Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime buffer overflow
updated since 03.01.2007
Published:07.01.2007
Source:
SecurityVulns ID:6988
Type:client
Threat Level:
8/10
Description:Buffer overflow on oversized rtsp:// URLs.
Affected:APPLE : QuickTime 7.1
CVE:CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA07-334A -- Apple QuickTime RTSP Buffer Overflow (02.12.2007)
 documentMOAB, MOAB-01-01-2007: Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow (21.01.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-005A -- Apple QuickTime RTSP Buffer Overflow (06.01.2007)
 documentSECUNIA, [SA23540] Apple Quicktime RTSP URL Handling Buffer Overflow Vulnerability (03.01.2007)
Files:Exploits Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow

Fetchmail multiple security vulnerabilities
Published:07.01.2007
Source:
SecurityVulns ID:7011
Type:client
Threat Level:
5/10
Description:Multiple password leak problems on inability to establish secured authentication, DoS.
Affected:FETCHMAIL : fetchmail 6.3
Original documentdocumentMatthias Andree, fetchmail security announcement 2006-02 (CVE-2006-5867) (07.01.2007)
 documentMatthias Andree, fetchmail security announcement 2006-03 (CVE-2006-5974) (07.01.2007)

Cisco Secure ACS multiple security vulnerabilities
Published:07.01.2007
Source:
SecurityVulns ID:7012
Type:remote
Threat Level:
6/10
Description:Buffer overflow and DoS on malformed RADIUS packet parsing, buffer overflow on malformed HTTP request.
Affected:CISCO : CiscoSecure ACS 4.0
CVE:CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server (07.01.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:07.01.2007
Source:
SecurityVulns ID:7013
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:YALD : Yet Another Link Directory 1.0
 FIXNCHIPSIT : Fix & Chips CMS 1.0
CVE:CVE-2007-0152 (OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.)
 CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.)
 CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.)
 CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.)
Original documentdocumentIbnuSina, shopstorenow (orange.asp) sql injection (07.01.2007)
 documentluny_(at)_youfucktard.com, Fix & Chips CMS v1.0 (07.01.2007)
 documentluny_(at)_youfucktard.com, Yet Another Link Directory v1.0 (07.01.2007)
 documentAdvisory_(at)_Aria-Security.net, ohhASP Remote Password Disclosure (07.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod