Computer Security
[EN] securityvulns.ru no-pyccku


IBM
Published:03.02.2007
Source:
SecurityVulns ID:7168
Type:local
Threat Level:
5/10
Description:Buffer overflow in bos.rte.libc library.
Affected:IBM : AIX 5.3
CVE:CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.)

Sun Solaris Loopback Filesystem protection bypass
Published:03.02.2007
Source:
SecurityVulns ID:7169
Type:local
Threat Level:
5/10
Description:Users can rename and delete files in read-only file system.
Affected:ORACLE : Solaris 10
CVE:CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.)

Dazuke antivirus module DoS
Published:03.02.2007
Source:
SecurityVulns ID:7170
Type:remote
Threat Level:
5/10
Description:Multiple memory leaks create DoS conditions.
Affected:DAZUKO : Dazuko 2.3
CVE:CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.)

Ingate Firewall / SIParator weak authentication
Published:03.02.2007
Source:
SecurityVulns ID:7171
Type:m-i-t-m
Threat Level:
5/10
Description:Authentication mechanism is vulnerable to replay attacks.
Affected:INGATE : InGate Firewall 4.5
 INGATE : InGate SIParator 4.5
CVE:CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors.)

Microsoft Word 0-day vulnerabilities
updated since 31.01.2007
Published:03.02.2007
Source:
SecurityVulns ID:7133
Type:client
Threat Level:
7/10
Description:Few unknown vulnerabilities are ussed for hidden malware installation.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office 2003
CVE:CVE-2007-0621 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-6456. Reason: This candidate is a duplicate of CVE-2006-6456. It was assigned for a targeted zero-day attack, but further analysis revealed it was for an older issue. Notes: All CVE users should reference CVE-2006-6456 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.)
Original documentdocumentMICROSOFT, Microsoft Security Advisory (932114) Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution (03.02.2007)
Files:Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
 Microsoft Security Advisory (932114) Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution

Nexuiz game unauthorized access
Published:03.02.2007
Source:
SecurityVulns ID:7159
Type:remote
Threat Level:
5/10
Description:gamedir command allows file system access.
Affected:NEXUIZ : Nexuiz 2.2
CVE:CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.)

makeindex buffer overflows
Published:03.02.2007
Source:
SecurityVulns ID:7160
Type:local
Threat Level:
2/10
Description:Buffer overflow on oversized filename.
Affected:MAKEINDEX : makeindex 2.14
CVE:CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.02.2007
Source:
SecurityVulns ID:7161
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:FLIPPERPOLL : Flipper Poll 1.1
 KGB : KGB 1.9
 PHOTOGALERIE : Photo Galerie Standard 1.1
 DBMASTERS : dB Masters' Curium CMS 1.03
 COD2DREAMSTATS : CoD2: DreamStats 4.2
 EQDKP : eqDKP 1.3
 F3SITE : F3Site 2.1
 EZCONVERT : phpBB ezBoard converter 0.2
 PHPBBPP : phpBB++ 100
CVE:CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.)
 CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.)
 CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.)
 CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.)
 CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.)
 CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.)
 CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.)
Original documentdocumentcw.cybersecurity_(at)_gmail.com, Flipper Poll v1.1.0 (poll.php) remote file include vuln (03.02.2007)
 documenteight10_(at)_gmail.com, EQdkp <= 1.3.1 Referer Spoof to access to SQL Database (03.02.2007)
 documentThE [email protected], CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability (03.02.2007)
 documentajannhwt_(at)_hotmail.com, Photo Galerie Standard <= 1.1 (view.php) Remote SQL Injection Vulnerability (03.02.2007)
 documentajannhwt_(at)_hotmail.com, dB Masters' Curium CMS <= 1.03(c_id) Remote Blind SQL Injection Vulnerability (03.02.2007)
Files:KGB <= 1.9 Remote Code Execution Exploit
 F3Site <= 2.1 Remote Code Execution Exploit
 phpBB++ (phpbb_root_path) Remote File Include Exploit
 ezConvert: phpBB ezBoard converter v0.2 (ezconvert_dir) Remote File Include Exploit

Microsoft Internet Explorer multiple ActiveX different paramters DoS
Published:03.02.2007
Source:
SecurityVulns ID:7162
Type:client
Threat Level:
2/10
Description:NULL pointer dereference.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 DIVX : DivX Player 6.4
CVE:CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.)
 CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.)
 CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.)
 CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value.)
 CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.)

Apple WebKit library ROWSPAN DoS
Published:03.02.2007
Source:
SecurityVulns ID:7163
Type:library
Threat Level:
3/10
Description:NULL pointer dereference on large rowspan number in HTTP parsing code.
CVE:CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.)
 CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.)

mpg123 audio player DoS
Published:03.02.2007
Source:
SecurityVulns ID:7164
Type:client
Threat Level:
2/10
Description:Ebdless loop in HTTP client code if HTTP server closes connection before file ctransferred completely.
Affected:MPG123 : mpg123 0.63
CVE:CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.)

Microsoft Excel 0-day vulnerability
Published:03.02.2007
Source:
SecurityVulns ID:7165
Type:client
Threat Level:
7/10
Description:Unknown vulnerability is used for hidden malware installation.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.)

Microsoft Internet Explorer and Pictures and Videos for Windows Mobile buffer overflow
Published:03.02.2007
Source:
SecurityVulns ID:7166
Type:client
Threat Level:
5/10
Description:Buffer overflow on JPEG files parsing.
Affected:MICROSOFT : Windows Mobile 2003
 MICROSOFT : WIndows Mobile 5.0
CVE:CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.)
 CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.)

Microsoft Vista speech recognition unauthorized access
updated since 03.02.2007
Published:11.06.2008
Source:
SecurityVulns ID:7167
Type:client
Threat Level:
5/10
Description:Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2007-0675 (** DISPUTED ** The Speech Recognition feature of Windows Vista allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. NOTE: the vendor disputes the severity of this issue, stating that "there is little if any need to worry about the effects of this issue on your new Windows Vista installation." Since little user interaction is required, and the relevant operating environment is common, CVE considers this a vulnerability.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-032 - Moderate Cumulative Security Update of ActiveX Kill Bits (950760) (11.06.2008)
 documentGeorge Ou, [Dailydave] Vista speach recognition (03.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod