Computer Security
[EN] securityvulns.ru no-pyccku


madwifi buffer overflow
Published:08.12.2006
Source:
SecurityVulns ID:6904
Type:remote
Threat Level:
6/10
Description:Buffer overflow in Atheros driver on SIOCGIWSCAN signal processing.
Affected:MADWIFI : Madwifi 0.9
CVE:CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.)
Original documentdocumentTyop?, [Full-disclosure] [Madwifi] Madwifi SIOCGIWSCAN buffer overflow // France Telecom (08.12.2006)
Files:madwifi WPA/RSN IE remote kernel buffer overflow

Intel network adapters drivers privilege escalation
Published:08.12.2006
Source:
SecurityVulns ID:6900
Type:local
Threat Level:
7/10
Description:Buffer overflow on processing IOCTL_NDIS_QUERY_SELECTED_STATS NDIS request.
Affected:INTEL : Intel PRO 10/100
 INTEL : Intel PRO/1000
 INTEL : Intel PRO/1000 PC
 INTEL : Intel PRO/10GbE
Original documentdocumentEEYE, EEYE: Intel Network Adapter Driver Local Privilege Escalation (08.12.2006)

l2tpns layer 2 tunnelling protocol network server buffer overflow
Published:08.12.2006
Source:
SecurityVulns ID:6901
Type:remote
Threat Level:
5/10
Affected:L2TPNS : l2tpns 2.0
 L2TPNS : l2tpns 2.1
Original documentdocumentDEBIAN, [SECURITY] [DSA-1230-1] new l2tpns packages fix buffer overflow (08.12.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.12.2006
Source:
SecurityVulns ID:6902
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 PHPADSNEW : phpAdsNew 2.0
Original documentdocumentifx_(at)_cupu.us, Midicart vulerable (08.12.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] cPanel 11 pops.html Cross-Site Scripting (08.12.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting (08.12.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] cPanel BoxTrapper Cross Site Scripting (08.12.2006)
 documentMeftun_(at)_MeftunNet.Com, DUdirectory Admin Panel SQL Injection (08.12.2006)
 documentlaurent gaffié, phpbb 2.0.x [xss] (08.12.2006)
Files:phpAdsNew-2.0.4-pr2 Remote File Inclusion Exploit

ClamAV antivirus DoS
updated since 08.12.2006
Published:10.12.2006
Source:
SecurityVulns ID:6899
Type:remote
Threat Level:
5/10
Description:High recursion of MIME parts causes antivirus to crash.
Affected:CLAMAV : ClamAV 0.88
Original documentdocumentDEBIAN, [SECURITY] [DSA 1232-1] New clamav packages fix denial of service (10.12.2006)
 documentTomasz Kojm, Re: Multiple Vendor Unusual MIME Encoding Content Filter Bypass (08.12.2006)
 document3APA3A, Re[2]: Multiple Vendor Unusual MIME Encoding Content Filter Bypass (08.12.2006)
 documentHendrik Weimer, Multiple Vendor Unusual MIME Encoding Content Filter Bypass (08.12.2006)

Brightstor ArcServe Backup buffer overflow
updated since 08.12.2006
Published:01.04.2007
Source:
SecurityVulns ID:6903
Type:remote
Threat Level:
7/10
Description:Buffer overflow—č in backup discovery service and tape engine, backup message system.
Affected:CA : Brightstor ARCserve Backup 11.1
 CA : BrightStor ARCserve Backup 10.5
 CA : BrightStor ARCserve Backup 9.01
 CA : Brightstor ARCserve Backup 11.5
 CA : CA Server Protection Suite 2
CVE:CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.)
 CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.)
 CVE-2007-14478
 CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.)
 CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.)
 CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.)
 CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.)
 CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.)
 CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.)
 CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.)
 CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.)
 CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.)
 CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.)
 CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.)
Original documentdocumentCA, CA BrightStor ARCserve Backup Mediasvr.exe vulnerability (01.04.2007)
 documentM. Shirk, CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability (30.03.2007)
 documentWINNY THOMAS, ARCserve msgeng.exe buffer overflow exploit (win2k SP4) (17.03.2007)
 documentWINNY THOMAS, ARCserve msgeng.exe buffer overflow exploit (win2k SP4) (17.03.2007)
 documentCA, [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities (17.03.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Resource Exhaustion CA Mobile BackupService (01.02.2007)
 documentNGS Software Insight Security Research, Remote DOS BrightStor ARCserve Backup for Laptops & Desktops (01.02.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops (01.02.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup (01.02.2007)
 documentCA, [Full-disclosure] [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities (24.01.2007)
 documentCA, [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities (12.01.2007)
 documentadvisories_(at)_lssec.com, LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability (12.01.2007)
 documentZDI, ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability (12.01.2007)
 documentZDI, ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability (12.01.2007)
 documentZDI, ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability (12.01.2007)
 documentadvisories_(at)_lssec.com, LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability (09.12.2006)
 documentadvisories_(at)_lssec.com, LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability (09.12.2006)
 documentCA, [CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability (08.12.2006)
Files:CA brightstor msgeng.exe heap overflow exploit (win2k SP0)
 Remote exploit for CA brightstor tapeeng (win2k SP4)
 Computer Associates (CA) Brightstor Backup Mediasvr.exe Remote Code Exploit
 Remote exploit for the CA BrightStor Arcserve stack overflow as
 ARCserve msgeng.exe buffer overflow exploit (win2k SP4)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod