Technical Cyber Security Alert TA07-254A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Visual Studio, Microsoft Windows Services for Unix, and Microsoft MSN Messenger. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
449e8375e4d58c6d69b4684104e0fe777e2115b6468b2aa4c8522199571b396aGentoo Linux Security Advisory GLSA 200709-01 - A stack buffer overflow (CVE-2007-3999) has been reported in svcauth_gss_validate() of the RPC library of kadmind. Another vulnerability (CVE-2007-4000) has been found in kadm5_modify_policy_internal(), which does not check the return values of krb5_db_get_policy() correctly. Versions less than 1.5.3-r1 are affected.
069944d06e3a8b3634e84b6d6ae791d61b76bde151ac2d5c0ca18b8f9799be32iDefense Security Advisory 09.11.07 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp's Microsoft Windows 2000 Agent service could allow an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the Agent Service (agentsvr.exe). Due to improper handling of specially crafted URLs, an attack can cause stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in the Agent service included in Windows 2000. Microsoft reports that newer versions of the Agent service are not vulnerable.
1b09178d90eb13abe427829422d154cb73153fac8556c0b6ef96121e7b1afce5Debian Security Advisory 1374-1 - Several vulnerabilities have been discovered in jffnms, a web-based Network Management System for IP networks. These include cross site scripting and SQL injection vulnerabilities.
8bee2501639339349d4514554062c4a6b73faa58549ff329748d01232e880805Debian Security Advisory 1373-1 - It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files.
a960c7e4c34ac3e3c21cf9a30e5705e5bebfffa7196b540161fbd20a223ff098Debian Security Advisory 1371-1 - Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
b7b01d7f2a959335ad4e537ebb5fba440c7f535ac3481c32a0333098d6941ddfThe Microsoft Agent ActiveX control contains a buffer overflow vulnerability that allows remote attackers to inject and execute arbitrary code with the privileges of the currently logged in user. Version 2.0.0.3425 is affected.
84769b4dd70aa5a25033c2792a38ff41ffe63f37d0dfb99127fadb9218e95243The Atom feed in www.ibm.com is susceptible to cross site scripting attacks.
8594a8f0707bbe9347aa863ec75647e87cd75f7b7fd157f2619aa5aef11de528An incorrect group assignment (gid 0) occurs for domain users using the rfc2307 or sfu Winbind nss info plugin.
b5a615800b2024d33d761d8ce00f430ad5581db3dae1a6f700d5296aa7e1e424A denial of service flaw exists in RealPlayer and HelixPlayer when a user tries to open a malformed .au file. The flaw is due to a Division by Zero error when processing a malformed AU file. An attacker must entice an unsuspecting user to open a maliciously crafted AU file. Realplayer versions 10.1.0.3114 and below and Helixplayer version 1.0.6.778 are affected. Proof of concept included.
28be1324049b26d3f596b6ba348ac009e99f312a5179e495cba05ab6a4852baaNuclearBB Alpha 2 suffers from a remote file inclusion vulnerability.
900a3ff34f13be59dabcc2afb85e1d668c8c5254f4f4b340e1117b261d008cb7SSHatter is a remote brute force utility that attempts every password from a given list against a target.
ccf0f5f7aa39fb59f5f5b2bd959ec841ca04f761de5c1c2da76f97a1bfa7976bMicrosoft Visual Studio version 6.0 file overwrite exploit that makes use of VBTOVSI.DLL version 1.0.0.0.
a259b0efdaa09edbc604048a7da85b8a07f87f01c860ef4cca15cc3e25f00f5cMicrosoft Visual Studio version 6.0 remote command execution exploit that makes use of PDWizard.ocx versions 6.0.0.9782 and below.
96af82830be7c89fb85c84ebc7d1444fcc9b07290f1502ddd32c828e33e69788X-Cart suffers from remote file inclusion vulnerabilities.
25ccf8166cc203fe891bf1e147d69ccfb0416770e8cd48ed57ce571284a1c8f6Debian Security Advisory 1370-2 - The update for the oldstable distribution was incorrectly installed into the archive. Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web.
b34c02843f6fd1822b6ff8d4cfcc82c348eeaa15121a44159e2d7a51e737119dSecunia Security Advisory - Koshi has reported a vulnerability in Microsoft Visual Basic, which can be exploited by malicious people to compromise a user's system.
a3875aa03b37ad7960ae70b692cb23678d618cc17ce27afa4e1d0b48c7c2d199Secunia Security Advisory - Henri Lindberg has reported a vulnerability in Buffalo AirStation WHR-G54S, which can be exploited by malicious people to conduct cross-site request forgery attacks.
be2e20089fcc244b6478badb8628aae2f088a05284c973d4e07c507518f76fd7Secunia Security Advisory - Debian has issued an update for gforge. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
597510a97afbde61b5447772bb96d6619fa86bfbe18ca07554f410a947f55b33Secunia Security Advisory - A vulnerability has been discovered in Proxy Anket, which can be exploited by malicious people to compromise a vulnerable system.
f860be53a7bed289f339afbf98c37d78f700365c052c39b0643f9fd72b312a46Secunia Security Advisory - Fedora has issued an update for qgit. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
46d0bebdb753ed4c3217aade1b244fada0f845220afbab5e058dd5c102fd2b91Secunia Security Advisory - Some vulnerabilities have been reported in Quagga, which can be exploited by malicious users to cause a DoS (Denial of Service).
c6aa2c9ac53ed7335948709ded48a9f89f0f8e03a4cd18d6a298c2c237b0556eSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a user's system.
396a23d751c9eeea2a72d078e91117a38871f63c896ee84a30ac3c126876e6a4Secunia Security Advisory - A vulnerability has been reported in Visual Studio, which can be exploited by malicious people to compromise a user's system.
11297b57208a227218f7f387a22efe6738a8131fed09d232fc22f8c0ddb920aaSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows Services for UNIX, which can be exploited by malicious, local users to gain escalated privileges.
a8af4a88941823f700cc5167f0f6eef2a06b59e6a48b439ac8919aa57a112970
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed