Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.02.2007
Source:
SecurityVulns ID:7172
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:UAPPLICATYIONS : Ublog Reload 1.0
 BUGZILLA : Bugzilla 2.20
 BUGZILLA : Bugzilla 2.22
 BUGZILLA : Bugzilla 2.23
 WEBBUILDER : WebBuilder 2.0
 EPISTEMON : Epistemon 1.0
CVE:CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.)
 CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.)
 CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.)
 CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.)
Original documentdocumentHackers Center Security Group, Ublog Reload Admin Panel Multiple HTML Injections (04.02.2007)
 documentBUGZILLA, Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3 (04.02.2007)

Microsoft Windows XMLHTTP proxy problem
Published:04.02.2007
Source:
SecurityVulns ID:7173
Type:client
Threat Level:
6/10
Description:Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
Original documentdocumentMichal Zalewski, [Full-disclosure] Web 2.0 backdoors made easy with MSIE & XMLHttpRequest (04.02.2007)

Smb4K multiple privilege escalations
Published:04.02.2007
Source:
SecurityVulns ID:7174
Type:local
Threat Level:
5/10
Description:Multiple vulnerabilities lead to privilege escalations.
Affected:SMB4K : Smb4K 0.7
 SMB4K : Smb4K 0.6
CVE:CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.)
 CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill.")
 CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.)
 CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.)

Multiple RSS applications crosssite scripting
Published:04.02.2007
Source:
SecurityVulns ID:7175
Type:client
Threat Level:
5/10
Description:It's possible to embed scripts in RSS content.
Affected:DARKSKY : Darksky RSS 1.28
 SLEIPNIR : RSS bar for Sleipnir 1.28
 UNDONUT : RSS bar for unDonut 1.28
 SLEIPNIR : Sleipnir 2.49
 SLEIPNIR : Portable Sleipnir 2.45
 FIREFOX : Firefox Sage extension 1.3
CVE:CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.)
 CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.)

X-Kryptor Secure Client privilege escalation
Published:04.02.2007
Source:
SecurityVulns ID:7176
Type:local
Threat Level:
5/10
Description:Privilege esclation thorugh device driver.
Affected:BARRONMACCANN : X-Kryptor BMS1446HRR
 BARRONMACCANN : Xgntr BMS1351
 BARRONMACCANN : Install BMS1472
CVE:CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.)

CheckPoint FireWall-1 information leak
Published:04.02.2007
Source:
SecurityVulns ID:7177
Type:remote
Threat Level:
5/10
Description:It's possible to retrieve certificate revocation least from internal CA (port TCP/18246).
Affected:CHECKPOINT : Firewall-1 NGX R60
CVE:CVE-2006-6967 (Check Point FireWall-1 allows remote attackers to obtain certificate revocation lists (CRLs) and other unspecified sensitive information via an HTTP request for the top-level URI on the internal certificate authority (ICA) port (18264/tcp).)

Gom Player buffer overflow
Published:04.02.2007
Source:
SecurityVulns ID:7178
Type:client
Threat Level:
4/10
Description:Buffer oveflow on oversized ref href URI in ASX file.
Affected:GOMPLAYER : GOM Player 2.0
CVE:CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)

WebRoot SpySweeper protection bypass
Published:04.02.2007
Source:
SecurityVulns ID:7179
Type:remote
Threat Level:
5/10
Description:Content is blocked only by filename. Multiple archive formats are not supported.
Affected:WEBROOT : Spy Sweeper 4.5
CVE:CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name.)
 CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod