 |
|
|
|
Multiple Microsoft Excel buffer oveflows
updated since 09.01.2007 | | Published: |  | 01.02.2007 | | Source: |  | FULL-DISCLOSURE | | SecurityVulns ID: |  | 7027 | | Type: |  | client | | Level: |  | 7/10 | | Description: |  | Heap buffer overflow on oversized value of BIFF8 type column. Heap buffer overflow on oversized palette value for BIFF8 type column. |
| Affected: |  | MICROSOFT : Office 2000 | | | | MICROSOFT : Office XP | | | | MICROSOFT : Office 2003 | | CVE: |  | CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.) | | | | CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.) | | | | CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability.") | | | | CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.) | | | | CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.) |
| IPSwitch WS_FTP multiple security vulnerabilities with iFTPAddU / iFTPAddH (multiple bugs) | | Published: | | 01.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7143 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflows with iFTPAddU, iFTPAddH files parsing. |
| Affected: | | IPSWITCH : WS_FTP Server 5.04 | | CVE: | | CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 01.02.2007 | | Source: | | | | SecurityVulns ID: | | 7135 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | SIPS : SIPS 0.3 | | | | EXOSCRIPTS : ExoPHPDesk 1.2 | | | | ZENPHOTO : zenphoto 1.0 | | | | OPENEMR : OpenEMR 2.8 | | | | EXTCAL : ExtCalendar 2.0 | | | | CADRE : Cadre 20020724 | | | | L2JPROPCALC : L2J Dropcalc 4 | | | | PHPMYRING : PhpMyRing 4.1 | | | | EXTCALENDAR : Extcalendar 2 | | | | PHPBBTWEAKED : Phpbb Tweaked 3 | | | | HAILBOARDS : Hailboards 1.2 | | | | OMEGABOARD : Omegaboard 1.2 | | | | CERULEAN : Cerulean Portal System 0.7 | | | | PHPEVENTMAN : phpEventMan 1.0 | | | | SUN : Java System Access Manager 6.1 | | | | SUN : Java System Access Manager 6.2 | | | | SUN : Java System Access Manager 7.0 | | CVE: | | CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.) | | | | CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.) | | | | CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.) | | | | CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.) | | | | CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.) | | | | CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.) | | | | CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.) | | | | CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.) | | | | CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.) | | | | CVE-2007-0677 (PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.) | | | | CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.) | | | | CVE-2007-0662 (PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.) | | | | CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.) | | | | CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.) | | | | CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.) |
| Original document |  | ajannhwt_(at)_hotmail.com, phpEventMan v1.0.2 (level) Remote File Include Exploit (01.02.2007) |
| | | ajannhwt_(at)_hotmail.com, SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability (01.02.2007) |
| | | x0r0n_(at)_hotmail.com, Cerulean Portal System (phpbb_root_path) Remote File Include Exploit (01.02.2007) |
| | | x0r0n_(at)_hotmail.com, Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit (01.02.2007) |
| | | x0r0n_(at)_hotmail.com, Hailboards v1.2.0 (phpbb_root_path) Remote File Include Exploit (01.02.2007) |
| | | x0r0n_(at)_hotmail.com, Phpbb Tweaked (phpbb_root_path) Remote File Include Exploit (01.02.2007) |
| | | ajannhwt_(at)_hotmail.com, PhpMyRing <= 4.1.3b (path) Remote File Include Vulnerability (01.02.2007) |
| | | ajannhwt_(at)_hotmail.com, ExoPHPDesk <= 1.2.1 (faq.php) Remote SQL Injection Vulnerability (01.02.2007) |
| | | admin_(at)_hacklive.org, Hunkaray Duyuru Scripti (tr) == SQL Injection Vulnerability (01.02.2007) |
| | | admin_(at)_hacklive.org, Fullaspsite Asp Hosting (tr) == SQL Injection Vulnerability (01.02.2007) |
| | | Codebreak, Michelle's L2J Dropcalc (01.02.2007) |
| | | y3dips_(at)_gmail.com, [ECHO_ADV_63$2007] Cadre remote file inclusion (01.02.2007) |
| | | KabusTR.coM , Speedy Asp Discussion Forum (forum.mdb) Remote Password Disclosure Vulnerablity (01.02.2007) |
| thttpd information leak | | Published: | | 01.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7138 | | Type: | | remote | | Level: | | 3/10 | | Description: | | If thttpd is started from system root, system root is used as web server root directory. |
| Affected: | | THTTPD : thttpd 2.25 | | CVE: | | CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.) |
| Apple multiple applications format string vulnerabilities | | Published: | | 01.02.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7141 | | Type: | | client | | Level: | | 7/10 | | Description: | | Format string vulnerabilities in multiple client applications. |
| Affected: | | APPLE : Mac OS X 10.4 | | | | APPLE : Safari 2.0 | | | | APPLE : Help Viewer 3.0 | | | | APPLE : iMovie HD 6.0 | | | | APPLE : iPhoto 6.0 | | CVE: | | CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.) | | | | CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.) | | | | CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.) | | | | CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.) |
| inotify weak permissions | | Published: | | 01.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7146 | | Type: | | local | | Level: | | 5/10 |
| Affected: | | INOTIFY : inotify 0.3 | | CVE: | | CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files.") |
| Windows Live Messenger / Windows MSN Messenger decryptable password | | Published: | | 01.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7137 | | Type: | | local | | Level: | | 4/10 | | Description: | | Password is stored in registry in reversable encryption. |
| Comodo Firewall Pro privilege escalation | | Published: | | 01.02.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7139 | | Type: | | local | | Level: | | 5/10 | | Description: | | Insufficient filtering of hooked SSDT functions potentially allows code execution in system content. |
| Affected: | | COMODO : Comodo Firewall Pro 2.4 | | CVE: | | CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.) | | | | CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.) |
| Bloodshed Dev-C++ buffer overflow | | Published: | | 01.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7144 | | Type: | | local | | Level: | | 3/10 | | Description: | | Buffer overflow on oversized string in .cpp file. |
| Affected: | | BLLODSHED : Dev-C++ 4.9 | | CVE: | | CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.) |
| gtalkbot information leak | | Published: | | 01.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7148 | | Type: | | local | | Level: | | 4/10 | | Description: | | Username and password are passed in command line and can be obtained with process list. |
| Affected: | | GTALKBOT : gtalkbot 1.1 | | CVE: | | CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.) |
Multiple Orcale security vulnerabilities.... again...
updated since 18.01.2007 | | Published: | | 01.02.2007 | | Source: | | CERT | | SecurityVulns ID: | | 7064 | | Type: | | remote | | Level: | | 9/10 | | Description: | | Released security update fixes 17 security vulnerabilities for Oracle Database, 9 vulnerabilities in Oracle HTTP Server, 12 security vulnerabilities for Oracle Application Server, 7 vulnerabilities for Oracle E-Business Suite, 6 security bugs in Oracle Enterprise Manager, 3 bugs in Oracle PeopleSoft Enterprise PeopleTools. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment. |
| Affected: | | ORACLE : Oracle 9i | | | | ORACLE : Oracle E-Business Suite 11.0 | | | | ORACLE : Oracle 10g | | CVE: | | CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.) | | | | CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.) | | | | CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.) | | | | CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.) | | | | CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.) | | | | CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.) | | | | CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.) | | | | CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).) | | | | CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.) | | | | CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.) | | | | CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.) | | | | CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.) | | | | CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.) | | | | CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.) | | | | CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.) | | | | CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.) | | | | CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.) | | | | CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).) | | | | CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.) | | | | CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).) | | | | CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.) | | | | CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).) | | | | CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.) | | | | CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.) | | | | CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.) | | | | CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05. NOTE: Oracle has not disputed a reliable researcher report that claims this is for multiple buffer overflows and other issues in unspecified public procedures.) | | | | CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.) | | | | CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors related to the Data Guard and sys.dbms_drs privileges, aka DB03. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the GET_PROPERTY function in SYS.DBMS_DRS, which can be exploited for arbitrary code execution or a denial of service.) | | | | CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.) | | | | CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.) | | | | CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).) |
| Original document | | NGS Software Insight Security Research, Oracle 10g R2 Enterprise Manager Directory Traversal (01.02.2007) |
| | | SHATTER, Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL (25.01.2007) |
| | | SHATTER, Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD (25.01.2007) |
| | | SHATTER, Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY (25.01.2007) |
| | | SHATTER, Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT (25.01.2007) |
| | | SHATTER, Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE (25.01.2007) |
| | | SHATTER, Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME (25.01.2007) |
| | | SYMANTEC, SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal (18.01.2007) |
| | | ISecAuditors Security Advisories, [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS (18.01.2007) |
| | | CERT, US-CERT Technical Cyber Security Alert TA07-017A -- Oracle Releases Patches for Multiple Vulnerabilities (18.01.2007) |
| Cisco IP telephony routers DoS | | Published: | | 01.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7136 | | Type: | | remote | | Level: | | 6/10 | | Description: | | SIP packet (UDP/5060) to device with vois over IP support, but not configured for SIP causes device to crash. |
| Affected: | | CISCO : IOS 12.3 | | | | CISCO : IOS 12.4 | | CVE: | | CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.) |
| Multiple Apple iChat Bonjour DoS conditions | | Published: | | 01.02.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7140 | | Type: | | client | | Level: | | 5/10 | | Description: | | Multiple problems because of insecure dynamic DNS usage. |
| Affected: | | APPLE : iChat 3.1 | | CVE: | | CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.) | | | | CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.) | | | | CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.) |
| Multiple Wireshark sniffer security vulnerabilities | | Published: | | 01.02.2007 | | Source: | | WIRESHARK | | SecurityVulns ID: | | 7142 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Problems with Ethernet frames parsing, HTTP and LLT packets parsing. |
| CVE: | | CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.) | | | | CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.) | | | | CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.) | | | | CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.) |
| ZABBIX SNMP monitoring problem | | Published: | | 01.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7145 | | Type: | | client | | Level: | | 5/10 |
| Affected: | | ZABBIX : ZABBIX 1.1. | | CVE: | | CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses.") |
| IBM AIX POP3 and IMAP daemons authentication problem | | Published: | | 01.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7149 | | Type: | | remote | | Level: | | 6/10 |
| Affected: | | IBM : AIX 5.3 | | CVE: | | CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability.") |
Sun Solaris ICMP DoS
updated since 01.02.2007 | | Published: | | 13.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7147 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Malformed ICMP packets cause system to crash. |
| Affected: | | ORACLE : Solaris 10 | | CVE: | | CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.) |
|
|
|
|
|
|
|
|
