Computer Security
[EN] securityvulns.ru no-pyccku


PHP WDDX buffer overflow
Published:04.03.2007
Source:
SecurityVulns ID:7342
Type:remote
Threat Level:
5/10
Description:Buffer overflow on malformed WDDX packet.
Original documentdocumentPHP-SECURITY, MOPB-09-2007:PHP wddx_deserialize() String Append Buffer Overflow Vulnerability (04.03.2007)
Files:PHP - wddx_deserialize() Crash Exploit

Multiple local Zend privilege escalations
Published:04.03.2007
Source:
SecurityVulns ID:7343
Type:local
Threat Level:
5/10
Description:Weak permissions for different files and utilities
Affected:ZEND : Zend Platform 2.2
CVE:CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.)
 CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.)
Original documentdocumentPHP-SECURITY, BONUS-06-2007:Zend Platform Insecure File Permission Local Root Vulnerability (04.03.2007)
 documentPHP-SECURITY, BONUS-07-2007:Zend Platform ini_modifier Local Root Vulnerability (04.03.2007)

Symantec MailSecurity DoS
Published:04.03.2007
Source:
SecurityVulns ID:7346
Type:remote
Threat Level:
6/10
Description:Crash on malcrafted mail headers parsing.
Affected:SYMANTEC : Symantec Mail Security for SMTP 5.0
CVE:CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.)

Multiple PHP bugs
updated since 27.02.2002
Published:04.03.2007
Source:
SecurityVulns ID:1818
Type:local
Threat Level:
6/10
Description:Buffer overflows, integer overflows, DoS conditions, crossite scripting.
Affected:PHP : PHP 3.10
 PHP : PHP 4.0
 PHP : PHP 4.2
 PHP : PHP 4.3
 PHP : PHP 4.4
CVE:CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.)
 CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment.")
Original documentdocumentPHP-SECURITY, MOPB-08-2007:PHP 4 phpinfo() XSS Vulnerability (Deja-vu) (04.03.2007)
 documentsilent needel, PHP XSS exploit in phpinfo() (05.06.2003)
 documentSverre H. Huseby, PHP Trans SID XSS (Was: New php release with security fixes) (02.06.2003)
 documentPHP, PHP 4.3.2 released (30.05.2003)
 documentX-FORCE, ISS Brief: Remote Compromise and Denial of Service Vulnerability in PHP (23.07.2002)
 documentCERT, Advisory CA-2002-21 Vulnerability in PHP (23.07.2002)
 documentMatthew Murphy, PHP Resource Exhaustion Denial of Service (23.07.2002)
 documentPHP, Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 (22.07.2002)
 documentsecurity_(at)_e-matters.de, Advisory 02/2002: PHP remote vulnerability (22.07.2002)
 documentsecurity_(at)_e-matters.de, Advisory 012002: PHP remote vulnerabilities (28.02.2002)
 documentCERT, Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload (28.02.2002)
 documentX-FORCE, Multiple PHP Vulnerabilities - Remote Compromise Exploit in Circulation (27.02.2002)
Files:Apache PHP DoS
 Apache+php Proof of Concept Exploit
 x86/linux mod_php v4.0.2rc1-v4.0.5 remote exploit
 PHP 4 - phpinfo() XSS Testcase

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.03.2007
Source:
SecurityVulns ID:7345
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DOCEBO : Docebo CMS 3.0
 RPS : Rigter Portal System 6.2
 NEWSLETTERMAN : News-Letterman 1.1
 AJSQUARE : AJDating 1.0
 AJSQUARE : AJ Classifieds 1.0
 AJSQUARE : AJ Forum 1.0
 AJSQUARE : AJ Auction
 CONTELLIGENT : Contelligent 9.1
 AUDINS : Audiens 3.3
CVE:CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.)
 CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.)
 CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.)
 CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.)
 CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.)
 CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.)
 CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.)
 CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Files:RPS 6.2 SQL Injection Exploit
 News-Letterman 1.1 (eintrag.php) Remote File Include Exploit
 AJ Auction All Version (subcat.php) Remote BLIND SQL Injection Exploit
 ajclassifiedsex.html
 AJDating 1.0 (view_profile.php) Remote BLIND SQL Injection Exploit
 AJ Forum 1.0 (topic_title.php) Remote BLIND SQL Injection Exploit
 Docebo Multiple Cross-Site Scripting Vulnerabilities

Blender 3D modelling software buffer overflow
updated since 21.12.2005
Published:04.03.2007
Source:
SecurityVulns ID:5558
Type:remote
Threat Level:
5/10
Description:Buffer overflow on parsing .blend, .kml, .kmz files.
Affected:BLENDER : blender 2.40
 BLENDER : blender 2.42
CVE:CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.)
Original documentdocumentDamian Put, [Overflow.pl] Blender BlenLoader Integer Overflow (21.12.2005)

Asterisk PBX SIP DoS
updated since 04.03.2007
Published:22.03.2007
Source:
SecurityVulns ID:7344
Type:remote
Threat Level:
6/10
Description:Application crash on malcrafted SIP packet.
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
CVE:CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.)
 CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.)
 CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.)
 CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.)
Original documentdocumentMatt Riddell (IT), Two new DoS Vulnerabilities in Asterisk Fixed (22.03.2007)
 documentRadu State, [Full-disclosure] Asterisk SDP DOS vulnerability (19.03.2007)
 documentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200703-01] Remote DOS in Asterisk SIP (09.03.2007)
 documentAnonymous Person, [Full-disclosure] asterisk remote pre-auth denial of service (04.03.2007)
Files:Exploits Asterisk INVITE SIP message DoS
 Exploits Asterisk SIP DoS vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod