Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Outlook Express / Windows Mail NNTP buffer overflow
Published:10.10.2007
Source:
SecurityVulns ID:8228
Type:client
Threat Level:
8/10
Description:Heap memory overflow on NNTP server reply parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-056 - Critical Security Update for Outlook Express and Windows Mail (941202) (10.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow (10.10.2007)
Files:Microsoft Security Bulletin MS07-056 - Critical Security Update for Outlook Express and Windows Mail (941202)

Linux mount / umount privilege escalation
Published:10.10.2007
Source:
SecurityVulns ID:8230
Type:local
Threat Level:
6/10
Description:Invalid order of setuid / setgid calls and unchecked return value.
CVE:CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.)
Original documentdocumentRPATH, rPSA-2007-0212-1 util-linux (10.10.2007)

Kodak Image Viewer memory corruption
Published:10.10.2007
Source:
SecurityVulns ID:8231
Type:client
Threat Level:
5/10
Description:Memory corruption on image files parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
CVE:CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-055 - Critical Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810) (10.10.2007)
Files:Microsoft Security Bulletin MS07-055 - Critical Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)

Microsoft Internet Explorer multiple security vulnerabilities
Published:10.10.2007
Source:
SecurityVulns ID:8232
Type:client
Threat Level:
6/10
Description:Memory corruption, address bar spoofing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3893
 CVE-2007-3892
 CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.)
 CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-057 - Critical Cumulative Security Update for Internet Explorer (939653) (10.10.2007)
Files:Microsoft Security Bulletin MS07-057 - Critical Cumulative Security Update for Internet Explorer (939653)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.10.2007
Source:
SecurityVulns ID:8229
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TIKIWIKI : tikiwiki 1.9
 MODX : modx 0.9
 SQLLEDGER : SQL-Ledger 2.6
 LEDGERSMB : LedgerSMB 1.0
 LEDGERSMB : LedgerSMB 1.1
 LEDGERSMB : LedgerSMB 1.2
 NETWIN : DNewsWeb 57e1
 SQLLEDGER : SQL-Ledger 2.4
 SQLLEDGER : SQL-Ledger 2.2
Original documentdocumentShAnKaR, TikiWiki php injection (10.10.2007)
 documentxoxland_(at)_gmail.com, Vulnerabilities (10.10.2007)
 documentchris.travers_(at)_gmail.com, LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues (10.10.2007)
 documentHackers Center Security Group, DNewsWeb Softwares Cross Site Scripting Vulrnability (10.10.2007)
 documentAdvisory_(at)_Aria-Security.net, Viart Shopping Cart Directory Transversal Vuln (10.10.2007)

Microsoft Windows RPC DoS
updated since 10.10.2007
Published:11.10.2007
Source:
SecurityVulns ID:8233
Type:remote
Threat Level:
6/10
Description:Denial of Service during authentication in RPC-based services.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-2228
Original documentdocumentZDI, ZDI-07-055: Microsoft Windows DCERPC Authentication Denial of Service Vulnerability (11.10.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-058 - Important Vulnerability in RPC Could Allow Denial of Service (933729) (10.10.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod