Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 02.12.2007
Published:02.12.2007
Source:
SecurityVulns ID:8397
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm: CAPTCHA bypass and XSS.
Affected:BYTEHOARD : bytehoard 2.1
 WORDPRESS : WP-ContactForm 2.0
Original documentdocumentErnesto Alvarez, [Full-disclosure] two bytehoard bugs (02.12.2007)
 documentMustLive, MoBiC-29 Bonus: XSS in WP-ContactForm (02.12.2007)
 documentMustLive, MoBiC-29: WP-ContactForm CAPTCHA bypass (02.12.2007)

QEMU virtual machine buffer overflow
Published:02.12.2007
Source:
SecurityVulns ID:8398
Type:local
Threat Level:
5/10
Description:Buffer overflow in TranslationBlock on application execution in Guest OS.
Affected:QEMU : Qemu 0.9
Original documentdocumentTeLeMan, QEMU code_gen_buffer overflow POC (02.12.2007)

MyTV privilege escalation
Published:02.12.2007
Source:
SecurityVulns ID:8399
Type:local
Threat Level:
5/10
Description:Under Mac OS X application allows access to system menu with root privileges.
Affected:ESCAPELABS : MyTV 3.6
 ESCAPELABS : MyTV 4.0
Original documentdocumentDavid Wharton, [Full-disclosure] oh oh 0 day - MyTV/x Version 3.6.6 & 4.0.8 for MyTV.PVR allows local authentication bypass and root access on Apple Mac OS X (02.12.2007)

AuickTime buffer overflow
Published:02.12.2007
Source:
SecurityVulns ID:8400
Type:client
Threat Level:
8/10
Description:Buffer overflow on RTSP response Contet-Type header parsing parsing.
Affected:APPLE : QuickTime 7.3
CVE:CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.)
 CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows remote attackers to execute arbitrary code via a long Real Time Streaming Protocol (RTSP) Content-Type header.)
 CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.)
Original documentdocumentYag Kohha, QuickTime RTSP Response Content-type remote stack rewrite exploit (02.12.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-334A -- Apple QuickTime RTSP Buffer Overflow (02.12.2007)
Files:QuickTime RTSP Response Content-type remote stack rewrite exploit for IE 6/7
 Quicktime 7.3 RTSP Response Content-Type Header Stack Buffer Overflow exploit (metasploit)
 Apple QuickTime Player 7.3 / 7.2 IE7,FF /Opera, XP SP2, Vista exploit
 Apple Quicktime (Vista/XP Sp2 RTSP RESPONSE) Code Exec Exploit
 SPSadvisory#46]Apple QuickTime Player "Content-Type" Buffer Overflow

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod