Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Information Server DoS
updated since 18.12.2005
Published:10.07.2007
Source:
SecurityVulns ID:5546
Type:remote
Threat Level:
7/10
Description:Request like http://www.example.com/_vti_bin/.dll/*\~0 for virtual folders with CGI execution enabled causes server to crash and potentially leads to code execution.
Affected:MICROSOFT : Internet Information Server 5.0
 MICROSOFT : Windows XP
 MICROSOFT : Internet Information Server 5.1
 MICROSOFT : Internet Information Server 6.0
CVE:CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-041 - Important Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373) (10.07.2007)
 documentinge.henriksen_(at)_booleansoft.com, Microsoft IIS Remote DoS .DLL Url exploit (18.12.2005)
 documentinge.henriksen_(at)_booleansoft.com, Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit (18.12.2005)
Files:Microsoft IIS Malformed URI DoS Exploit
 Microsoft IIS Malformed URI DoS (_vti_bin, _sharepoint) exploit
 Microsoft Security Bulletin MS07-041 - Important Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)

WinPCAPC packet capture layer privilege escalation
Published:10.07.2007
Source:
SecurityVulns ID:7901
Type:local
Threat Level:
5/10
Description:One of IOCTLS allows kernel memory regions overwriting.
Affected:WINPCAP : WinPcap 4.0
Original documentdocumentmballano_(at)_gmail.com, WinPcap NPF.SYS Privilege Elevation Vulnerability (10.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.09.07: WinPcap NPF.SYS Local Privilege Escalation Vulnerability (10.07.2007)
Files:WinPcap NPF.SYS Privilege Elevation Vulnerability PoC exploit

GIMP GNU image manipulation program multiple security vulnerabilities
Published:10.07.2007
Source:
SecurityVulns ID:7902
Type:client
Threat Level:
6/10
Description:Multiple integer overflows on DICOM, PNM, PSD, PSP, Sun RAS, XBM, XWD formats parsing.
Affected:GNU : GIMP 2.2
CVE:CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.09.07: Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities (10.07.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.07.2007
Source:
SecurityVulns ID:7905
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CODEIGNITER : CodeIgniter 1.5
 FLASHBB : Flashbb 1.1
Original documentdocumentmata_(at)_kw3rlndoarme.net, Flashbb <= 1.1.7 - Remote File Inclusion Exploit (10.07.2007)
 documentmata_(at)_kw3rlndoarme.net, Entertainment CMS Admin Login Bypass (10.07.2007)
 documentokan alp, SYSTONÝCfr/portal/ actualites.asp sql injection (10.07.2007)
 documentokan alp, http://marmarahosting.org/infinity.txt (10.07.2007)
 documentokan alp, MERCURY/Templates mercury.ASP SQL Injection (10.07.2007)
 documentSamael De Icaro, Another You tube clone script vulnerability (10.07.2007)
 documentLukasz Pilorz, CodeIgniter 1.5.3 vulnerabilities (10.07.2007)
 documento_0p_(at)_hotmail.com, PHP Comet-Server (10.07.2007)
Files:Flashbb <= 1.1.7 - Remote File Inclusion Exploit

Microsoft Excel memory corruption
Published:10.07.2007
Source:
SecurityVulns ID:7907
Type:client
Threat Level:
6/10
Description:Invalid calculation of version information causes memory corruption.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-036 - Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) (10.07.2007)
Files:Microsoft Security Bulletin MS07-036 - Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)

Microsoft Windows Vista firewall filtering bypass with Toredo
Published:10.07.2007
Source:
SecurityVulns ID:7909
Type:remote
Threat Level:
6/10
Description:Filtering tules are not applied to certein traffic types.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability.")
Original documentdocumentSYMANTEC, SYMSA-2007-005: Vista Windows Firewall Incorrectly Applies Filtering to Teredo Interface (10.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-038 - Moderate (10.07.2007)
Files: Microsoft Security Bulletin MS07-038 - Moderate Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)

Sun Java Webstart buffer overflow
updated since 10.07.2007
Published:11.07.2007
Source:
SecurityVulns ID:7903
Type:client
Threat Level:
8/10
Description:Buffer overflow on JNLP file parsing.
Affected:ORACLE : JRE 5
 ORACLE : JRE 6
Original documentdocumentBrett Moore, SUN Java JNLP Overflow (11.07.2007)
 documentEEYE, EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability (10.07.2007)
Files:Java Web Start Buffer Overflow POC Exploit

Microsoft Publisher memory corruption
updated since 10.07.2007
Published:11.07.2007
Source:
SecurityVulns ID:7908
Type:client
Threat Level:
6/10
Description:Memory corruption on .PUB files parsing.
Affected:MICROSOFT : Publisher 2007
CVE:CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".)
Original documentdocumentEEYE, EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-037 - Important Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) (10.07.2007)
Files:Microsoft Security Bulletin MS07-037 - Important Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)

Microsoft Windows Active Directory array overflow
updated since 10.07.2007
Published:11.07.2007
Source:
SecurityVulns ID:7910
Type:remote
Threat Level:
7/10
Description:Array index overflow on LDAP request parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.)
 CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes.")
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Low Risk Vulnerability in Active Directory (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (10.07.2007)
Files:Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)

Microsoft Internet Explorer 0-day vulnerability
updated since 10.07.2007
Published:19.07.2007
Source:
SecurityVulns ID:7904
Type:client
Threat Level:
6/10
Description:Unfiltered shell characters on executed URL: protocol application handler.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability (19.07.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-23 (19.07.2007)
 documentThor Larholm, [Full-disclosure] Internet Explorer 0day exploit (10.07.2007)
Files: Internet Explorer 0day Exploit

Mozilla Firefox cache crossite access
updated since 10.07.2007
Published:19.07.2007
Source:
SecurityVulns ID:7906
Type:client
Threat Level:
7/10
Description:wyciwyg:// URL in combination with 302 HTTP response allows to access cached pages.
Affected:MOZILLA : Firefox 2.0
 XULRUNNER : xulrunner 1.8
 ICEWEASEL : iceweasel 2.0
CVE:CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-24 (19.07.2007)
 documentMichal Zalewski, Firefox wyciwyg:// cache zone bypass (10.07.2007)

Microsoft .Net framework multiple security vulnerabilities
updated since 10.07.2007
Published:25.08.2008
Source:
SecurityVulns ID:7911
Type:client
Threat Level:
7/10
Description:Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework 2.0 through 2.0 SP2 for Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".)
 CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003; and 2.0 and earlier for Windows Vista allows remote attackers to access configuration files and obtain sensitive information via "invalid URLs," probably containing a terminating NULL byte.)
 CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.)
Original documentdocumentProCheckUp Research, PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks (25.08.2008)
 documentPaul Craig, Multiple .NET Null Byte Injection Vulnerabilities (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-040 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (10.07.2007)
Files:Bypassing ASP .NET “ValidateRequest” for Script Injection Attacks

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod