Computer Security
[EN] securityvulns.ru no-pyccku


OpenBSD vga privilege escalation
updated since 05.01.2007
Published:08.01.2007
Source:
SecurityVulns ID:7004
Type:local
Threat Level:
7/10
Description:vga_ioctl() syscall allows code execution in kernel.
Affected:OPENBSD : OpenBSD 3.9
 OPENBSD : OpenBSD 4.0
CVE:CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.)
Original documentdocumentSECUNIA, [SA23608] OpenBSD "vga" Privilege Escalation Vulnerability (05.01.2007)
Files:OpenBSD 3.x-4.0 vga_ioctl() root exploit

CenterICQ buffer overflow
Published:08.01.2007
Source:
SecurityVulns ID:7014
Type:client
Threat Level:
5/10
Description:Buffer overflow in LiveJournal support module.
Affected:CENTERICQ : CenterICQ 4.21
CVE:CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.)
Original documentdocumentRoflek of TK53, [Full-disclosure] TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling (08.01.2007)

Novell Netware client restriction bypass
Published:08.01.2007
Source:
SecurityVulns ID:7015
Type:local
Threat Level:
5/10
Description:Problem with profile handling under terminal session.
Affected:NOVELL : Novell Client for Windows NT/2000/XP 4.91
CVE:CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.)
Original documentdocumentSECUNIA, [SA23619] Novell Client User Profile Restriction Bypass (08.01.2007)

Apple OmniWeb Format string vulnerability
Published:08.01.2007
Source:
SecurityVulns ID:7016
Type:client
Threat Level:
6/10
Description:Format string vulnerability in javascript alert() function.
Affected:OMNIGROUP : OmniWeb 5.5
CVE:CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.)
Original documentdocumentKevin Finisterre, MOAB-07-01-2007: OmniWeb Javascript alert() Format String Vulnerability (08.01.2007)
Files:Exploits OmniWeb Javascript alert() Format String Vulnerability

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.01.2007
Source:
SecurityVulns ID:7017
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ALLMYGUESTS : AllMyGuests 3.0
 L2J : L2J Statistik Script 0.09
 ALLMYLINKS : AllMyLinks 0.5
 ALLMYVISITORS : AllMyVisitors 0.4
CVE:CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.)
 CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.)
 CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.)
 CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.)
Original documentdocumentbd0rk_(at)_hackermail.com, AllMyVisitors 0.4.0 File Inclusion Vulnerability (08.01.2007)
 documentGolD_M, AllMyLinks <= 0.5.0 (index.php) Remote File Include Vulnerability: (08.01.2007)
 documentbeks, AllMyGuests 3.0 Remote File Inclusion Vulnerability (08.01.2007)
Files:L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod