Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability

iDefense Security Advisory 07.11.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 11, 2007

I. BACKGROUND

Symantec has a wide range of Anti-Virus and Internet Security products
that are designed to protect users fr

[ more ]  [ reply ]

Symantec Backup Exec RPC Remote Heap Overflow Vulnerability

iDefense Security Advisory 07.11.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 11, 2007

I. BACKGROUND

Symantec Backup Exec is a data recovery solution. It provides backup
services and includes agents that provide protecti

[ more ]  [ reply ]

iDefense Labs wrote:
> WinPcap NPF.SYS Local Privilege Escalation Vulnerability
>
> iDefense Security Advisory 07.09.07
> http://labs.idefense.com/intelligence/vulnerabilities/
> Jul 09, 2007
>
> I. BACKGROUND
>
> WinPcap is a software package that facilitates real-time link-level
> network access f

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

There is a French website about two vulnerabilities ; the one works on
Wordpress (27/05/2007) and the other on Dotclear (08/07/2007) :

http://ar3av.free.fr/sommaire.php

If a Dotclear blog administrator is logged in (or has a cookie for
automa

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Unified Communications Manager and
Presence Server Unauthorized Access Vulnerabilities

Document ID: 97060

Advisory ID: cisco-sa-20070711-voip

http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml

Revision 1

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Unified Communications Manager
Overflow Vulnerabilities

Document ID: 92015

Advisory ID: cisco-sa-20070711-cucm

http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml

Revision 1.0

For Public Release 2007 Jul

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Noam Rathaus wrote:
> Hi,
>
> The vulnerability also affects unrar (3.70 beta 3 freeware by Alexander
> Roshal), as it tries to read a negative location from a pointer reference in
> the SET_VALUE(false,Data,Addr-Offset) function (found in rarvm.cp

[ more ]  [ reply ]

By : Hasadya Raed
Contact : Raed (at) BsdMail (dot) Com [email concealed]
Israel
--------------------------
Script : Dvbbs Version 7.1.0 Sp1
Dork : "Powered By Dvbbs Version 7.1.0 Sp1"
--------------------------
Exploit :
http://www.victim.com/Data/Dvbbs7.mdb

[ more ]  [ reply ]

Hi,

The vulnerability also affects unrar (3.70 beta 3 freeware by Alexander
Roshal), as it tries to read a negative location from a pointer reference in
the SET_VALUE(false,Data,Addr-Offset) function (found in rarvm.cpp).

The values of Addr is 1666528 while Offset is 4546004 which of course resu

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vendor
- ------
Clam Antivirus (http://www.clamav.net)

Product
- -------
Clamav (libclamav)

Versions Affected
- -----------------
All before 0.91

Severity
- --------
Moderate

Issue
- -----
Clamav crashes due to processing of standard filters in RAR

[ more ]  [ reply ]

SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability

Bugtraq ID: 24782

-----------------------------

There are various vulnerabilities in this software! One is in keyring_main.php!
$fpr is not escaped from shellcommands!

testbox:/home/w00t# cat /tmp/w00t
cat: /tmp/w00t: N

[ more ]  [ reply ]

rPath Security Advisory: 2007-0137-1
Published: 2007-07-11
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Denial of Service
Updated Versions:
tshark=/conary.rpath.com@rpl:devel//1/0.99.6-0.1-1
wireshark=/conary.rpath.com@rpl:devel//1/0.99

[ more ]  [ reply ]

=======
Summary
=======
Name: Arbitrary kernel mode memory writes in AVG Antivirus
Release Date: 10 July 2007
Reference: NGS00500
Discover: Jonathan Lindsay <john-lindsay ngssoftware com>
Vendor: Grisoft
Vendor Reference: N/A
Systems Affected: Windows NT based systems
Risk: High
Status: Fixed

=====

[ more ]  [ reply ]

Peter Winter-Smith of NGSSoftware has discovered a low risk vulnerability in
Active Directory which can allow an unauthenticated user to cause a denial
of service condition on any affected system.

The only affected platform is Windows 2000 with Active Directory. Windows
2003 Server is NOT affected

[ more ]  [ reply ]

===========================================================
Ubuntu Security Notice USN-482-1 July 10, 2007
openoffice.org(2)/-amd64 vulnerability
CVE-2007-0245
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6

[ more ]  [ reply ]

========================================================================

= SUN Java JNLP Overflow
=
= Vendor Advisory:
= http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
=
= Affected Software:
= Java Web Start in JDK and JRE 6 Update 1 and earlier
= Java Web Start in JDK

[ more ]  [ reply ]

Dear bugtraq (at) securityfocus (dot) com [email concealed],

durito [damagelab] -durito[at]mail[dot]ru- reported SQL injection
vulnerability in enVivo!CMS through ID parameter of default.asp.

Example:

http://www.example.com/default.asp?action=article&ID=-1+or+1=(SELECT+TOP
+1+username+from+users)--

Original me

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:145
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

XSS Tunnelling is the tunnelling of HTTP traffic through an opened XSS
Channel. Thus any application with HTTP proxy support can tunnel its
traffic through an XSS Channel (a channel opened by a tool like XSS
Shell).

White paper is explaining XSS Tunnelling, benefits, real worlds
examples and basic

[ more ]  [ reply ]

========================================================================

= TippingPoint IPS Signature Evasion
=
= Vendor Website:
= http://www.tippingpoint.com
=
= Affected Version:
= TippingPoint IPS running TOS versions 2.1 & 2.2.0 - 2.2.4
=
= Vendor Notified. 18th January 2006
= Public Disc

[ more ]  [ reply ]

Michal Zalewski wrote:
>> 1. Firefox 2.0.0.4 Remote Denial of Service Vulnerability
>> http://sapheal.hack.pl/phun/ff2die/
>This does not crash on me, and I can't see a likely mechanism of action
>that would lead to a DoS condition.

It did hang Firefox 2.0.0.4 (32 bit) at my place (Microsoft Vista

[ more ]  [ reply ]

Microsoft Publisher 2007 Arbitrary Pointer Dereference

Release Date:
July 10, 2007

Date Reported:
February 16, 2007

Severity:
High (Remote Code Execution)

Vendor:
Microsoft

Vendor Software Affected:
Microsoft Office 2007 Small Business
Microsoft Office 2007 Professional
Microsoft Office 2007 Ul

[ more ]  [ reply ]

========================================================================

= Multiple .NET Null Byte Injection Vulnerabilities
=
= Vendor Website:
= http://www.microsoft.com
=
= Affected Version:
= .NET FrameWork v1.1 SP1
= .NET FrameWork v2.0.50727
=
= Vendor Notified - October, 2006
= Publi

[ more ]  [ reply ]

Hello Gianluca,

You are right, i'm so sorry about my "bug", i'm updating the advisory right now in order to fix it. The latest affected version is 4.0 as you said.

Updated advisory at :

http://www.48bits.com/exploits/npfxpl.c

Kind regards,

Mario Ballano

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:144
http://www.mandriva.com/security/
____________________________________________________________________

[ more ]  [ reply ]

mballano (at) gmail (dot) com [email concealed] wrote:
> WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit
> -------------------------------------------------------------
>
> Affected software:
>
> (*) WinPcap versions affected (Confirmed)
>
> - WinPcap 3.1
> - WinPcap 4.1
^^^^^^^^^^^

Can you c

[ more ]  [ reply ]

Hello

The statements below, as well as on the paper itself ("So far,
discussion has focused solely on browser issues and has ignored the
fact that web proxies are also vulnerable to the same attacks.") are
somewhat inaccurate.

Please look at the following BugTraq posting submitted July 29th, 2002

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory

Advisory ID: SYMSA-2007-005
Advisory Title: Vista Windows Firewall Incorrectly Applies

[ more ]  [ reply ]

IBM AIX libodm ODMPATH Stack Overflow Vulnerability

iDefense Security Advisory 07.09.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 09, 2007

I. BACKGROUND

AIX applications use libodm to access system settings and device
configuration data stored in the Object Database Manager. The

[ more ]  [ reply ]

DNS-based attacks against browsers have been known about for years. These
attacks have received increased attention recently, following the discovery
of defects within browser-based DNS pinning defences.

So far, discussion has focused on browser issues. However, the same attacks
can also be perform

[ more ]  [ reply ]