Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Newsrover / Newsbin / Newsreactor / Grabbit / News Files Grabber security vulnerabilities
Published:22.02.2007
Source:
SecurityVulns ID:7289
Type:client
Threat Level:
5/10
Description:Vulnerabilities on different XML-format files parsing.
Affected:NEWSBINPRO : News Bin Pro 5.33
 NEWSROVER : News Rover 12.1
 SHEMES : Grabit 1.5
 NEWSFILEGRABBER : News File Grabber 4.1
 NEWSREACTOR : NewsReactor 20070220
 GLUESOFTWARE : NewsGlue 1.3
CVE:CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.)
 CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.)
 CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.)
 CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.)
 CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Files:News Rover 12.1 Rev 1 Remote Stack Overflow exploit
 News Bin Pro 5.33 .NBI File Buffer Overflow exploit
 News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit
 News Bin Pro 4.32 Article Grabbing Remote Unicode Buffer Overflow
 NewsReactor 20070220 Article Grabbing Remote Buffer Overflow Exploit 1
 NewsReactor 20070220 Article Grabbing Remote Buffer Overflow

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod