Computer Security
[EN] securityvulns.ru no-pyccku


Sun Solaris facl() DoS
Published:09.05.2007
Source:
SecurityVulns ID:7684
Type:local
Threat Level:
5/10
Description:Integer overflow on ACE_SETACL processing.
Affected:ORACLE : Solaris 10
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.07.07: Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS Vulnerability (09.05.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.05.2007
Source:
SecurityVulns ID:7685
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MOINMOIN : MoinMoin 1.5
 APBROADCAST : AP Newspower 4.0
CVE:CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Original documentdocumentgobbles_fo_evar_(at)_hushmail.com, AP Newspower software <=4.0.1 allows remote data manipulation (09.05.2007)
 documentUBUNTU, [USN-458-1] MoinMoin vulnerabilities (09.05.2007)

Trend Micro ServerProtect multiple security vulnerabilities
Published:09.05.2007
Source:
SecurityVulns ID:7686
Type:remote
Threat Level:
6/10
Description:SpntSvc.exe (TCP/5168) buffer overflow. Buffer overflow in EarthAgent.exe (TCP/3628).
Affected:TM : ServerProtect 5.58
CVE:CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.)
Original documentdocumentZDI, ZDI-07-024: Trend Micro ServerProtect EarthAgent Stack Overflow Vulnerability (09.05.2007)
 documentZDI, ZDI-07-025: Trend Micro ServerProtect AgRpcCln.dll Stack Overflow Vulnerability (09.05.2007)

HP OpenView Storage Data Protector unauthorized code execution
Published:09.05.2007
Source:
SecurityVulns ID:7687
Type:remote
Affected:HP : OpenView Storage Data Protector 5.1
Original documentdocumentHP, [security bulletin] HPSBMA02138 SSRT061184 rev.3 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution (09.05.2007)

HP Tru64 UNIX dop privilege escalation
Published:09.05.2007
Source:
SecurityVulns ID:7688
Type:local
Threat Level:
5/10
Affected:HP : Tru64 UNIX 5.1
Original documentdocumentHP, [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation (09.05.2007)

Asterisk information leak
Published:09.05.2007
Source:
SecurityVulns ID:7689
Type:remote
Threat Level:
5/10
Description:Empty IAX2 packet causes memory content leak and potential DoS condition because of missed terminating NULL byte.
CVE:CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.)

AXIS Camera Control ActiveX buffer overflow
Published:09.05.2007
Source:
SecurityVulns ID:7690
Type:client
Threat Level:
5/10
Description:Buffer overflow in SaveBMP() method.
Affected:AXIS : Axis 2100
 AXIS : Axis 2110
 AXIS : Axis 2120
 AXIS : Axis 2130
 AXIS : Axis 2400
 AXIS : Axis 2401
 AXIS : Axis 2420
 AXIS : Axis 2411
 AXIS : Axis Panorama PTZ
CVE:CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.)

Linux netlink DoS
Published:09.05.2007
Source:
SecurityVulns ID:7691
Type:library
Threat Level:
5/10
Description:Invalid processing of NETLINK_FIB_LOOKUP responses.
Affected:LINUX : kernel 2.6
CVE:CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.)

GNU Gnash Flash Player array overflow
Published:09.05.2007
Source:
SecurityVulns ID:7692
Type:client
Threat Level:
5/10
Description:Array overflow on large number of SHOWFRAME elements within DEFINESPRITE.
Affected:GNU : Gnash 0.7
CVE:CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod