Computer Security

Search:Vulnerability:10.10.2007
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Outlook Express / Windows Mail NNTP buffer overflow
Published:10.10.2007
Source:MICROSOFT
SecurityVulns ID:8228
Type:client
Level:8/10
Description:Heap memory overflow on NNTP server reply parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3897
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-056 - Critical Security Update for Outlook Express and Windows Mail (941202) (10.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow (10.10.2007)
Files:Microsoft Security Bulletin MS07-056 - Critical Security Update for Outlook Express and Windows Mail (941202)
Discuss:Read or add your comments to this news (0 comments)

Linux mount / umount privilege escalation
Published:10.10.2007
Source:BUGTRAQ
SecurityVulns ID:8230
Type:local
Level:6/10
Description:Invalid order of setuid / setgid calls and unchecked return value.
CVE:CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.)
Original documentdocumentRPATH, rPSA-2007-0212-1 util-linux (10.10.2007)
Discuss:Read or add your comments to this news (0 comments)

Kodak Image Viewer memory corruption
Published:10.10.2007
Source:MICROSOFT
SecurityVulns ID:8231
Type:client
Level:5/10
Description:Memory corruption on image files parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
CVE:CVE-2007-2217
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-055 - Critical Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810) (10.10.2007)
Files:Microsoft Security Bulletin MS07-055 - Critical Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Internet Explorer multiple security vulnerabilities
Published:10.10.2007
Source:MICROSOFT
SecurityVulns ID:8232
Type:client
Level:6/10
Description:Memory corruption, address bar spoofing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3893
 CVE-2007-3892
 CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.)
 CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-057 - Critical Cumulative Security Update for Internet Explorer (939653) (10.10.2007)
Files:Microsoft Security Bulletin MS07-057 - Critical Cumulative Security Update for Internet Explorer (939653)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.10.2007
Source:BUGTRAQ
SecurityVulns ID:8229
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TIKIWIKI : tikiwiki 1.9
 MODX : modx 0.9
 SQLLEDGER : SQL-Ledger 2.6
 LEDGERSMB : LedgerSMB 1.0
 LEDGERSMB : LedgerSMB 1.1
 LEDGERSMB : LedgerSMB 1.2
 NETWIN : DNewsWeb 57e1
 SQLLEDGER : SQL-Ledger 2.4
 SQLLEDGER : SQL-Ledger 2.2
Original documentdocumentShAnKaR, TikiWiki php injection (10.10.2007)
 documentxoxland_(at)_gmail.com, Vulnerabilities (10.10.2007)
 documentchris.travers_(at)_gmail.com, LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues (10.10.2007)
 documentHackers Center Security Group, DNewsWeb Softwares Cross Site Scripting Vulrnability (10.10.2007)
 documentAdvisory_(at)_Aria-Security.net, Viart Shopping Cart Directory Transversal Vuln (10.10.2007)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows RPC DoS
updated since 10.10.2007
Published:11.10.2007
Source:MICROSOFT
SecurityVulns ID:8233
Type:remote
Level:6/10
Description:Denial of Service during authentication in RPC-based services.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-2228
Original documentdocumentZDI, ZDI-07-055: Microsoft Windows DCERPC Authentication Denial of Service Vulnerability (11.10.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-058 - Important Vulnerability in RPC Could Allow Denial of Service (933729) (10.10.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru