Computer Security

Search:Vulnerability:07.05.2007

back  news / advisories / software / search /  forward
[EN] securityvulns.ru no-pyccku


Multiple Zoo archivers DoS
Published:07.05.2007
Source:
SecurityVulns ID:7671
Type:library
Threat Level:
5/10
Description:Endless loop on archive content parsing.
Affected:ZOO : zoo 2.10
 ALWIL : avast! Antivirus 4.7
 BARRACUDA : Spam Firewall 3.4
CVE:CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.)
 CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.)
 CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.)
 CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.)
 CVE-2007-1669 (Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, and Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.)
Original documentdocumentJean-Sébastien Guay-Leroux, Multiple vendors ZOO file decompression infinite loop DoS (07.05.2007)
Files:Exploits Multiple vendors ZOO file decompression infinite loop DoS
 patch for the software zoo version 2.10

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:07.05.2007
Source:
SecurityVulns ID:7672
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:NUKEDKLAN : Nuked-Klan 1.7
 SMF : Simple Machines Forum 1.1
 CUBECART : CubeCart 3.0
 NPDS : NPDS 5.10
 RUNCMS : RunCms 1.5
 ACP3 : ACP3 4.0
 MINIWEBSHOP : Mini Web Shop 2
 SUNSHOP : SunShop Shopping Cart 4
 DRAKECMS : Drake CMS 0.4
 KAYAKO : Kayako eSupport 3.00
Original documentdocumente1c4_(at)_hotmail.com, Kayako eSupport v3.00.90 Cross Site Scripting (XSS) (07.05.2007)
 documentjohn_(at)_martinelli.com, Drake CMS (v0.4.0) - CRLF Injection Vulnerability (07.05.2007)
 documentjohn_(at)_martinelli.com, UPDATED: CubeCart (v3.0.15) - CRLF Injection Vulnerability (07.05.2007)
 documentCorryL, [Full-disclosure] Mini Web Shop v.2 vulnerable to XSS (07.05.2007)
 documentaeroxteam_(at)_gmail.com, NPDS <= 5.10 - Multiple SQL injections (07.05.2007)
 documentRaeD Hasadya, Remote File Include In Script impex (07.05.2007)
 documentAesthetico, [MajorSecurity Advisory #47]Simple Machines Forum (SMF) - Session fixation Issue (07.05.2007)
Files:Nuked-klaN 1.7.6 Remote Code Execution Exploit
 PHPSecurityAdmin <= Remote File Include Exploit
 RunCms <= 1.5.2 /class/debug/debug_show.php sql injection / credentials disclosure exploit
 NPDS <= 5.10 Remote Code Execution exploit
 Exploits ACP3 (v4.0b3) - Multiple Vulnerabilities
 Podium CMS - Cookie Manipulation Exploit
 Exploits SunShop (v4) Multiple Vulnerabilities

Microsoft Sharepoint crossite scripting
Published:07.05.2007
Source:
SecurityVulns ID:7673
Type:remote
Threat Level:
5/10
Original documentdocumentville.solarius_(at)_gmail.com, XSS in Microsoft SharePoint (07.05.2007)

Taltech Tal Bar Code ActiveX memory corruption
Published:07.05.2007
Source:
SecurityVulns ID:7675
Type:client
Threat Level:
5/10
Description:SaveBarCode function memoru corruption.
Original documentdocumentsapheal_(at)_hack.pl, Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies) (07.05.2007)

Mac OS X Safari information leak
updated since 07.05.2007
Published:15.05.2007
Source:
SecurityVulns ID:7674
Type:client
Threat Level:
5/10
Description:Saved password can be accessed from the web page via system components.
Original documentdocumentpoplix_(at)_papusia.org, Apple Safari on MacOSX may reveal user's saved passwords (15.05.2007)
 documentpoplix_(at)_papuasia.org, safari's saved password at risk (07.05.2007)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod