Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.04.2007
Source:
SecurityVulns ID:7522
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:2BGAL : 2BGal 3.1
 DIRECTADMIN : DirectAdmin 1.29
 MAPTOOLS : MapLab 2.2
 LAM : LDAP Account Manager 1.2
 HOLA : holaCMS 1.4
 MYBB : MyBulletinBoard 1.2
CVE:CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.)
 CVE-2007-1852 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used.)
 CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter.)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).)
 CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.)
Original documentdocumentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #37]HolaCMS - Cross Site Scripting Issue (03.04.2007)
 documentmufti.rizal_(at)_gmail.com, Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability (03.04.2007)
 documentKanedaaa Bohater, DirectAdmin persistant XSS [takeover an Administrator`s account] (03.04.2007)
 documentBorN To K!LL BorN To K!LL, 2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability (03.04.2007)
Files:MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit

HP OpenView Network Node Manager unauthorized access
Published:03.04.2007
Source:
SecurityVulns ID:7523
Type:remote
Threat Level:
6/10
Affected:HP : OpenView Network Node Manager 7.50
 HP : OpenView Network Node Manager 7.51
Original documentdocumentHP, [security bulletin] HPSBMA02198 SSRT061177 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Access (03.04.2007)

ImageMagic buffer overflow
Published:03.04.2007
Source:
SecurityVulns ID:7525
Type:library
Threat Level:
5/10
Description:Buffer overflow on DCM and XWD images processing.
Affected:IMAGEMAGIC : ImageMagick 6.3
CVE:CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.31.07: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities (03.04.2007)

HP Mercury Quality Center multiple security vulnerabilities
updated since 03.04.2007
Published:13.04.2007
Source:
SecurityVulns ID:7524
Type:remote
Threat Level:
5/10
Description:SQL injection, ActiveX buffer overflow
Affected:HP : Mercury Quality Center 9.0
CVE:CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.)
 CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.)
Original documentdocumentHP, [security bulletin] HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution (13.04.2007)
 documentIsma Khan, [Full-disclosure] HP Mercury Quality Center Any SQL execution (03.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability (03.04.2007)
Files:POC exploit for Mercury Quality Center Spider90.ocx ProgColor Overflow
 HP Mercury Quality Center runQuery exploit

Tivoli Provisioning Manager for OS Deployment multiple security vulnerabilities
updated since 03.04.2007
Published:04.05.2007
Source:
SecurityVulns ID:7526
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities on parsing HTTP POST requests.
Affected:IBM : Tivoli Provisioning Manager for OS Deployment 5.1
CVE:CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.)
Original documentdocumentZDI, TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities (04.05.2007)
 documentIDEFENSE, iDefense Security Advisory 03.31.07: IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities (03.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod