Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Microsoft Excel buffer oveflows
updated since 09.01.2007
Published:01.02.2007
Source:
SecurityVulns ID:7027
Type:client
Threat Level:
7/10
Description:Heap buffer overflow on oversized value of BIFF8 type column. Heap buffer overflow on oversized palette value for BIFF8 type column.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.)
 CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.)
 CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability.")
 CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.)
 CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.)
Original documentdocumentLifeAsaGeek_(at)_gmail.com, MS07-002 EXCEL Malformed Palette Record Vulnerability DOS POC (01.02.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) (09.01.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability (09.01.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability (09.01.2007)
Files:Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

Multiple Orcale security vulnerabilities.... again...
updated since 18.01.2007
Published:01.02.2007
Source:
SecurityVulns ID:7064
Type:remote
Threat Level:
9/10
Description:Released security update fixes 17 security vulnerabilities for Oracle Database, 9 vulnerabilities in Oracle HTTP Server, 12 security vulnerabilities for Oracle Application Server, 7 vulnerabilities for Oracle E-Business Suite, 6 security bugs in Oracle Enterprise Manager, 3 bugs in Oracle PeopleSoft Enterprise PeopleTools. There is also a large number of different old and new bugs, many are not fixed for years. It makes it useless to talk about Oracle security. Use 3rd party products to protect your Oracle environment.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle E-Business Suite 11.0
 ORACLE : Oracle 10g
CVE:CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.)
 CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.)
 CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.)
 CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.)
 CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.)
 CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.)
 CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.)
 CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).)
 CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.)
 CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.)
 CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.)
 CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.)
 CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.)
 CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.)
 CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.)
 CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.)
 CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.)
 CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).)
 CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.)
 CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).)
 CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.)
 CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).)
 CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.)
 CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.)
 CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.)
 CVE-2007-0272 (Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05. NOTE: Oracle has not disputed a reliable researcher report that claims this is for multiple buffer overflows and other issues in unspecified public procedures.)
 CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.)
 CVE-2007-0270 (Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors related to the Data Guard and sys.dbms_drs privileges, aka DB03. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the GET_PROPERTY function in SYS.DBMS_DRS, which can be exploited for arbitrary code execution or a denial of service.)
 CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.)
 CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.)
 CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).)
Original documentdocumentNGS Software Insight Security Research, Oracle 10g R2 Enterprise Manager Directory Traversal (01.02.2007)
 documentSHATTER, Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL (25.01.2007)
 documentSHATTER, Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE (25.01.2007)
 documentSHATTER, Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME (25.01.2007)
 documentSYMANTEC, SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal (18.01.2007)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS (18.01.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-017A -- Oracle Releases Patches for Multiple Vulnerabilities (18.01.2007)
Files:Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
 Remote Oracle dbms_export_extension exploit (any version) Grant or revoke dba permission to unprivileged user
 Remote Oracle KUPV$FT.ATTACH_JOB exploit (10g)
 Remote Oracle KUPW$WORKER.MAIN exploit (10g)
 Remote Oracle DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION exploit (9i/10g)
 Remote Oracle DBMS_METADAT.GET_DDL exploit (9i/10g)
 Remote Oracle dbms_export_extension exploit
 [0-day] Remote Oracle DBMS_AQ.ENQUEUE exploit (10g)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:01.02.2007
Source:
SecurityVulns ID:7135
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIPS : SIPS 0.3
 EXOSCRIPTS : ExoPHPDesk 1.2
 ZENPHOTO : zenphoto 1.0
 OPENEMR : OpenEMR 2.8
 EXTCAL : ExtCalendar 2.0
 CADRE : Cadre 20020724
 L2JPROPCALC : L2J Dropcalc 4
 PHPMYRING : PhpMyRing 4.1
 EXTCALENDAR : Extcalendar 2
 PHPBBTWEAKED : Phpbb Tweaked 3
 HAILBOARDS : Hailboards 1.2
 OMEGABOARD : Omegaboard 1.2
 CERULEAN : Cerulean Portal System 0.7
 PHPEVENTMAN : phpEventMan 1.0
 SUN : Java System Access Manager 6.1
 SUN : Java System Access Manager 6.2
 SUN : Java System Access Manager 7.0
CVE:CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.)
 CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.)
 CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.)
 CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.)
 CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.)
 CVE-2007-0677 (PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.)
 CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0662 (PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.)
 CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.)
Original documentdocumentajannhwt_(at)_hotmail.com, phpEventMan v1.0.2 (level) Remote File Include Exploit (01.02.2007)
 documentajannhwt_(at)_hotmail.com, SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Cerulean Portal System (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Hailboards v1.2.0 (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentx0r0n_(at)_hotmail.com, Phpbb Tweaked (phpbb_root_path) Remote File Include Exploit (01.02.2007)
 documentajannhwt_(at)_hotmail.com, PhpMyRing <= 4.1.3b (path) Remote File Include Vulnerability (01.02.2007)
 documentajannhwt_(at)_hotmail.com, ExoPHPDesk <= 1.2.1 (faq.php) Remote SQL Injection Vulnerability (01.02.2007)
 documentadmin_(at)_hacklive.org, Hunkaray Duyuru Scripti (tr) == SQL Injection Vulnerability (01.02.2007)
 documentadmin_(at)_hacklive.org, Fullaspsite Asp Hosting (tr) == SQL Injection Vulnerability (01.02.2007)
 documentCodebreak, Michelle's L2J Dropcalc (01.02.2007)
 documenty3dips_(at)_gmail.com, [ECHO_ADV_63$2007] Cadre remote file inclusion (01.02.2007)
 documentKabusTR.coM , Speedy Asp Discussion Forum (forum.mdb) Remote Password Disclosure Vulnerablity (01.02.2007)
Files:Extcalendar <= 2 (profile.php) Remote User Pass Change Exploit

Cisco IP telephony routers DoS
Published:01.02.2007
Source:
SecurityVulns ID:7136
Type:remote
Threat Level:
6/10
Description:SIP packet (UDP/5060) to device with vois over IP support, but not configured for SIP causes device to crash.
Affected:CISCO : IOS 12.3
 CISCO : IOS 12.4
CVE:CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.)
Original documentdocumentCISCO, Cisco Security Advisory: SIP Packet Reloads IOS Devices Not Configured for SIP (01.02.2007)

Windows Live Messenger / Windows MSN Messenger decryptable password
Published:01.02.2007
Source:
SecurityVulns ID:7137
Type:local
Threat Level:
4/10
Description:Password is stored in registry in reversable encryption.
Affected:MICROSOFT : Live Messenger 8.0
 MICROSOFT : MSN Messenger 7.5
Files:MSN Messenger v7.5 Password Decrypter Source Code for Windows XP & 2003
 Windows Live Messenger v8.0 Password Finder for Windows XP & 2003

thttpd information leak
Published:01.02.2007
Source:
SecurityVulns ID:7138
Type:remote
Threat Level:
3/10
Description:If thttpd is started from system root, system root is used as web server root directory.
Affected:THTTPD : thttpd 2.25
CVE:CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.)
Original documentdocumentGENTOO, [ GLSA 200701-28 ] thttpd: Unauthenticated remote file access (01.02.2007)

Comodo Firewall Pro privilege escalation
Published:01.02.2007
Source:
SecurityVulns ID:7139
Type:local
Threat Level:
5/10
Description:Insufficient filtering of hooked SSDT functions potentially allows code execution in system content.
Affected:COMODO : Comodo Firewall Pro 2.4
CVE:CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.)
 CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.)
Original documentdocumentMatousec - Transparent security Research, [Full-disclosure] Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability (01.02.2007)

Multiple Apple iChat Bonjour DoS conditions
Published:01.02.2007
Source:
SecurityVulns ID:7140
Type:client
Threat Level:
5/10
Description:Multiple problems because of insecure dynamic DNS usage.
Affected:APPLE : iChat 3.1
CVE:CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.)
 CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.)
 CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.)
Original documentdocumentMOAB, MOAB-29-01-2007: Apple iChat Bonjour Multiple Denial of Service Vulnerabilities (01.02.2007)
Files:basic proof of concept for Apple iChat Bonjour

Apple multiple applications format string vulnerabilities
Published:01.02.2007
Source:
SecurityVulns ID:7141
Type:client
Threat Level:
7/10
Description:Format string vulnerabilities in multiple client applications.
Affected:APPLE : Mac OS X 10.4
 APPLE : Safari 2.0
 APPLE : Help Viewer 3.0
 APPLE : iMovie HD 6.0
 APPLE : iPhoto 6.0
CVE:CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.)
 CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.)
 CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.)
 CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.)
Original documentdocumentMOAB, MOAB-30-01-2007: Multiple Apple Software Format String Vulnerabilities (01.02.2007)

Multiple Wireshark sniffer security vulnerabilities
Published:01.02.2007
Source:
SecurityVulns ID:7142
Type:remote
Threat Level:
5/10
Description:Problems with Ethernet frames parsing, HTTP and LLT packets parsing.
CVE:CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.)
 CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.)
 CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.)
 CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.)
Original documentdocumentWIRESHARK, Wireshark: wnpa-sec-2007-01 (01.02.2007)

IPSwitch WS_FTP multiple security vulnerabilities with iFTPAddU / iFTPAddH (multiple bugs)
Published:01.02.2007
Source:
SecurityVulns ID:7143
Type:remote
Threat Level:
5/10
Description:Buffer overflows with iFTPAddU, iFTPAddH files parsing.
Affected:IPSWITCH : WS_FTP Server 5.04
CVE:CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.)
Original documentdocumentMichal Bucko, Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities (01.02.2007)

Bloodshed Dev-C++ buffer overflow
Published:01.02.2007
Source:
SecurityVulns ID:7144
Type:local
Threat Level:
3/10
Description:Buffer overflow on oversized string in .cpp file.
Affected:BLLODSHED : Dev-C++ 4.9
CVE:CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.)
Files:Exploits Dev-C++ 4.9.9.2 Stack Overflow

ZABBIX SNMP monitoring problem
Published:01.02.2007
Source:
SecurityVulns ID:7145
Type:client
Threat Level:
5/10
Affected:ZABBIX : ZABBIX 1.1.
CVE:CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses.")

inotify weak permissions
Published:01.02.2007
Source:
SecurityVulns ID:7146
Type:local
Threat Level:
5/10
Affected:INOTIFY : inotify 0.3
CVE:CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files.")

gtalkbot information leak
Published:01.02.2007
Source:
SecurityVulns ID:7148
Type:local
Threat Level:
4/10
Description:Username and password are passed in command line and can be obtained with process list.
Affected:GTALKBOT : gtalkbot 1.1
CVE:CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.)

IBM AIX POP3 and IMAP daemons authentication problem
Published:01.02.2007
Source:
SecurityVulns ID:7149
Type:remote
Threat Level:
6/10
Affected:IBM : AIX 5.3
CVE:CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability.")

Sun Solaris ICMP DoS
updated since 01.02.2007
Published:13.01.2008
Source:
SecurityVulns ID:7147
Type:remote
Threat Level:
7/10
Description:Malformed ICMP packets cause system to crash.
Affected:ORACLE : Solaris 10
CVE:CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.)
Files:SunOS 5.10 ICMP Remote Kernel Crash Exploit Code

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod