Section: .. / Last 20 Files /
| /// File Name: | FreeBSD-SA-09-02.openssl.txt | Description:
| FreeBSD Security Advisory - The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys. | | Homepage: | http://security.freebsd.org/ | | File Size: | 9519 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 17:43:21 2009 | | MD5 Checksum: | 2328586310ef4612f8f258d3c8e4f921 |
|
| /// File Name: | USN-704-1.txt | Description:
| Ubuntu Security Notice USN-704-1 - It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19482 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 17:42:50 2009 | | MD5 Checksum: | 077790a3f249b28578aa11ebed3c7d63 |
|
| /// File Name: | CA20090107-01.txt | Description:
| CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1. | | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4398 | | Related CVE(s): | CVE-2009-0043 | | Last Modified: | Jan 7 17:39:25 2009 | | MD5 Checksum: | 29eac4fb82df696ee49b0366799f009d |
|
| /// File Name: | dsa-1697-1.txt | Description:
| Debian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. | | Homepage: | http://www.debian.org/security | | File Size: | 23670 | | Related CVE(s): | CVE-2008-0016, CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4070, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 7 17:38:42 2009 | | MD5 Checksum: | ea76c5b29f1d0319d27fce26bab370e7 |
|
| /// File Name: | dsa-1696-1.txt | Description:
| Debian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. | | Homepage: | http://www.debian.org/security | | File Size: | 21741 | | Related CVE(s): | CVE-2008-0016, CVE-2008-1380, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070, CVE-2008-5012, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 7 17:37:26 2009 | | MD5 Checksum: | 210d8ff45d55800a263974339b0aa0df |
|
| /// File Name: | quotebook-disclose.txt | Description:
| QuoteBook suffers from a remote configuration file disclosure vulnerability. | | Author: | Moudi | | File Size: | 1632 | | Last Modified: | Jan 7 17:36:13 2009 | | MD5 Checksum: | 334416236b2d1646866c721e1217db07 |
|
| /// File Name: | cts2009-cfp.txt | Description:
| Call For Papers for the 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009). It will be held from May 18th through May 22nd, 2009 at the Westin Baltimore Washington International Airport Hotel. | | Homepage: | http://cisedu.us/cis/cts/09/main/callForPapers.jsp | | File Size: | 8604 | | Last Modified: | Jan 7 15:26:35 2009 | | MD5 Checksum: | 0c4e7f9a7eb7cef5b9bdcebe31b1a2f1 |
|
| /// File Name: | cisco-sa-20090107-gss.txt | Description:
| Cisco Security Advisory - The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. | | Homepage: | http://www.cisco.com/ | | File Size: | 13432 | | Related CVE(s): | CVE-2008-3819 | | Last Modified: | Jan 7 15:24:21 2009 | | MD5 Checksum: | 111832b44a96a01d091ace59ff081afd |
|
| /// File Name: | secadv_20090107.txt | Description:
| Several functions inside OpenSSL incorrectly checked the result aftercalling the EVP_VerifyFinal function, allowing a malformed signatureto be treated as a good signature rather than as an error. This issueaffected the signature checks on DSA and ECDSA keys used withSSL/TLS.One way to exploit this flaw would be for a remote attacker who is incontrol of a malicious server or who can use a 'man in the middle'attack to present a malformed SSL/TLS signature from a certificate chainto a vulnerable client, bypassing validation. | | Homepage: | http://www.openssl.org/ | | Related File: | oCERT-2008-016.txt | | File Size: | 7906 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 15:21:31 2009 | | MD5 Checksum: | 5ff1f702db3b6ad0f391aaa8dc65fdbb |
|
| /// File Name: | oCERT-2008-016.txt | Description:
| Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation. | | Author: | Will Drewry | | Homepage: | http://www.ocert.org/ | | File Size: | 3545 | | Related CVE(s): | CVE-2008-5077, CVE-2008-0021, CVE-2008-0025 | | Last Modified: | Jan 7 15:17:20 2009 | | MD5 Checksum: | be0e81721da50c8f104a4d26e99d8d02 |
|
| /// File Name: | msienull-dos.txt | Description:
| A NULL pointer read vulnerability exists in Microsoft Internet Explorer versions 6.0, 7.0, and 8.0 Beta. | | Author: | SkyLined | | File Size: | 330 | | Last Modified: | Jan 7 15:10:42 2009 | | MD5 Checksum: | f739f49d13fa6d3d74c4fc6650a3ff73 |
|
| /// File Name: | winamp-overflow.txt | Description:
| WinAmp GEN_MSN plugin heap buffer overflow proof of concept exploit that creates a malicious .pls file. | | Author: | SkD | | File Size: | 1755 | | Last Modified: | Jan 7 15:07:57 2009 | | MD5 Checksum: | 5824fe2861b742b0866cae3c6aee3970 |
|
| /// File Name: | secunia-sapgui.txt | Description:
| Secunia Research has discovered a vulnerability in SAP GUI, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included TabOne ActiveX control (sizerone.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. SAP GUI 6.40 Patch 29 and SAP GUI 7.10 are both affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4916 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 15:02:45 2009 | | MD5 Checksum: | f6d854e9387019c1663440299fd11826 |
|
| /// File Name: | secunia-tsc2.txt | Description:
| Secunia Research has discovered a vulnerability in TSC2 Help Desk, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included CTab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. TSC2 Help Desk version 4.1.8 is affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4185 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 15:01:12 2009 | | MD5 Checksum: | 8e5f09145f01b0c4f776688b090702fa |
|
| /// File Name: | secunia-componentone.txt | Description:
| Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ComponentOne SizerOne version 8.0.20081.140 is affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 5118 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 14:59:14 2009 | | MD5 Checksum: | 8ad3f227012766eb7fe25b07b3b6a9ec |
|
| /// File Name: | phpfusionecart-sql.txt | Description:
| The PHP-Fusion E-Cart module suffers from a remote SQL injection vulnerability. | | Author: | IRCRASH | | Homepage: | http://ircrash.com/ | | File Size: | 2149 | | Last Modified: | Jan 7 14:57:15 2009 | | MD5 Checksum: | 10b75350d8ccf4d47ec487d656641dff |
|
| /// File Name: | audacity162-crash.txt | Description:
| Audacity version 1.6.2 remote off by one crash exploit that creates a malicious .aup file. | | Author: | Stack | | Homepage: | http://v4-team.com/ | | File Size: | 2284 | | Last Modified: | Jan 7 14:54:39 2009 | | MD5 Checksum: | e4e644f47dbb544d96d84f420806f0c2 |
|
| /// File Name: | perceptionliteserve-overflow.txt | Description:
| Perception LiteServe version 2.0.1 remote buffer overflow proof of concept exploit. | | Author: | H-T Team | | Homepage: | http://no-hack.fr/ | | File Size: | 995 | | Last Modified: | Jan 7 14:39:51 2009 | | MD5 Checksum: | e7c676fe749e9e01fdca731255cba651 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
