Computer Security
[EN] securityvulns.ru no-pyccku


AOL instant messenger / ICQ directory traversal
Published:10.04.2007
Source:
SecurityVulns ID:7557
Type:client
Threat Level:
6/10
Description:Directory traversal on file receiption.
Affected:AOL : Instant Messenger 5.9
 AOL : ICQ 5.1
CVE:CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability (10.04.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.04.2007
Source:
SecurityVulns ID:7558
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPOPENCHAT : PhpOpenChat 3.0
 TOMEX : phpGalleryScript 1.0
CVE:CVE-2007-2020 (** DISPUTED ** Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion.)
Original documentdocumentseko_(at)_se-ko.info, PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities (10.04.2007)
 documentz12xxa_(at)_gmail.com, phpGalleryScript 1.0 - File Inclusion Vulnerabilities (10.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, xodagallery Remote Code Execution Vulnerability (10.04.2007)

Microsoft Content Management Server multiple security vulnerabilities
Published:10.04.2007
Source:
SecurityVulns ID:7559
Type:remote
Threat Level:
6/10
Description:Crossite scripting, memory corruption.
Affected:MICROSOFT : Microsoft Content Management Server 2001
 MICROSOFT : Microsoft Content Management Server 2002
CVE:CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability.")
 CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) (10.04.2007)
Files:Microsoft Security Bulletin MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)

Microsoft Windows Universal PnP memory corruption
Published:10.04.2007
Source:
SecurityVulns ID:7560
Type:remote
Threat Level:
6/10
Description:Memory corruption during TCP/2869 and UDP/1900 request processing.
Affected:MICROSOFT : Windows XP
CVE:CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 04.10.07: Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability (10.04.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-019 Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261) (10.04.2007)
Files:Microsoft Security Bulletin MS07-019 Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)

Microsoft Agent ActiveX memory corruption
Published:10.04.2007
Source:
SecurityVulns ID:7561
Type:client
Threat Level:
7/10
Description:Buffer overflow on URL parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.)
Original documentdocumentSECUNIA, Secunia Research: Microsoft Agent URL Parsing Memory Corruption Vulnerability (10.04.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-020 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168) (10.04.2007)
Files: Microsoft Security Bulletin MS07-020 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod