Computer Security
[EN] securityvulns.ru no-pyccku


Wserve HTTP Server buffer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7542
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized header in request.
Affected:WHTTP : Wserve HTTP Server 4.6
Original documentdocumentUniquE_(at)_UniquE-Key.Org, Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow - Denial Of Service (08.04.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.04.2007
Source:
SecurityVulns ID:7543
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:LIVOR : livor 2.5
 CMAILSERVER : CmailServer WebMail 5.3
 WITSHARE : witshare 0.9
CVE:CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.)
 CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.)
 CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.)
 CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.)
 CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.)
Original documentdocumentthe_3dit0r_(at)_yahoo.com, witshare 0.9 Remote File Include Vulnerabilitiy (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #42]webblizzard CMS - Cross Site Scripting and Session fixation Issues (08.04.2007)
 documentrko.thelegendkiller_(at)_gmail.com, livor 2.5 Cross-Site Scripting Vulnerability (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #41]onelook courts online - Session fixation Issue (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue (08.04.2007)
 documentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #39]onelook onebyone CMS - Session fixation Issue (08.04.2007)
 documentrko.thelegendkiller_(at)_gmail.com, phpContact Multiple Remote File Inclusion Vulnerabilities (08.04.2007)
Files:CmailServer WebMail <= V.5.3.4 (signup) Remote XSS Exploit

man buffer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7544
Type:local
Threat Level:
6/10
Description:Buffer overflow on oversized -H argument.
Affected:MAN : man-db 2.4
CVE:CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1278-1] New man-db packages fix arbitrary code execution (08.04.2007)

PHP gd extension readwbmp() function integer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7545
Type:library
Threat Level:
5/10
Description:Buffer overflow on WBMP image parsing.
Affected:PHP : PHP 5.2
CVE:CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.)
Original documentdocumentifsecure_(at)_gmail.com, PHP <= 5.2.1 wbmp file handling integer overflow (08.04.2007)
Files:Exploits PHP <= 5.2.1 wbmp file handling integer overflow

PHP str_replcae() integer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7546
Type:library
Threat Level:
5/10
Description:Integer overflow on a large number of single char substring occurance.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow.")
 CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6.)
Original documentdocumentPHP-SECURITY, MOPB-39-2007:PHP str_replace() Memory Allocation Integer Overflow Vulnerability (08.04.2007)

PHP imap_mail_compose buffer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7547
Type:library
Threat Level:
6/10
Description:Buffer overflow on oversized MIME boundary.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.)
Original documentdocumentPHP-SECURITY, MOPB-40-2007:PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability (08.04.2007)

Buffer overflow on in PHP sqlite_udf_decode_binary() function
Published:08.04.2007
Source:
SecurityVulns ID:7548
Type:library
Threat Level:
5/10
Description:Buffer overflow on the string with single \0x01 character.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.)
 CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.)
Original documentdocumentPHP-SECURITY, MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability (08.04.2007)

PHP php_stream_filter_create() buffer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7549
Type:remote
Threat Level:
5/10
Description:Off-by-one overflow on the filter name ending with dot.
Affected:PHP : PHP 5.2
CVE:CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.)
Original documentdocumentPHP-SECURITY, MOPB-42-2007:PHP 5 php_stream_filter_create() Off By One Vulnerablity (08.04.2007)

PHP msg_receive() integer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7550
Type:library
Threat Level:
5/10
Description:Integer overflow with max_size parameter.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.)
 CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.)
Original documentdocumentPHP-SECURITY, MOPB-43-2007:PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty (08.04.2007)

PHP memory manager integer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7551
Type:library
Threat Level:
5/10
Description:Integer overflow on large memory allocation.
Affected:PHP : PHP 5.2
CVE:CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.)
Original documentdocumentPHP-SECURITY, MOPB-44-2007:PHP 5.2.0 Memory Manager Signed Comparision Vulnerability (08.04.2007)

PHP ext/filter protection bypass
Published:08.04.2007
Source:
SecurityVulns ID:7552
Type:library
Threat Level:
6/10
Description:\n injection is not checked.
Affected:PHP : PHP 5.2
CVE:CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.)
Original documentdocumentPHP-SECURITY, PMOPB-45-2007:PHP ext/filter Email Validation Vulnerability (08.04.2007)

SolidWorks ActiveX buffer overflow
Published:08.04.2007
Source:
SecurityVulns ID:7553
Type:client
Threat Level:
5/10
Description:Run methods allows to execute external application.
CVE:CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod