Computer Security
[EN] securityvulns.ru no-pyccku


CA BrightStor ARCserve Backup unauthorized RPC access
updated since 27.11.2007
Published:06.12.2007
Source:
SecurityVulns ID:8382
Type:remote
Threat Level:
6/10
Description:Multiple unsafe methods are available with RPC interface.
Affected:CA : Brightstor ARCserve Backup 11.1
 CA : Brightstor ARCserve Backup 11.0
 CA : BrightStor ARCserve Backup 10.5
 CA : BrightStor ARCserve Backup 9.01
 CA : Brightstor ARCserve Backup 11.5
CVE:CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code via a "Privileged function exposure.")
Original documentdocumentcocoruder, [Full-disclosure] [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability (06.12.2007)
 documentZDI, ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability (27.11.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.12.2007
Source:
SecurityVulns ID:8407
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SINECMS : SineCMS 2.3
 EZCONTENTS : ezContents 1.4
Original documentdocumentno-reply_(at)_aria-security.net, Aria-Security.Net: PenPals Login and search page SQL Injection (06.12.2007)
 documentkingoftheworld92_(at)_fastwebnet.it, SineCMS <= 2.3.4 Calendar SQL Injection 'n something else.. (06.12.2007)
 documentp4imi0, ezContents Version 1.4.5 Remote File Disclosure Vulnerability. (06.12.2007)

SonicWALL Global VPN Client format string vulnerability
Published:06.12.2007
Source:
SecurityVulns ID:8408
Type:local
Threat Level:
1/10
Description:Format stirng vulnerability on configuration file parsing.
Affected:SONICWALL : SonicWALL Global VPN Client 4.0
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format String Vulnerability (06.12.2007)

VLC Player ActiveX code exectuion
Published:06.12.2007
Source:
SecurityVulns ID:8409
Type:client
Threat Level:
5/10
Description:Few uninitialized pointers references.
Affected:VIDEOLAN : VLC media player 0.86
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability (06.12.2007)

Opera CPU exhaustion
Published:06.12.2007
Source:
SecurityVulns ID:8410
Type:client
Threat Level:
4/10
Description:BMP file in special format causes CPU exhaustion.
Affected:OPERA : Opera 9.50
Original documentdocumentGynvael Coldwind, Opera 9.50 beta and prior remote DoS (freeze) (06.12.2007)

CiscoWorks crossite scripting
Published:06.12.2007
Source:
SecurityVulns ID:8411
Type:remote
Threat Level:
5/10
Affected:CISCOWORKS : CiscoWorks 2.6
Original documentdocumentLiquidmatrix Security Digest, Advisory: Cross Site Scripting in CiscoWorks (06.12.2007)

zabbix privilege escalation
Published:06.12.2007
Source:
SecurityVulns ID:8412
Type:local
Threat Level:
5/10
Description:Super-user privileges are not droppen on user-supplied application execution.
Affected:ZABBIX : zabbix 1.1
CVE:CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1420-1] New zabbix packages fix privilege escalation (06.12.2007)

Firefox DoS
Published:06.12.2007
Source:
SecurityVulns ID:8414
Type:client
Threat Level:
3/10
Description:Invalid INPUT tag designMode property processing.
Affected:MOZILLA : Firefox 2.0
Original documentdocumentazizov_(at)_itdefence.ru, Firefox 2.0.0.11 INPUT Denial Of Service (06.12.2007)

Hugin symbolic links vulnerability
Published:06.12.2007
Source:
SecurityVulns ID:8415
Type:local
Threat Level:
5/10
Description:Unsafe temporary files creation.
Affected:HUGIN : hugin 0.6
CVE:CVE-2007-5200
Original documentdocumentGENTOO, [ GLSA 200712-01 ] Hugin: Insecure temporary file creation (06.12.2007)

Alwil Avast! antivirus memory corruption
Published:06.12.2007
Source:
SecurityVulns ID:8416
Type:remote
Threat Level:
7/10
Description:4-byte overflow on TAR archive parsing.
Affected:AVAST : avast! 4.7
Original documentdocumentSowhat ., [Full-disclosure] Avast! AntiVirus TAR Processing Remote Heap Corruption (06.12.2007)

Cisco 7940 / Nokia N95 phones DoS
Published:06.12.2007
Source:
SecurityVulns ID:8417
Type:remote
Threat Level:
5/10
Description:Race conditions on SIP protocol handling.
Affected:CISCO : Cisco 7940
 NOKIA : Nokia N95
Original documentdocumentRadu State, [Full-disclosure] Nokia N95 cellphone remote DoS using the SIP Stack (06.12.2007)
 documentRadu State, [Full-disclosure] Cisco Phone 7940 remote DOS (06.12.2007)

Battle for Wesnoth unauthorized access
Published:06.12.2007
Source:
SecurityVulns ID:8418
Type:client
Threat Level:
5/10
Description:It's possivle to access files through game client.
Affected:WESNOTH : Battle for Wesnoth 1.2
CVE:CVE-2007-5742
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1421-1] New wesnoth packages fix arbitrary file disclosure (06.12.2007)

Cisco security Agent buffer overflow
updated since 06.12.2007
Published:07.12.2007
Source:
SecurityVulns ID:8413
Type:remote
Threat Level:
9/10
Description:Buffer overflow on SMB/CIFS parsing (TCP/139, TCP/445).
Affected:CISCO : Cisco Security Agent 4.5
 CISCO : Cisco Security Agent 5.0
CVE:CVE-2007-5580
Original documentdocumentNsfocus Security Team, NSFOCUS SA2007-02 : Cisco Security Agent Remote Buffer Overflow Vulnerability (07.12.2007)
 documentCISCO, Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability (06.12.2007)

squid proxy server DoS
updated since 06.12.2007
Published:12.12.2007
Source:
SecurityVulns ID:8419
Type:remote
Threat Level:
6/10
Description:Invalid cash update reply processing.
Affected:SQUID : Squid 2.6
CVE:CVE-2007-6239 (The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers.)
Original documentdocumentMartin Huter, squids ICAP implementation lacks a defer check when reading from ICAP server (12.12.2007)
 documentSQUID, SQUID-2007:2, Dec 4, 2007 (06.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod