iDefense Security Advisory 07.11.07 - Remote exploitation of an integer overflow vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in QuickTime players handling of the title and author fields in an SMIL file. When parsing an SMIL file, arithmetic calculations can cause insufficient memory to be allocated. When copying in user-supplied data from the SMIL file, a heap-based buffer overflow occurs. This results in a potentially exploitable condition. iDefense Labs confirmed this vulnerability exists in version 7.1.3 and 7.1.5 of QuickTime on Windows and Mac OS X. Previous versions are suspected to be vulnerable.
47414f47b8bbf7fd2ae4454d3603f79eb1ec643f41903bb5279b43ecf83e4bc7
iDefense Security Advisory 07.11.07 - Remote exploitation of a local file inclusion vulnerability in gpg_help.php in version 2.0 of the SquirrelMail G/PGP Plugin could allow an authenticated webmail user to execute arbitrary PHP code under the security context of the running web server. iDefense has confirmed the existence of this vulnerability in version 2.0 of the G/PGP Encryption Plugin for SquirrelMail. It is suspected that earlier versions of the plug-in are also affected.
aa231abe3475356daf40107f026dcfd4b8a5dfd5f6082511bfec68f93d1a9a79
iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The gpg_recv_key() function is affected. iDefense has confirmed the existence of this vulnerability in the latest version of the G/PGP Encryption Plugin for SquirrelMail, version 2.1. Furthermore, this vulnerability has been confirmed to exist as early as version 2.0. Other versions may be affected.
623fb7212497064369a3382096eb045adef0b7054957761e87ecbb918b982ef4
iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The gpg_check_sign_pgp_mime() function is affected. iDefense has confirmed the existence of this vulnerability in version 2.0 of the G/PGP Encryption Plugin for SquirrelMail. It is suspected that earlier versions of the plug-in are also affected.
97a634db058299435700a7f1c91d89f48dab33b0e02efe0b54a1768f07a22eb2
iDefense Security Advisory 07.11.07 - Remote exploitation of a command injection vulnerability in the G/PGP Encryption Plugin for The SquirrelMail Project Team's SquirrelMail webmail package allows attackers to execute arbitrary commands with the privileges of the underlying web server. The deleteKey() functionality is affected. iDefense has confirmed the existence of this vulnerability in the latest version of the G/PGP Encryption Plugin for SquirrelMail, version 2.1. Furthermore, this vulnerability has been confirmed to exist as early as version 2.0. Other versions may be affected.
43d1374bb1007f95f5034258701359c58204a59a8e93b7fd871ca1983f6a250c
iDefense Security Advisory 07.11.07 - Local exploitation of an input validation vulnerability in version 5.5.1.6 of symtdi.sys allows attackers to elevate privileges to SYSTEM. The vulnerability specifically exists due to improper address space validation when the \\symTDI\ device driver processes IOCTL 0x83022323. An attacker can overwrite an arbitrary address, including code segments, with a constant double word value by supplying a specially crafted Irp to the IOCTL handler function. iDefense confirmed this vulnerability in version 5.5.1.6 of Symantec's symtdi.sys device driver as included with version 10 of Symantec AntiVirus Corporate Edition. Previous versions and related products that contain the affected driver are suspected vulnerable.
89b8df0a698bad87591ee7bc3ce90d08d805621a82a1469e365acd5f4ab9e8bb
iDefense Security Advisory 07.11.07 - Remote exploitation of a heap overflow vulnerability in Symantec Backup Exec could allow an unauthenticated attacker to create a denial of service condition or potentially execute arbitrary code. The flaw specifically exists within the RPC server that listens on TCP port 6106. When handling requests using the "ncacn_ip_tcp" protocol, the service will copy a user supplied amount of data into a fixed-size heap buffer. iDefense confirmed the existence of this vulnerability in Symantec Backup Exec 10d with all current hot-fixes and service packs applied. Other versions are suspected to be vulnerable.
e8ff8869659ba283cedb2a4d3ab66109cdb86a20fdb6d95f188dae92cfee6e5d
Technical Cyber Security Alert TA07-192A - There are critical vulnerabilities in Adobe Flash player and related software. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
ef8f2c42b6e5d5da03a8e1435f3ff0c1d01b20d8b9b74e05b69cadc720807da9
Gentoo Linux Security Advisory GLSA 200707-06 - XnView is vulnerable to a stack-based buffer overflow while processing an XPM file with an overly long section string (greater than 1024 bytes). Versions less than 1.70 are affected.
47a20614dbc69c9a82c5ba2a7b6e679f374a9a0cdb48a0ca4fdb310911d20989
Calyptix Security Advisory - Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to cross-site request forgery. The vulnerable firmwares include 3.1.20031001, 3.1.20060921, and 3.1.20070605. Other eSoft products were not tested. This vulnerability allows an attacker to run commands on the web interface if the attacker can get the eSoft user to view a hostile web page while logged into his eSoft. These actions could include opening up remote access.
ff2820b979ab7a729e267c92c50a8b221b9ffde20769cec07007eaf16aff470b
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, and Cisco Unified Presence Server (CUPS) contain two vulnerabilities that could allow an unauthorized administrator to activate and terminate CUCM / CUPS system services and access SNMP configuration information. This may respectively result in a denial of service (DoS) condition affecting CUCM/CUPS cluster systems and the disclosure of sensitive SNMP details, including community strings.
e4d199911a31b436a44c19ac49895a06a5e71ead99c629651756bd1a72c1c83c
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two overflow vulnerabilities that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code.
281e99beaa38c2cf33f1055464f410a1afd9a252f1ec016502e30b8c91c83d29
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
329ad13ae12390d3758017297e307ca06744bfb4e3fb61424b4f064faf5a2bbb
proxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
225317c491c73020a70f12fc88eb850b91684e2c7440b063846fe4562d4fab69
Anti Forensics: Making Computer Forensics Hard.
f4380d3dd58acf7c9ecd5bf19caaffa07198a6219a7f4223e3929996454851f3
ClamAV versions below 0.91 crash while processing corrupted RAR files causing a null pointer dereference.
5b42ff9f765704ffe998246de74ea9b63086ae5f376127abccefc7fee8cacc6b
Boxer 0.99 BETA3 appears to be a Linux 2.6 series /dev/mem rootkit binary. This binary has not been tested and should be researched/tested with extreme caution.
573e2154c1af45b89c76906c7781788bce59db3910d3f9b9535468e915d4b829
The SquirrelMail G/PGP Encryption plug-in suffers from a remote command execution vulnerability.
d29af9055ded56707d99c5a1399f4b59b1bc6feb115bb7cddf7e6e8b30e0e3c4
The AVG Antivirus core kernel mode service driver (avg7core.sys) provides functionality that under a default install allows an unprivileged user to write arbitrary data to arbitrary addresses. This issue has been verified as affecting AVG Free 7.5.446 and AVG Antivirus 7.5.448. The version of avg7core.sys in question is 7.5.0.444.
63f6a4f5605ba332012034c38c74dd36885f47a28461e630ddc1b6e0934efe6c
CYBSEC Security Advisory - The TippingPoint IPS suffers from a bypass vulnerability. TippingPoint IPS systems running TOS versions 2.1.x, 2.2.x prior to 2.2.5, and 2.5.x prior to 2.5.2 are affected.
4bc620793b3d80e58b78c3a482567f0b81103609f4ee8619280d06d1f7a519de
Dvbbs version 7.1.0 SP1 suffers from a direct database download vulnerability.
f907ed68b5e81d54fb876081d0a8078024d33fbb1a169755c4627bb1e92c809a
NGSSoftware has discovered a low risk vulnerability in Active Directory which can allow an unauthenticated user to cause a denial of service condition on any affected system.
8b913d51a0f479f8ae2e362accd80b6bc07755dabb6524a56dcba5c502ec56be
Ubuntu Security Notice 482-1 - John Heasman discovered that OpenOffice did not correctly validate the sizes of tags in RTF documents. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges.
7125f458a76c35357a3a5556e199ff8306c37bfe70a8b6b4b8922c3fd9132772
enVivo!CMS suffers from a SQL injection vulnerability.
efe2a33116216481775b08a490a7a7363c061437d7b4cb3a46871f834910d1a1
PyFault is a python library for fault injection in Win32 based applications. Currently it implements a DLL injection and ejection mechanism.
b271d6b2c8fa2383e8a568dd399cf266ddd139738cb05fa96fb7c693e452bf43