Computer Security
[EN] securityvulns.ru no-pyccku


Oracle multiple security vulnerabilities
updated since 18.10.2007
Published:02.11.2007
Source:
SecurityVulns ID:8270
Type:remote
Threat Level:
7/10
Description:New quartly critical patch update fixes few dozens of security vulnerabilities.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 10g
CVE:CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.)
Original documentdocumentZDI, ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability (02.11.2007)
 documentSHATTER, [Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO (29.10.2007)
 documentSHATTER, [Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM (29.10.2007)
 documentDavid Litchfield, SQL Injection Flaw in Oracle Workspace Manager (18.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Oracle audit issue with XMLDB ftp service (18.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Oracle RDBMS TNS Data packet DoS (18.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Multiple SQL Injection Flaws in Oracle CTX_DOC package (18.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Oracle TNS Listener DoS and/or remote memory inspection (18.10.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-290A -- Oracle Updates for Multiple Vulnerabilities (18.10.2007)

Real Player multiple buffer overflows
updated since 25.10.2007
Published:02.11.2007
Source:
SecurityVulns ID:8292
Type:client
Threat Level:
7/10
Description:ActiveX vulnerability is used in-the-wild for silent trojan code installation via Internet Explorer. In addition, there is a buffer overflow on .mov files parsing and .mp3 ID3 tags.
Affected:REAL : RealPlayer 10
 REAL : RealOne Player 2
 REAL : RealPlayer 10.5
 REAL : RealPlayer 11
CVE:CVE-2007-4599
 CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.)
 CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.)
Original documentdocumentZDI, ZDI-07-061: RealNetworks RealPlayer SWF Processing Remote Code Execution Vulnerability (02.11.2007)
 documentZDI, ZDI-07-062: RealNetworks RealPlayer PLS File Memory Corruption Vulnerability (02.11.2007)
 documentZDI, ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability (02.11.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Heap overflow in RealPlayer ID3 tag parser (31.10.2007)
 documentPiotr Bania, RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption (26.10.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-297A -- RealNetworks RealPlayer ActiveX Playlist Buffer Overflow (25.10.2007)

Multiple image viewers multiple security vulnerabilities
updated since 05.04.2007
Published:02.11.2007
Source:
SecurityVulns ID:7535
Type:client
Threat Level:
6/10
Description:Multiple buffer overflows on BPM, TIFF, XPM, CLP, PSP, RAS, IFF, PNG images parsing.
Affected:ADOBE : Photoshop CS2
 GNU : GIMP 2.2
 IRFANVIEW : IrfanView 3.99
 ACD : ACDSee 9.0
 FASTSTONE : FastStone Image Viewer 2.9
 IRFANVIEW : IrfanView 4.0
 ADOBE : Photoshop CS3
 ADOBE : Photoshop Elements 5.0
 COREL : Paint Shop Pro 11.20
 ABCVIEW : ABC-View Manager 1.42
 XNVIEW : XnView 1.90
 PHOTOFILTRE : Photofiltre Studio 8.1
CVE:CVE-2007-4344
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.)
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.)
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.)
 CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.)
 CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.)
 CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.)
 CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.)
Original documentdocumentSECUNIA, Secunia Research: ACDSee Products Image and Archive Plug-ins Buffer Overflows (02.11.2007)
 documentifsecure_(at)_gmail.com, Several Windows image viewers vulnerabilities (05.04.2007)
Files:Several Windows image viewers vulnerabilities PoC
 IrfanView <= 4.00 .IFF File Buffer Overflow
 Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow
 Gimp v2.2.14 .RAS File SUNRAS Plugin Buffer Overflow
 ABC-View Manager 1.42 .PSP File Buffer Overflow
 FreshView 7.15 .PSP File Buffer Overflow
 Adobe Photoshop CS2 / CS3 Unspecified .BMP File Buffer Overflow
 Corel Paint Shop Pro Photo v11.20 Unspecified .CLP File Buffer Overflow
 ACDSee v9.0 .XPM File Buffer Overflow
 XnView 1.90.3 .XPM File Buffer Overflow
 Exploits Photofiltre Studio v8.1.1 .TIF File Buffer Overflow

Symantec Altris deployment solution directory traversal
Published:02.11.2007
Source:
SecurityVulns ID:8309
Type:remote
Threat Level:
6/10
Description:Directory traversal in PXE with TFTP/MFTP protocols.
Affected:SYMANTEC : Altris 6.8
CVE:CVE-2007-3874
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.31.07: Symantec Altiris Deployment Solution TFTP/MTFTP Service Directory Traversal Vulnerability (02.11.2007)

Verity KeyView SDK / Lotus Notes multiple buffer overflows
Published:02.11.2007
Source:
SecurityVulns ID:8310
Type:remote
Threat Level:
7/10
Description:Buffer overflows on parsing .mif, .aw, .rtf, .exe, .dll, .ag, .doc.
Original documentdocumentZDI, ZDI-07-059: Verity KeyView SDK Multiple File Format Parsing Vulnerabilities (02.11.2007)

HP OpenView Radia Integration Server directory traversal
Published:02.11.2007
Source:
SecurityVulns ID:8311
Type:remote
Threat Level:
5/10
Description:It's possible to access different directories by using constructions like ~root in TCP/3465 webserver.
CVE:CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.)
Original documentdocumentZDI, ZDI-07-060: HP OpenView Radia Integration Server File System Exposure Vulnerability (02.11.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.11.2007
Source:
SecurityVulns ID:8312
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ripe CMS: crossite scripting in http://site/contact-us with Name, address, Subject fields.
Affected:SBLOG : sBlog 0.7
 RIPECMS : Ripe CMS Lite 2.0
 SYNERGISER : Synergiser 1.2
 SCRIBE : scribe 0.2
Original documentdocumentkingoftheworld92_(at)_fastwebnet.it, Scribe <= 2.0 Remote PHP Code Execution (02.11.2007)
 documentkingoftheworld92_(at)_fastwebnet.it, Synergiser <= 1.2 RC1 Local File Inclusion & Full path disclosure (02.11.2007)
 documentGuns_(at)_0x90.com.ar, sBlog 0.7.3 Beta Cross Site Request Forgery (02.11.2007)
 documentMustLive, Vulnerabilities in Ripe CMS (02.11.2007)
Files:Exploits sBlog Cross Site Request Forgery Vulnerability

Blue Coat ProxySG crossite scripting
Published:02.11.2007
Source:
SecurityVulns ID:8313
Type:remote
Threat Level:
4/10
Description:Crossite scripting with administration interface.
Affected:BLUECOAT : Blue Coat SG400
Original documentdocumentProCheckUp Research, Two XSS on Blue Coat ProxySG Management Console (02.11.2007)

Novel Border Manager Client Trust buffer overflow
Published:02.11.2007
Source:
SecurityVulns ID:8314
Type:remote
Threat Level:
6/10
Description:Buffer overflow on UDP/3024 data parsing.
Affected:NOVEL : BorderManager 3.8
CVE:CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character.)
Original documentdocumentZDI, ZDI-07-064: Novell Client Trust Heap Overflow Vulnerability (02.11.2007)

SonicWall SSL VPN client multiple security vulnerabilities
Published:02.11.2007
Source:
SecurityVulns ID:8315
Type:client
Threat Level:
6/10
Description:Multiple vulnerabilities with different ActiveX elements.
Affected:SONICWALL : SonicWALL SSL-VPN 1.3
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALL SSL-VPN Client (02.11.2007)

Macrovision InstallShield ActiveX code execution
updated since 02.11.2007
Published:26.12.2007
Source:
SecurityVulns ID:8308
Type:client
Threat Level:
8/10
Description:Unsafe Update Service ActiveX method allows code execution.
Affected:MACROVISION : InstallShield Update Service 5.01
 MACROVISION : InstallShield Update Service 6.0
CVE:CVE-2007-5660
Original documentdocumentElazar Broad, [Full-disclosure] Installshield Update Service isusweb.dll Buffer Overflow (26.12.2007)
 documentIDEFENSE, iDefense Security Advisory 10.31.07: Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability (02.11.2007)
Files:Macrovision Installshield isusweb.dll SEH Overwrite Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod