samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

Fedora 7 : php-pear-DB-1.7.11-1.fc7 (2007-0249)

1.7.11 : fbsql : - Fixed commit and rollback to specify the handle to be used. 1.7.10 : mysqli : - Added a type map for BIT fields. 1.7.9 : sybase : - Added divide by zero error mapping. - Added a specific quoteFloat implementation along the same lines as fbsql. - Updated tableInfo to cope with o...

Lotus Domino任意访问内存映射文件漏洞

BUGTRAQ ID: 26146 CVECAN ID: CVE-2007-5544 Lotus Domino/Notes服务器是一款基于WEB协同工作的应用程序架构，运行在Linux/Unix和Microsoft Windows操作系统平台下。 Lotus Domino的IPC机制实现上存在漏洞，本地攻击者可能利用此漏洞提升权限。 Lotus Domino的NLNOTES和NTASKLDR间进程间通讯（IPC）机制是通过内存映射的文件执行的，在创建文件时向ACL参数传送了NULL，导致EVERYONE都赋予了完全控制权限。...

kernel LTC31426-4k page mapping support for userspace in 64k kernels

The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space...

Multiple libvorbis flaws (CVE-2007-4066, CVE-2007-4029)

libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via 1 an invalid mapping type, which triggers an out-of-bounds read in the vorbisinfoclear function in info.c, and 2 invalid blocksize values that trigger a segmentation faul...

Using a reverse connection break the tcp/ip limit of the process-vulnerability warning-the black bar safety net

Everyone is engaged in unicode when there's no found sometimes tftp fails, that is the other host is forced to close a remote connection, this situation generally is the other administrator for the tcp/ip or the firewall's sake, yesterday I after testing, found a way to break this limitation of t...

RHEL 5 : nfs-utils-lib (RHSA-2007:0951)

An updated nfs-utils-lib package to correct two security flaws is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The nfs-utils-lib package contains support libraries that are needed by the command...

Important: kernel security update

2.6.18-8.1.14.0.2.el5 - Fix bonding primary=ethX Bert Barbe IT 101532 ORA 5136660 - Add entropy module option to e1000/bnx2 John Sobecki ORA 6045759 2.6.18-8.1.14.el5 - Revert changes back to 2.6.18-8.1.10. - x8664 Zero extend all registers after ptrace in 32bit entry path Anton Arapov 297871...

CVE-2007-4470

Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors...

CVE-2007-4470

The CVE-2007-4470 entry describes multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control (NCSView.dll) shipped with ER Mapper ECW JPEG 2000 Plug-in before version 8.1, affecting the NCSView ActiveX control prior to 3.4.0.242. This allows remote attackers to ex...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters...

[SECURITY] Fedora 7 Update: qtpfsgui-1.8.12-1.fc7

Qtpfsgui is a graphical program for assembling bracketed photos into High Dynamic Range HDR images. It also provides a number of tone-mapping operators for creating low dynamic range versions of HDR images...

jsp vulnerabilities and solutions-vulnerability warning-the black bar safety net

Overview: The server vulnerability is a security Origin, a hacker on the site of the attack is also mostly from the Find each other's vulnerabilities. So only understand its own vulnerability, the site managers to take appropriate measures to prevent foreign attacks. The following describes some ...

Exploit for eTrust Antivirus Agent r8

No description provided by source. / ---------------------------------------------------------------------- | 48Bits Advisory -=- Privilege Elevation in eTrust Antivirus Agent r8 | ---------------------------------------------------------------------- Affected versions :...

Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability

Hi, Here binagres aka ..., for all the "vinagreta" : ---------------------------------------------------------------------- | 48Bits Advisory -=- Privilege Elevation in eTrust Antivirus Agent r8 | ---------------------------------------------------------------------- Affected versions : - eTrust...

eTrust AntiVirus Agent r8 - Local Privilege Escalation

/ ---------------------------------------------------------------------- | 48Bits Advisory -=- Privilege Elevation in eTrust Antivirus Agent r8 | ---------------------------------------------------------------------- Affected versions : I have tested with: - eTrust Antivirus Agent r8 -...

Fenice OMS server 1.10 Remote Buffer Overflow Exploit (exec-shield)

No description provided by source. / Fedora Core 6 exec-shield based Fenice OMS server fenice-1.10.tar.gz remote root exploit by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...

Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability

----------------------------------------------------------------------------------------- Maplab = 2.2.1 gszAppPath Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : Mufti Rizal a.k.a mbahngarso Date : March, 30t...

CVE-2007-1530

The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service mapping failure by omitting an ACK response, which triggers an XML syntax error...

Design/Logic Flaw

The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service mapping failure by omitting an ACK response, which triggers an XML syntax error...