Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Microsoft Office security vulnerabilities
Published:09.04.2007
Source:
SecurityVulns ID:7554
Type:remote
Threat Level:
6/10
Description:Buffer overflows, CPU exhaustion on .doc files parsing.
Affected:MICROSOFT : Office 2007
CVE:CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.)
 CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.)
Original documentdocumentMuts, [Full-disclosure] Some 0day Pocs (09.04.2007)
Files:Exploits Microsoft Office multiple vulnerabilities

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.04.2007
Source:
SecurityVulns ID:7555
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPMYADMIN : phpMyAdmin 2.6
 PWP : Portail Web php 2.5
 UBB : UBB.threads 6.1
 DESKPRO : DeskPRO 2.0
 SCORPBOOK : Scorp Book 1.0
 PINEAPPLE : Lore 1
 REQUESTIT : Request It : Song Request System 1.0
 QUIZSHOCK : QuizShock 1.6
CVE:CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4.)
 CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.)
 CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.)
 CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.)
 CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/.)
 CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.)
 CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.)
 CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<".)
Original documentdocumentmail_(at)_hackberry.ath.cx, Request It : Song Request System 1.0b - remote file inclusion (09.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, Gsylvain35 Portail Web Remote File Include Vulnerabilities (09.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, phpMyAdmin 2.6.1 Local Cross Site Scripting (09.04.2007)
 documentRaeD Hasadya, Remot File Include In Script Lore v1 (09.04.2007)
 documentRaeD Hasadya, Take Control In Script Jeebles Directory (09.04.2007)
 documentjohn_(at)_martinelli.com, UBB.threads (<= 6.1.1) SQL Injection Vulnerability (09.04.2007)
Files:Exploits DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability
 Scorp Book <== v1.0 (smilies.php) Remote File Include Exploit
 QuizShock 1.6.1 - Cross-Site Scripting Vulnerability
 Mybb Hot Editor Plugin Local File Inclusion
 Hot Editor Local File İnclude Exploit

Microsoft Windows Vista protected process protection bypass
Published:09.04.2007
Source:
SecurityVulns ID:7556
Type:local
Threat Level:
6/10
Description:It's possible to set or remove process protection.
Affected:MICROSOFT : Windows Vista
Original documentdocumentRandall M, [Full-disclosure] Vista Protected Processes Bypassed (09.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod