Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Explorercode execution
Published:09.07.2008
Source:
SecurityVulns ID:9134
Type:client
Threat Level:
7/10
Description:Problem while parsing saved search files .search-ms.
Affected:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-1435
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-038 – Important Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) (09.07.2008)
Files:Microsoft Security Bulletin MS08-038 – Important Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)

Microsoft Windows DNS server and DNS client DNS reply spoofing
updated since 14.11.2007
Published:09.07.2008
Source:
SecurityVulns ID:8336
Type:remote
Threat Level:
6/10
Description:Weak pseudo-random generator is used to generate DNS request ID.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2008-1454
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.")
 CVE-2008-0087
 CVE-2007-3898
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-037 – Important Vulnerabilities in DNS Could Allow Spoofing (953230) (09.07.2008)
 documentAmit Klein, Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020) (08.04.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-020 – Important Vulnerability in DNS Client Could Allow Spoofing (945553) (08.04.2008)
 documentAlla Bezroutchko, [Full-disclosure] Predictable DNS transaction IDs in Microsoft DNS Server (14.11.2007)
 documentAmit Klein, After 6 months - fix available for Microsoft DNS cache poisoning attack (14.11.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-062 – Important Vulnerability in DNS Could Allow Spoofing (941672) (14.11.2007)
Files:program for DNS id spoofing
 Microsoft Security Bulletin MS07-062 – Important Vulnerability in DNS Could Allow Spoofing (941672)
 Microsoft Security Bulletin MS08-037 – Important Vulnerabilities in DNS Could Allow Spoofing (953230)
 Microsoft Security Bulletin MS08-020 – Important Vulnerability in DNS Client Could Allow Spoofing (945553)

F5 FirePass SNMP DoS
Published:09.07.2008
Source:
SecurityVulns ID:9138
Type:remote
Threat Level:
5/10
Description:Crash on 1.3.6.1.2.1.25.6 traversing.
Affected:F5 : FirePass 1200
Original documentdocumentnnposter_(at)_disclosed.not, F5 FirePass 1200 SNMP daemon DoS (09.07.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 09.07.2008
Published:09.07.2008
Source:
SecurityVulns ID:9140
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RavenNuke: CAPTCHA bypass.
Affected:VBULLETIN : vBulletin 3.7
 RAVENNUKE : RavenNuke 2.20
 PHPNUKE : 4ndvddb module for PHP-Nuke 0.91
Original documentdocumentlovebug_(at)_hotmail.it, XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower (09.07.2008)
 documentlovebug_(at)_hotmail.it, PHP-NUKE SQL Module's Name 4ndvddb (09.07.2008)
 documentMustLive, Insufficient Anti-automation vulnerability in RavenNuke (09.07.2008)

HP OpenView Network Node Manager multiple security vulnerabilities
Published:09.07.2008
Source:
SecurityVulns ID:9141
Type:remote
Threat Level:
6/10
Description:Unauthorized access, code execution.
Affected:HP : OpenView Network Node Manager 7.51
CVE:CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.51 allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.)
 CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.)
Original documentdocumentHP, [security bulletin] HPSBMA02349 SSRT080043 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Unauthorized Access to Data (09.07.2008)
 documentHP, [security bulletin] HPSBMA02348 SSRT080033 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) (09.07.2008)

libpoppler library uninitialized pointer
updated since 09.07.2008
Published:10.07.2008
Source:
SecurityVulns ID:9139
Type:library
Threat Level:
6/10
Description:Uninitialized pointer dereference on PDF parsing.
Affected:POPPLER : poppler 0.8
CVE:CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.)
Original documentdocumentFelipe Andres Manzano, [Full-disclosure] #2008-007 libpoppler uninitialized pointer - POC (10.07.2008)
 documentAndrea Barisani, [oCERT-2008-007] libpoppler uninitialized pointer (09.07.2008)
Files:libpoppler uninitialized pointer exploit

Microsoft SQL Server multiple security vulnerabilities
updated since 09.07.2008
Published:10.07.2008
Source:
SecurityVulns ID:9136
Type:local
Threat Level:
6/10
Description:Buffer overflows, memorry corruptions, information leak.
Affected:MICROSOFT : SQL Server 7.0
 MICROSOFT : SQL Server 2000
 MICROSOFT : SQL Server 2005
CVE:CVE-2008-0107 (Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability.")
 CVE-2008-0106 (Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.)
 CVE-2008-0086 (Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.)
 CVE-2008-0085 (SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.)
Original documentdocumentBrett Moore, Insomnia : ISVA-080709.1 - Microsoft SQL Server - Corrupt Backup File Heap Overflow (10.07.2008)
 documentIDEFENSE, iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability (10.07.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) (09.07.2008)
Files:Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Microsoft Access ActiveX file download
updated since 09.07.2008
Published:12.08.2008
Source:
SecurityVulns ID:9137
Type:client
Threat Level:
7/10
Description:SnapShot Viewer ActiveX allows file download to any location.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-041 – Critical Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) (12.08.2008)
 documentCERT, US-CERT Technical Cyber Security Alert TA08-189A -- Microsoft Office Snapshot Viewer ActiveX Vulnerability (09.07.2008)
Files:Microsoft Security Advisory (955179) Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
  Microsoft Security Bulletin MS08-041 – Critical Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod