Computer Security
[EN] securityvulns.ru no-pyccku


PHP multiple DoS conditions
updated since 06.09.2007
Published:08.09.2007
Source:
SecurityVulns ID:8120
Type:library
Threat Level:
6/10
Description:Crash on oversized strings in fnmatch(), iconv_substr(), glob() and setlocale() functions.
Affected:PHP : PHP 5.2
CVE:CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.)
 CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.)
 CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.)
 CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.)
 CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.)
 CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.)
 CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.)
Original documentdocumentlaurent gaffie, PHP <= 5.2.4 multiple Iconv functions denial of service (08.09.2007)
 documentlaurent gaffie, PHP <=5.2.4 iconv_substr() denial of service (06.09.2007)
 documentlaurent gaffie, PHP < 5.2.3 fnmatch() denial of service (06.09.2007)
 documentlaurent gaffie, PHP < 5.2.4 setlocale() denial of service (06.09.2007)
 documentlaurent gaffie, PHP < 5.2.3 glob() denial of service (06.09.2007)

Total Commander / Unreal Commander / Magellan Explorer directory traversal
Published:08.09.2007
Source:
SecurityVulns ID:8125
Type:client
Threat Level:
5/10
Description:Directory traversal with filename obtained from FTP server.
Affected:XDIESEL : Unreal Commander 0.92
 TOTALCOMMANDER : Total Commander 7.01
 MAGELLAN : Magellan Explorer 3.32
Original documentdocumentGynvael Coldwind, [HISPASEC] 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal (08.09.2007)
 documentGynvael Coldwind, [HISPASEC] 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573) multiple FTP-based vulnerabilities (08.09.2007)
 documentGynvael Coldwind, [HISPASEC] 2K7SEPT6 Total Commander 7.01 Remote FTP Client Directory Traversal (08.09.2007)

Apple iTunes buffer overflow
Published:08.09.2007
Source:
SecurityVulns ID:8126
Type:client
Threat Level:
6/10
Description:Buffer overflow on MP4 / AAC files covr tag parsing.
Affected:APPLE : iTunes 7.3
Original documentdocumentDavid Thiel, iTunes 7.3.x - Heap overflow in album cover parsing (08.09.2007)

Eggdrop IRC client buffer overflow
Published:08.09.2007
Source:
SecurityVulns ID:8127
Type:client
Threat Level:
5/10
Description:Buffer overflow on oversized private message.
Affected:EGGDROP : eggdrop 1.6
CVE:CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.)
Original documentdocumentMANDRIVA, [ MDKSA-2007:175 ] - Updated eggdrop package fix remote buffer overflow (08.09.2007)

Buffalo AirStation WHR-G54S crossite request forgery
Published:08.09.2007
Source:
SecurityVulns ID:8128
Type:remote
Threat Level:
4/10
Description:Request forgery in administration interface.
Affected:BUFFALO : AirStation WHR-G54S
Original documentdocumentHenri Lindberg - Smilehouse Oy, Buffalo AirStation WHR-G54S CSRF vulnerability (08.09.2007)

Apple Safari browser buffer overflow
updated since 08.09.2007
Published:08.09.2007
Source:
SecurityVulns ID:8129
Type:client
Threat Level:
6/10
Description:Buffer overflow via document.location.hash parameter.
Affected:APPLE : Safari 3.0
Original documentdocumentazizov_(at)_itdefence.ru, Safari 3.0.3 (522.15.5) Buffer overflow (08.09.2007)

Microsoft SQL Server Distributed Management Objects ActoveX buffer overflow
Published:08.09.2007
Source:
SecurityVulns ID:8130
Type:client
Threat Level:
6/10
Description:Buffer overflow in SQLDMO.SQLServer Start method.
Original documentdocumentretrog_(at)_alice.it, Microsoft SQL Server Distributed Management Objects OLE DLL for SQL Enterprise Manager (sqldmo.dll) remote buffer overflow poc (08.09.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod