Computer Security
[EN] securityvulns.ru no-pyccku


Multiple security vulnerabilities in Bluetooth protocol and Bluetooth stacks implementations
Published:05.01.2007
Source:
SecurityVulns ID:6999
Type:remote
Threat Level:
5/10
Description:Buffer overflows, weak authentication algorithm, weak pseudo-random number generators, directory traversals, etc.
Affected:WIDCOMM : BTStackServer 1.3
 WIDCOMM : BTStackServer 1.4
 WIDCOMM : BTW 4.0
Files:BTCrack v1.0 - Pin and Link key cracker
 HIDattack - Attack Bluetooth VNC style
 Bluetooth Hacking revisited

Power Archiver buffer overflow
Published:05.01.2007
Source:
SecurityVulns ID:7000
Type:client
Threat Level:
5/10
Description:Buffer overflow on parsing .ISO files.
Affected:POWERARCHIVER : PowerArchiver 9.64
CVE:CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.)
Original documentdocumentTAN Chew Keong, [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability (05.01.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.01.2007
Source:
SecurityVulns ID:7001
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DRUPAL : Drupal 4.6
 DRUPAL : Drupal 4.7
 CMSMADESIMPLE : CMS Made Simple 1.0
 APPLE : iLife 06
 Spine : Spine 1.2
 OVBB : OvBB 0.14
 JAMWIKI : JAMWiki 0.4
 SERENEBACH : Serene Bach 2.05
 SERENEBACH : Serene Bach 2.08
 SERENEBACH : Serene Bach sb 1.13
 SERENEBACH : Serene Bach sb 1.18
 IG : ig Calendar 1.0
 IG : ig Shop 1.0
 ARATIX : Aratix 0.2
 DIGIAPPZ : Digirez 3.4
CVE:CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.)
 CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.)
 CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.)
 CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.)
 CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.)
 CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.)
 CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.)
Original documentdocumentnuffsaid, Aratix <= 0.2.2b11 (inc/init.inc.php) Remote File Include Vulnerability (05.01.2007)
 documentMichael Brooks, iG Shop 1.0 Multiple Remote Vulnerabilities (05.01.2007)
 documentMichael Brooks, SQL Injection in ig-Calendar (05.01.2007)
 documentSECUNIA, [SA23634] JAMWiki User Permission Security Issue (05.01.2007)
 documentSECUNIA, [SA23623] Serene Bach Unspecified Cross-Site Scripting Vulnerability (05.01.2007)
 documentSECUNIA, [SA23484] OvBB Script Insertion Vulnerability (05.01.2007)
 documentSECUNIA, [SA23537] SPINE Cross-Site Request Forgery Vulnerability (05.01.2007)
 documentUwe Hermann, [Full-disclosure] [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue (05.01.2007)
 documentUwe Hermann, [Full-disclosure] [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue (05.01.2007)
 documentKevin Finisterre, DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' (05.01.2007)
 documentnanoymaster_(at)_gmail.com, CMS Made Simple non-permanent XSS (05.01.2007)
 documentnanoymaster_(at)_gmail.com, CMS Made Simple non-permanent XSS (05.01.2007)
 documentkadaj-diabolik_(at)_hotmail.fr, Wordpress <= 2.x dictionnary & Bruteforce attack (05.01.2007)
 documentinfo_(at)_burnhead.it, MkPortal "All Guests are Admin" Exploit (05.01.2007)
Files:Wordpress <= 2.x dictionnary & Bruteforce attack
 iLife iPhoto Photocast (XML title) Remote Format String PoC
 DigiRez <= V3.4 (book_id) Remote BLIND SQL Injection Exploit

Business Objects Crystal Reports buffer overflow
Published:05.01.2007
Source:
SecurityVulns ID:7002
Type:client
Threat Level:
5/10
Description:Buffer overflow on parsing .RPT files.
Affected:BUSYNESSOBJECTS : Crystal Reports 11.0
Original documentdocumentadvisories_(at)_lssec.com, LS-20061102 - Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability (05.01.2007)

Perforce client insecure design
Published:05.01.2007
Source:
SecurityVulns ID:7003
Type:client
Threat Level:
5/10
Description:Server has full control under client.
CVE:CVE-2007-0100 (The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.)
Original documentdocumentBen Bucksch, Perforce client: security hole by design (05.01.2007)

Multiple browsers race conditions
updated since 18.08.2006
Published:05.01.2007
Source:
SecurityVulns ID:6519
Type:client
Threat Level:
6/10
Description:There are different race condition with threading synchronization on different concurrent events.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 NETSCAPE : Netscape 8.1
 MOZILLA : Firefox 1.5
 KMELEON : K-Meleon 1.0
 MICROSOFT : Windows Vista
CVE:CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger null pointer dereferences or memory corruption.)
Original documentdocumentMichal Zalewski, Concurrency strikes MSIE (potentially exploitable msxml3 flaws) (05.01.2007)
 documentJuha-Matti Laurio, Flock Concurrency-related Memory Corruption Vulnerability (21.08.2006)
 documentJuha-Matti Laurio, Netscape Concurrency-related Memory Corruption Vulnerability (21.08.2006)
 documentJuha-Matti Laurio, K-Meleon Concurrency-related Vulnerability (21.08.2006)
 documentMichal Zalewski, Re: Concurrency-related vulnerabilities in browsers - expect problems (18.08.2006)
 documentMichal Zalewski, Concurrency-related vulnerabilities in browsers - expect problems (18.08.2006)

OpenBSD vga privilege escalation
updated since 05.01.2007
Published:08.01.2007
Source:
SecurityVulns ID:7004
Type:local
Threat Level:
7/10
Description:vga_ioctl() syscall allows code execution in kernel.
Affected:OPENBSD : OpenBSD 3.9
 OPENBSD : OpenBSD 4.0
CVE:CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.)
Original documentdocumentSECUNIA, [SA23608] OpenBSD "vga" Privilege Escalation Vulnerability (05.01.2007)
Files:OpenBSD 3.x-4.0 vga_ioctl() root exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod