Computer Security
[EN] securityvulns.ru no-pyccku


KDE Konqueror DoS
Published:03.08.2007
Source:
SecurityVulns ID:7998
Type:client
Threat Level:
4/10
Description:Crash on invalid sequences of open and close HTML tags.
Affected:KDE : Konqueror 3.5
Original documentdocumentThomas Waldegger, [BuHa-Security] DoS Vulnerability in Konqueror 3.5.7 (03.08.2007)

Qt format string vulnerabilities
Published:03.08.2007
Source:
SecurityVulns ID:7999
Type:library
Threat Level:
6/10
Description:Multiple format string vulnerabilities on format string bugs.
Affected:QT : qt 3.3
CVE:CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.)
Original documentdocumentRPATH, rPSA-2007-0153-1 qt-x11-free (03.08.2007)
 documentMANDRIVA, [ MDKSA-2007:151 ] - Updated qt3 packages fix multiple vulnerabilities (03.08.2007)

gdm DoS
Published:03.08.2007
Source:
SecurityVulns ID:8000
Type:local
Threat Level:
5/10
Description:DoS on malformed GDM socket command.
CVE:CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.)
Original documentdocumentFORESIGHT, FLEA-2007-0041-1 gdm (03.08.2007)

Baidu Soba ActiveX code execution
Published:03.08.2007
Source:
SecurityVulns ID:8001
Type:client
Threat Level:
5/10
Description:Unsafe function allows to download and execute executable file.
Affected:BAIDU : Soba 5.4
Original documentdocumenthfli, Baidu Soba Remote Code Execute Vulnerability(FGA-2007-10) (03.08.2007)

XPDF / KOffice integer overflow
updated since 03.08.2007
Published:03.08.2007
Source:
SecurityVulns ID:8002
Type:library
Threat Level:
6/10
Description:Integer overflow on PDF files parsing.
Affected:TETEX : tetex 2.0
 LIBEXTRACTOR : libextractor 0.4
 POPPLER : poppler 0.4
 KDE : koffice 1.6
 CUPS : cups 1.2
 GPDF : gpdf 2.8
 PDFKIT : pdfkit.framework 0.8
 KDE : kpdf 3.5
 KDE : kdegraphics 3.5
 KDE : kword 1.6
 IMAGEKITS : ImageKits 0.6
CVE:CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in gpdf before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file.)
Original documentdocumentUBUNTU, [USN-496-1] koffice vulnerability (03.08.2007)

Minimo password manager information leak
Published:03.08.2007
Source:
SecurityVulns ID:8003
Type:remote
Threat Level:
5/10
Description:Crossite scripting in combination with form autofilling feature may cause password to be transmitted to different site.
Affected:MINIMO : Minimo 0.2
Original documentdocumentSeth Fogie, Minimo .2 and more Firefox 2.0.0.6 Password Manager Vulnerabilites (03.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod