Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Video Surveillance IP Gateway / Services Platform unauthorized access
Published:06.09.2007
Source:
SecurityVulns ID:8121
Type:remote
Threat Level:
6/10
Description:Telnet password is not checked or default password can not be changed.
Affected:CISCO : Cisco Video Surveillance IP
 CISCO : Cisco Video Surveillance SP
 CISCO : Cisco Video Surveillance ISP
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities (06.09.2007)

Alien Arena 2007 game server multiple security vulnerabilities
Published:06.09.2007
Source:
SecurityVulns ID:8122
Type:remote
Threat Level:
5/10
Description:DoS conditions, format string vulnerability.
Affected:PLANETARENA : Alien Arena 2007
Original documentdocumentLuigi Auriemma, Format string and clients disconnection in Alien Arena 2007 6.10 (06.09.2007)

Fetchmail mail delivery DoS
Published:06.09.2007
Source:
SecurityVulns ID:8123
Type:client
Threat Level:
5/10
Description:DoS on delivering mail report thorugh SMTP server.
Affected:FETCHMAIL : fetchmail 6.3
CVE:CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.)
Original documentdocumentRPATH, rPSA-2007-0178-1 fetchmail (06.09.2007)

Sophos Antivirus cross aplication scripting
Published:06.09.2007
Source:
SecurityVulns ID:8124
Type:remote
Threat Level:
5/10
Description:Cross application scripting on ZIP archive content logging.
Affected:SOPHOS : Sophos Anti-Virus 6.5
CVE:CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe.)
Original documentdocumentdisclosure_(at)_contextis.co.uk, Sophos Anti-Virus 6.5.4 Vulnerability (06.09.2007)

PHP multiple DoS conditions
updated since 06.09.2007
Published:08.09.2007
Source:
SecurityVulns ID:8120
Type:library
Threat Level:
6/10
Description:Crash on oversized strings in fnmatch(), iconv_substr(), glob() and setlocale() functions.
Affected:PHP : PHP 5.2
CVE:CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.)
 CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.)
 CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.)
 CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.)
 CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.)
 CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.)
 CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.)
Original documentdocumentlaurent gaffie, PHP <= 5.2.4 multiple Iconv functions denial of service (08.09.2007)
 documentlaurent gaffie, PHP <=5.2.4 iconv_substr() denial of service (06.09.2007)
 documentlaurent gaffie, PHP < 5.2.3 fnmatch() denial of service (06.09.2007)
 documentlaurent gaffie, PHP < 5.2.4 setlocale() denial of service (06.09.2007)
 documentlaurent gaffie, PHP < 5.2.3 glob() denial of service (06.09.2007)

MIT Kerberos buffer overflow
updated since 06.09.2007
Published:13.09.2007
Source:
SecurityVulns ID:8119
Type:library
Threat Level:
7/10
Description:Buffer overflow on oversized string in RPC library svcauth_gss_validate() function.
Affected:MIT : krb5 1.6
CVE:CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and possibly third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.)
Original documentdocumentZDI, ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (13.09.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod