openSUSE 10 Security Update : avahi (avahi-5882)

Specially crafted mDNS packets could crash the Avahi daemon CVE-2008-5081. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update avahi-5882. The text description of this plugin is C SUSE LLC...

bind 10.2/11.0 recompile

Updated bind packages are available for Slackware 10.2 and 11.0 to address a load problem. It was reported that the initial build of these updates complained that the Linux capability module was not present and would refuse to load. It was determined that the packages which were compiled on 10.2...

Fedora 8 : openvpn-2.1-0.29.rc15.fc8 (2008-10499)

2008.11.19 -- Version 2.1rc15 Fixed issue introduced in 2.1rc14 that may cause a segfault when a --plugin module is used. Added server-side --opt-verify option: clients that connect with options that are incompatible with those of the server will be disconnected without this option, incompatible...

Fedora 9 : openvpn-2.1-0.29.rc15.fc9 (2008-10691)

2008.11.19 -- Version 2.1rc15 Fixed issue introduced in 2.1rc14 that may cause a segfault when a --plugin module is used. Added server-side --opt-verify option: clients that connect with options that are incompatible with those of the server will be disconnected without this option, incompatible...

ProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BOF Exploit

No description provided by source. !/usr/bin/perl ProSysInfo TFTP server TFTPDWIN = 0.4.2 Universal Remote Buffer Overflow Exploit Works on all Windows versions. ---------------------------------------- Exploit by SkD [email protected] Let's take a description from their page at:...

Memory corruption

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac...

Memory corruption

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control...

Format string

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote...

Microsoft Word Malformed Value Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability

Description Microsoft Word is prone to a remote heap memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in use...

Microsoft Word Malformed Record Value Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in use...

[SECURITY] Fedora 8 Update: squirrelmail-1.4.17-1.fc8

SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 with no Javascript for maximum compatibility across browsers. It has very few requirements and is very easy to configure and instal...

[SECURITY] Fedora 10 Update: squirrelmail-1.4.17-2.fc10

SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 with no Javascript for maximum compatibility across browsers. It has very few requirements and is very easy to configure and instal...

Chilkat Crypt - ActiveX Arbitrary File CreationExecution

Chilkat Crypt - ActiveX Arbitrary File CreationExecution ----------------------------------------------------------------------------- Chilkat Crypt Activex Component Arbitrary File Creation/Execution url: http://www.chilkatsoft.com File: ChilkatCrypt2.dll CLSID:...

[SECURITY] Fedora 9 Update: openoffice.org-2.4.2-18.1.fc9

OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office...

Instant Expert Analysis ActiveX控件任意代码下载和执行漏洞

BUGTRAQ ID: 31752 CVECAN ID: CVE-2008-4385 Instant Expert Analysis允许站点通过单击方式快速分析用户的软硬件。 Instant Expert Analysis对Firefox或Netscape浏览器使用签名的Java Applet（SRLApplet.class，由sysreqlab2.jar或sysreqlab.jar提供），对Internet Explorer使用签名的ActiveX控件（sysreqlab.dll、sysreqlabsli.dll或sysreqlab2.dll）。...

Stack overflow

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File...

CVE-2008-4100

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the...