Computer Security
[EN] securityvulns.ru no-pyccku


rsync security restrictions bypass
Published:05.12.2007
Source:
SecurityVulns ID:8404
Type:remote
Threat Level:
5/10
Affected:RSYNC : rsync 3.0
CVE:CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.)
 CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.)
Original documentdocumentRPATH, rPSA-2007-0257-1 rsync (05.12.2007)

hsqldb / OpenOffice code execution
Published:05.12.2007
Source:
SecurityVulns ID:8406
Type:client
Threat Level:
6/10
Description:It's possible to execute Java code embedded to OpenOffice database document.
Affected:HSQLDB : hsqldb 1.8
 OPENOFFICE : OpenOffice 2.3
CVE:CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 1419-1] New OpenOffice.org packages fix arbitrary Java code execution (05.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod