerability have been reported in MediaWiki, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks. http://packetstormsecurity.org/files/92257/sa40679.txt http://packetstormsecurity.org/files/92257/sa40679.txt http://packetstormsecurity.org/files/92257/Secunia-Security-Advisory-40679.html Wed, 28 Jul 2010 14:42:01 GMT Secunia Security Advisory - A vulnerability has been discovered in Zabbix, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/92256/sa40727.txt http://packetstormsecurity.org/files/92256/sa40727.txt http://packetstormsecurity.org/files/92256/Secunia-Security-Advisory-40727.html Wed, 28 Jul 2010 14:41:58 GMT Secunia Security Advisory - A vulnerability has been discovered in KVIrc, which can be exploited by malicious people to hijack IRC connections. http://packetstormsecurity.org/files/92254/sa40737.txt http://packetstormsecurity.org/files/92254/sa40737.txt http://packetstormsecurity.org/files/92254/Secunia-Security-Advisory-40737.html Wed, 28 Jul 2010 13:11:29 GMT Secunia Security Advisory - A vulnerability has been discovered in bozohttpd, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/92253/sa40744.txt http://packetstormsecurity.org/files/92253/sa40744.txt http://packetstormsecurity.org/files/92253/Secunia-Security-Advisory-40744.html Wed, 28 Jul 2010 13:11:26 GMT Secunia Security Advisory - A vulnerability has been discovered in nuBuilder, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/92252/sa40713.txt http://packetstormsecurity.org/files/92252/sa40713.txt http://packetstormsecurity.org/files/92252/Secunia-Security-Advisory-40713.html Wed, 28 Jul 2010 13:11:24 GMT Secunia Security Advisory - Some vulnerabilities have been reported in hsolinkcontrol, which can be exploited by malicious, local users to gain escalated privileges. http://packetstormsecurity.org/files/92236/sa40753.txt http://packetstormsecurity.org/files/92236/sa40753.txt http://packetstormsecurity.org/files/92236/Secunia-Security-Advisory-40753.html Wed, 28 Jul 2010 09:28:04 GMT Secunia Security Advisory - A security issue has been reported in the Front End User Registration extension for TYPO3, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/92235/sa40690.txt http://packetstormsecurity.org/files/92235/sa40690.txt http://packetstormsecurity.org/files/92235/Secunia-Security-Advisory-40690.html Wed, 28 Jul 2010 09:28:01 GMT Secunia Security Advisory - Oracle has acknowledged a weakness in Sun Solaris, which can be exploited by malicious, local users to gain knowledge of sensitive information. http://packetstormsecurity.org/files/92234/sa40755.txt http://packetstormsecurity.org/files/92234/sa40755.txt http://packetstormsecurity.org/files/92234/Secunia-Security-Advisory-40755.html Wed, 28 Jul 2010 09:27:59 GMT Secunia Security Advisory - Fedora has issued an update for turba. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/92233/sa40743.txt http://packetstormsecurity.org/files/92233/sa40743.txt http://packetstormsecurity.org/files/92233/Secunia-Security-Advisory-40743.html Wed, 28 Jul 2010 09:27:56 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can potentially be exploited by malicious people to disclose sensitive information or compromise a user's system. http://packetstormsecurity.org/files/92232/sa40764.txt http://packetstormsecurity.org/files/92232/sa40764.txt http://packetstormsecurity.org/files/92232/Secunia-Security-Advisory-40764.html Wed, 28 Jul 2010 09:27:53 GMT Secunia Security Advisory - Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/92231/sa40778.txt http://packetstormsecurity.org/files/92231/sa40778.txt http://packetstormsecurity.org/files/92231/Secunia-Security-Advisory-40778.html Wed, 28 Jul 2010 09:27:51 GMT Secunia Security Advisory - Fedora has issued an update for libvirt. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions. http://packetstormsecurity.org/files/92268/sa38830.txt http://packetstormsecurity.org/files/92268/sa38830.txt http://packetstormsecurity.org/files/92268/Secunia-Security-Advisory-38830.html Wed, 28 Jul 2010 08:40:53 GMT Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. http://packetstormsecurity.org/files/92267/sa40681.txt http://packetstormsecurity.org/files/92267/sa40681.txt http://packetstormsecurity.org/files/92267/Secunia-Security-Advisory-40681.html Wed, 28 Jul 2010 08:40:50 GMT Secunia Security Advisory - Some security issues have been reported in JBoss Enterprise SOA Platform, which can be exploited by malicious users to gain escalated privileges and by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/92266/sa38704.txt http://packetstormsecurity.org/files/92266/sa38704.txt http://packetstormsecurity.org/files/92266/Secunia-Security-Advisory-38704.html Wed, 28 Jul 2010 08:40:48 GMT Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/92265/sa40747.txt http://packetstormsecurity.org/files/92265/sa40747.txt http://packetstormsecurity.org/files/92265/Secunia-Security-Advisory-40747.html Wed, 28 Jul 2010 08:40:45 GMT Secunia Security Advisory - Cisco has acknowledged a vulnerability in multiple Cisco products, which can be exploited by malicious people to manipulate certain data.