== DoS attacks on MIME-capable software via complex MIME emails ==
== Preface ==
On the phneutral 0x7d8 and RSS 08, I gave short talks on a widely unregarded
problem with MIME software. Due to popular demand, I decided to publish a
short writeup of the talk.
== What is MIME? ==
MIME is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2008:236-1
http://www.mandriva.com/security/
This *should* work provided that you have met the following requirements:
1) A writable directory under documentroot to place those files (obviously)
2) You don't have proc_open in your disabled_functions list
3) You are able to compile a shared library on the same platform as the target
web
SEC Consult Security Advisory 20081209-0
=
title: Microsoft SQL Server 2000 sp_replwritetovarbin
limited memory overwrite vulnerability
program
rPath Security Advisory: 2008-0332-1
Published: 2008-12-09
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Major
Exposure Level Classification:
Local User Non-deterministic Privilege Escalation
Dear [EMAIL PROTECTED],
Idea is not new. Same vulnerabilit was reported for Agnitum Outpost by
Alexander Andrusenko in 2004, http://securityvulns.com/news3687.html
Also, same vulnerabilities were reported and fixed in Sendmail
(CVE-2006-1173).
--Tuesday, December 9, 2008, 1:52:17
Litel Update.
in the previous advisory there was some wrong report because of, the update of
anti-virus product version.
Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass
==
Secunia Research 09/12/2008
- Microsoft Word RTF Polyline/Polygon Integer Overflow -
==
Table of Contents
Affected
==
Secunia Research 09/12/2008
- Microsoft Excel NAME Record Array Indexing Vulnerability -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Vinagre show_error() format string vulnerability
1. *Advisory Information*
Title: Vinagre show_error() format string vulnerability
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDefense Security Advisory 12.09.08
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 09, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDefense Security Advisory 12.09.08
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 09, 2008
I. BACKGROUND
Microsoft Windows graphics device interface (GDI) enables applications
to use graphics and formatted text on both the video
==
Secunia Research 09/12/2008
- Microsoft Hierarchical FlexGrid Control Integer Overflows -
==
Table of Contents
Affected
ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-083
December 9, 2008
-- CVE ID:
CVE-2008-4255
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows XP
-- TippingPoint(TM) IPS
ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap
Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-084
December 9, 2008
-- CVE ID:
CVE-2008-4027
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Office Word
Microsoft Outlook
--
ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-085
December 9, 2008
-- CVE ID:
CVE-2008-4028
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Office Word
Microsoft Outlook
-- TippingPoint(TM) IPS
ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-086
December 9, 2008
-- CVE ID:
CVE-2008-4837
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Office Word
-- Vulnerability Details:
This
ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap
Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-087
December 9, 2008
-- CVE ID:
CVE-2008-4259
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Internet Explorer
-- TippingPoint(TM)
18 matches
Mail list logo