CA is aware that two functional exploit code samples were publicized on May 16, 2007. These two denial of service exploits are associated with vulnerabilities in CA BrightStor ARCserve Backup Mediasvr.exe and caloggerd.exe.
217dacb3ef74fd30d24c653312053d6e3b3cc12fdb8552dd63f62208d5371a8bCERT notified Symantec that a buffer overflow exists in an ActiveX Control used by Norton Personal Firewall. The error occurs in the Get() and Set() functions used by ISAlertDataCOM, which is part of ISLALERT.DLL. A successful exploit of this vulnerability could potentially allow the remote execution of code on a vulnerable system, with the rights of the logged-in user.
d49a4538ed914205ac16fccdbfb47339d45d295f3853beba2e60cbf022694dfeRFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
b8bf6e36904336c295481c300f79d207a1c244835556b73486862065b4633089vBulletin versions below 3.6.6 suffers from a persistent cross site scripting vulnerability.
1dd601758f6141dad6d537e45ad3cf03e9eed5f71b3add651d2768575918357dI, Bot, Taking Advantage Of Robots Power. A response to the original bot related article in Phrack written by Michal Zalewski.
65125b1cb8181a69db22934fe67ab1f73eaca1c3d9d51fb03ab01b0cfb439066Ubuntu Security Notice 460-1 - Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. Brian Schafer discovered that Samba did not handle NDR parsing correctly. A remote attacker could send specially crafted MS-RPC requests that could overwrite heap memory and execute arbitrary code. It was discovered that Samba did not correctly escape input parameters for external scripts defined in smb.conf. Remote authenticated users could send specially crafted MS-RPC requests and execute arbitrary shell commands.
6914e4ef57d5cba14b131afee51e340df9513c0e417dc92314448e89e764889fWikyBlog version 1.4.12 suffers from a remote file inclusion vulnerability in index.php.
e1c2a7cf10f16a06a458406ad4ffb1047c438dd2c65205287df32597ce9602c0Debian Security Advisory 1292-1 - Andreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
47f788a7e60361a1881491ab8ba5257c47134ca37c62789d73da1857652f12e6Jetbox CMS is susceptible to multiple cross site scripting vulnerabilities.
1467df3d1042f24c092b663fb2f7a2313f3aac84a2e9b7363e6bb4d70b86ad75A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarLookupSids/LsarLookupSids2, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution.
76f65d4d71cc94e38a05ee64c8a9e20c5472e253f2a5d93e2c20babe3dec46daA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the SRVSVC RPC interface. When parsing a request to NetSetFileSecurity, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution.
2a0a7dc2a4a96db2502028c2798a6ba66cb146760c5a1fd399c59e4b938f5dc4A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the SPOOLSS RPC interface. When parsing a request to RFNPCNEX, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution.
80e32a153c6fb16975da4fe838eceb01622843a33e00fc6fddd48f3343300db8A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the DFS RPC interface. When parsing a request to DFSEnum, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution.
91e22055cc50dfceefce609e05032fcf5fcbf0d73d7f8055b284244bf02e2fafA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarAddPrivilegesToAccount, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution.
4e58ac3963f27cec1b2f15f211c2a7326c21eed90dd19a2e29069017e1fd6f91Debian Security Advisory 1291-1 - Several issues have been identified in Samba, the SMB/CIFS file and print server implementation for GNU/Linux. When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish addition means of gaining root access to the server. Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution
2c5900e1912afd8808c8d32a8f51cf028a1f8f9945e52bcc70856e6f69c1562fJetbox CMS version 2.1 suffers from an e-mail injection vulnerability that allows for spamming.
c7dbc50ccce006e515819bdfd897c3f26b5d448ed854794e900d74ea6f84cf5bGentoo Linux Security Advisory GLSA 200705-15 - Samba contains a logical error in the smbd daemon when translating local SID to user names (CVE-2007-2444). Furthermore, Samba contains several bugs when parsing NDR encoded RPC parameters (CVE-2007-2446). Lastly, Samba fails to properly sanitize remote procedure input provided via Microsoft Remote Procedure Calls (CVE-2007-2447). Versions less than 3.0.24-r2 are affected.
11828015d844fd7596084722c8d3906387cfbfabeefee3497ff0cdd5165a5763Proof of concept code that demonstrates a flaw with how Comodo Firewall uses process identifiers in Microsoft Windows allowing for complete bypass.
554567a136180ed2caf57600fcc2ac53de65c4b4dc1b264bec728e134b623c95Proof of concept code that demonstrates a flaw with how ZoneAlarm uses process identifiers in Microsoft Windows allowing for complete bypass.
85d488235cded3eec20abacf33b255071cbc8ab0b26d3ebfcb4f29456b781007A flaw with how various personal firewalls and HIPS software use process identifiers in Microsoft Windows allows for complete bypass. Comodo Firewall Pro 2.4.18.184, Comodo Personal Firewall 2.3.6.81, and ZoneAlarm Pro 6.1.744.001 are some of the products affected.
a08b2e81d6fcc34325cc87218835cf89eb4ed2768bb3e42846f83adf580d458cVarious HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious content to bypass HTTP content scanning systems. Systems affected include Checkpoint Web Intelligence and IBM ISS Proventia Series systems.
ed7d99c4b0c8cf924026804e5a72dd264e34e794211f2f18d66d3c41fdd46077w2box web version 2.0 suffers from a file upload vulnerability that allows for remote code execution.
f0a012cdb166391c4e9f98f767c1d5c041fccc9b1ea9943b9d745e98eadc8905tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
454818555920cfc15815b9bfb4cb6432d315da73b692aaad39e9575eeedbfcbdPrecisionID Barcode ActiveX version 1.9 remote arbitrary file overwrite exploit.
1d2609dab203b1100ee239bb2e2955bb95f9288fa23799b0b797b5053b9dbc3bEudora version 7.1 SMTP ResponseRemote remote buffer overflow exploit that spawns calc.exe.
dee4298443c6b9d9f415fc207a19503a11daee971e419b00b9f6a8fd6f8c4484
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed