Packetstorm Advisories

iDefense Security Advisory 08.27.07 - Remote exploitation of multiple buffer overflow vulnerabilities within Motorola Inc.'s Timbuktu allows attackers to crash the service or potentially execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of these vulnerabilities within version 8.6.3.1367 of Motorola Inc.'s Timbuktu Pro for Windows. Older versions are suspected to be vulnerable.

iDefense Security Advisory 08.27.07 - Remote exploitation of a directory traversal vulnerability in Motorola Inc.'s Timbuktu Pro allows attackers to delete or create files with SYSTEM privileges. iDefense confirmed the existence of this vulnerability in version 8.6.3.1367 of Motorola Inc.'s Timbuktu Pro for Windows. Other versions, including those for other operating systems are suspected to be vulnerable.

Ubuntu Security Notice 503-1 - Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious email, an attacker could execute helpers with arbitrary arguments with the user's privileges.

Debian Security Advisory 1358-1 - Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. These flaws range from denial of service to code execution vulnerabilities.

Stampit Web suffers from a denial of service vulnerability.

The SIDVault LDAP server is susceptible to a remote buffer overflow vulnerability.

VMWare Workstation version 6.0 for Windows suffers from a denial of service vulnerability and possible privilege escalation.

Asterisk Project Security Advisory - Asterisk suffers from a crash vulnerability when passed invalid MIME bodies when using voicemail with IMAP storage.

BufferZone version 2.5 suffers from denial of service and possible privilege escalation vulnerabilities.

A remote heap overflow condition in Real Helix's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of an RTSP command with multiple 'Require' headers. Versions prior to 11.1.4 are affected.

A remotely exploitable vulnerability has been discovered in the file parsing engine of Sophos AntiVirus versions prior to 2.48.0. The bug exists during the file parsing of UPX packed files.

A remotely exploitable vulnerability has been discovered in the file parsing engine of Sophos AntiVirus versions prior to 2.48.0. The bug exists during the file parsing of GZIP packed files.

A remote exploitable vulnerability exists in clamav-milter when used with sendmail due to an insecure call to popen(). ClamAV versions prior to 0.91.2 are affected.

Tikiwiki version 1.9.7 is susceptible to cross site scripting attacks.

Ubuntu Security Notice 502-1 - It was discovered that Konqueror could be tricked into displaying incorrect URLs. Remote attackers could exploit this to increase their chances of tricking a user into visiting a phishing URL, which could lead to credential theft.

ESTsoft ALPass version 2.7 suffers from an arbitrary code execution vulnerability when importing a specially crafted DB file.

Bugzilla versions below 2.20.5 and versions below 3.0.1 are susceptible to input validation and cross site scripting vulnerabilities.

The Soldat game versions 1.4.2 and below and dedicated server versions 2.6.2 and below suffer from remote denial of service vulnerabilities.

Skulltag versions 0.97d-beta4.1 and below suffer from a remote heap overflow vulnerability.

VDA Labs Advisory - Ipswitch FTP suffers from a cross site scripting vulnerability.