Computer Security
[EN] securityvulns.ru no-pyccku


Internet Explorer drag-n-drop vulnerability
updated since 25.08.2004
Published:04.07.2007
Source:
SecurityVulns ID:3937
Type:client
Threat Level:
6/10
Description:By using javaasript in conjunction with shell:startup it's possible to place executable into startup folder if user drags an object on the page or scrolls the page.
Affected:MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentLIUDIEYU dot COM, Two Unpublished IE Cases (04.07.2007)
 document[email protected], What A Drag (25.08.2004)
 document[email protected], What A Drag II XP SP2 (25.08.2004)
 documentmikx, What A Drag! -revisited- (25.08.2004)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.07.2007
Source:
SecurityVulns ID:7884
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYSQLDUMPER : MySQLDumper 1.23
Original documentdocumentr00t_(at)_northernfortress.net, Cross Site Scripting in Oliver Library Management System (04.07.2007)
 documentbugtraq_(at)_henningpingel.de, MySQLDumper vulnerability: Bypassing Apache based access control possible (04.07.2007)

Adobe air weak security model design
Published:04.07.2007
Source:
SecurityVulns ID:7885
Type:client
Threat Level:
6/10
Description:Application restrictions are not enforced.
Original documentdocumentfukami, Security on AIR: Local file access through JavaScript (04.07.2007)

GNU C integer overflow
Published:04.07.2007
Source:
SecurityVulns ID:7887
Type:local
Threat Level:
8/10
Description:Integer overflow in ld.so dynamic loader.
CVE:CVE-2007-3508 (** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.)
Original documentdocumentGENTOO, [ GLSA 200707-04 ] GNU C Library: Integer overflow (04.07.2007)

Fujitsu-Siemens ServerView code execution
Published:04.07.2007
Source:
SecurityVulns ID:7888
Type:remote
Threat Level:
5/10
Description:Shell characters filtering problem in Web interface "ping" CGI script.
Affected:FUJITSUSIEMENS : ServerView 4.50
CVE:CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.)
Original documentdocumentRedTeam Pentesting, [Full-disclosure] Fujitsu-Siemens ServerView Remote Command Execution (04.07.2007)

Fujitsu-Siemens PRIMERGY BX300 switch authentication bypass
Published:04.07.2007
Source:
SecurityVulns ID:7889
Type:remote
Threat Level:
5/10
Description:It's possible to access some Web interface pages without authentication by their URL.
Affected:FUJITSUSIEMENS : PRIMERGY BX300
Original documentdocumentRedTeam Pentesting, [Full-disclosure] Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure (04.07.2007)

HP Instant Support Driver Check ActiveX buffer overflow
updated since 04.07.2007
Published:05.07.2007
Source:
SecurityVulns ID:7886
Type:client
Threat Level:
6/10
Description:Buffer overflow in queryHub() method.
Affected:HP : HP Instant Support - Driver Check 1.5
Original documentdocumentHP, [security bulletin] HPSBPI02228 SSRT071404 rev.1 - HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access (05.07.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control (04.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod