Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime multiple security vulnerabilities
updated since 06.03.2007
Published:09.03.2007
Source:
SecurityVulns ID:7349
Type:client
Threat Level:
6/10
Description:Integer overflows, buffer overflows and memory corruptions on different data formats parsing.
Affected:APPLE : QuickTime 7.1
CVE:CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.)
 CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.)
 CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.)
 CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.)
 CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.)
 CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.)
 CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.)
 CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.)
Original documentdocumentZDI, ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability (09.03.2007)
 documentReversemode, [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption (06.03.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-065A -- Apple Releases Security Updates for QuickTime (06.03.2007)
 documentSowhat ., [Full-disclosure] Apple QuickTime udta ATOM Integer Overflow (06.03.2007)
 documentPiotr Bania, [Full-disclosure] Apple QuickTime Player Remote Heap Overflow (06.03.2007)
 documentIDEFENSE, iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability (06.03.2007)

PHP import_request_variables internal variables overwrite
Published:09.03.2007
Source:
SecurityVulns ID:7360
Type:library
Threat Level:
4/10
Description:$_GET $_POST $_COOKIE $_FILES $_SERVER $_SESSION and another internal variables may be overwritten during import.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.)
Original documentdocumentascii, [Full-disclosure] PHP import_request_variables() vs extract() (09.03.2007)
 documentStefano Di Paola, PHP import_request_variables() arbitrary variable overwrite (09.03.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.03.2007
Source:
SecurityVulns ID:7361
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WordPress 2.1
 PHPNUKE : PHP-Nuke 8.0
 WEBO : Web Organizer 1.0
 PHPMYADMIN : phpMyAdmin 2.10
 DYNALIENS : dynaliens 2.1
CVE:CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.)
 CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.)
 CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.)
 CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.)
 CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.)
 CVE-2007-1391 (PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.)
 CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.)
 CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/.)
 CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.)
Original documentdocumentRaeD Hasadya, Remote File Include In Script Coppermine Photo Gallery (09.03.2007)
 documentc_r_ck_(at)_hotmail.com, Lazarus Guestbook (admin.php)Remote File Include Expliot (09.03.2007)
 documentsn0oPy.team_(at)_gmail.com, dynaliens v2.0/v2.1 bypass admin authentification + XSS (09.03.2007)
 documentalfa_(at)_virtuax.be, xss in phpmyadmin >=2.8.0 and < 2.10.0 (09.03.2007)
 documentr00t2000_(at)_hush.com, Word Press Sensitive Directory exposure (SQL) (09.03.2007)
 documentRaeD Hasadya, Remote File Include In Script copyright (c) James Coyle; JCcorp (09.03.2007)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability (09.03.2007)
 documentRaeD Hasadya, XSS In Script deviantART (09.03.2007)
 documentOmid, Sql injection in WordPress 2.1.2 (09.03.2007)
 documentascii, Php Nuke POST XSS on steroids (09.03.2007)
Files:PHP-Nuke POST crossite scripting PoC

Omnikey CardMan 4040 linux driver buffer overflow
Published:09.03.2007
Source:
SecurityVulns ID:7362
Type:local
Threat Level:
5/10
Description:Buffer overflow on cmx device request handling.
Affected:OMNIKEY : CardMan 4040
CVE:CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.)
Original documentdocumentDaniel Roethlisberger, Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005) (09.03.2007)

IPSwitch IMail ActiveX multiple buffer overflows
Published:09.03.2007
Source:
SecurityVulns ID:7363
Type:client
Threat Level:
5/10
Affected:IPSWITCH : IMail 2006
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.07.07: Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilities (09.03.2007)

PHP crack_opendict() extension buffer overflow
Published:09.03.2007
Source:
SecurityVulns ID:7364
Type:library
Threat Level:
5/10
Description:Buffer overflow on oversized function argument.
Affected:PHP : PHP 4.4
CVE:CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.)
Original documentdocumentretrog_(at)_alice.it, PHP 4.4.6 crack_opendict() local buffer overflow poc exploit (09.03.2007)
Files:PHP 4.4.6 crack_opendict() local buffer overflow poc exploit

CA eTrust privilege escalation
Published:09.03.2007
Source:
SecurityVulns ID:7365
Type:local
Threat Level:
5/10
Description:GINA password reset interface privilege escalation.
Affected:CA : eTrust Admin 8.1
CVE:CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.)
Original documentdocumentCA, [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability (09.03.2007)

Novell NetMail WebAdmin buffer overflow
Published:09.03.2007
Source:
SecurityVulns ID:7366
Type:remote
Threat Level:
5/10
Description:TCP/89 HTTP Basic authentication buffer overflow.
Affected:NOVELL : NetMail 3.5
CVE:CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.)
Original documentdocumentZDI, ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability (09.03.2007)

Conquest game buffer overflow
Published:09.03.2007
Source:
SecurityVulns ID:7367
Type:client
Threat Level:
3/10
Description:Buffer overflow on parsing metaserver reply.
Affected:CONQUEST : Conquest 8.2
CVE:CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933.)
Original documentdocumentLuigi Auriemma, Buffer-overflow in Conquest client 8.2a (svn 691) (09.03.2007)

MySQL subselect DoS
Published:09.03.2007
Source:
SecurityVulns ID:7368
Type:local
Threat Level:
5/10
Description:NULL pointer dereference if string function is applied to select with "order by" result.
Affected:ORACLE : MySQL 5.0
CVE:CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20070309-0 :: MySQL 5 Single Row Subselect Denial of Service (09.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod