Computer Security
[EN] securityvulns.ru no-pyccku


Securekit Steganography / Camouflage protection bypass
updated since 09.01.2007
Published:11.01.2007
Source:
SecurityVulns ID:7019
Type:m-i-t-m
Threat Level:
5/10
Description:File with hidden information has strong signature, password protection is implemented in interface only.
Affected:SECUREKIT : Steganography 1.8
 SECUREKIT : Steganography 1.7
 TWISTEDPEAR : Camouflage 1.2
CVE:CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.)
 CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.)
Original documentdocumentthesinoda_(at)_hotmail.com, A Major design Bug in Camouflage 1.2.1 (latest) (11.01.2007)
 documentthesinoda_(at)_hotmail.com, A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) (11.01.2007)
 documentthesinoda_(at)_hotmail.com, Cracking Steganography Application in less than ONE minute (09.01.2007)

Multiple Microsoft Outlook security vulnerabilities
updated since 09.01.2007
Published:11.01.2007
Source:
SecurityVulns ID:7030
Type:client
Threat Level:
6/10
Description:DoS. Buffer overflow on .iCal and .oss files parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability.")
 CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.)
 CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.)
Original documentdocumentComputer Terrorism (UK) :: Incident Response Centre, [Full-disclosure] Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability (11.01.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) (09.01.2007)
Files:Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

Cisco IOS Data-link Switching DoS
Published:11.01.2007
Source:
SecurityVulns ID:7036
Type:remote
Threat Level:
5/10
Description:Device reload on malformed DLSw message parsing.
Affected:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
CVE:CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange.")
Original documentdocumentCISCO, Cisco Security Advisory: DLSw Vulnerability (11.01.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.01.2007
Source:
SecurityVulns ID:7037
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 JSHOP : Jshop Server 1.3
 WORDPRESS : WordPress 2.0
 PHPMYADMIN : phpmyadmin 2.9
 SAZCART : SazCart 1.5
 CSCART : CS-Cart 1.3
 MOTIONBORG : MOTIONBORG Web Real Estate 2.1
 UNIFORUM : uniForum 4
 AXIOM : Axiom 0.8
 MEDIAWIKI : MediaWiki 1.6
 MEDIAWIKI : MediaWiki 1.7
 MEDIAWIKI : MediaWiki 1.8
CVE:CVE-2007-0232 (PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.)
 CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use.)
 CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).)
 CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information,)
 CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.)
 CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.)
 CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.)
 CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.)
 CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.)
Original documentdocumentinfo_(at)_burnhead.it, phpBB (privmsg.php) XSS Exploit (11.01.2007)
 documentirvian_(at)_presiden.com, Jshop Server 1.3 (11.01.2007)
 documentajannhwt_(at)_hotmail.com, uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability (11.01.2007)
 documentajannhwt_(at)_hotmail.com, MOTIONBORG Web Real Estate <= v2.1 Remote SQL Injection Vulnerability (11.01.2007)
 documentirvian, shop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability (11.01.2007)
 documentIbnuSina, sazcart v1.5 (cart.php) Remote File include (11.01.2007)
 documentahmed_labib_hilmy_(at)_yahoo.com, CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability (11.01.2007)
Files:Wordpress <= 2.0.6 wp-trackback.php Zend_Hash_Del_Key_Or_Index sql injection admin hash disclosure exploit
 Exploits Axiom 0.8.6 photo gallery (template.php)Remote File Include Vulnerability

EIQ Networks Network Security Analyzer DoS
Published:11.01.2007
Source:
SecurityVulns ID:7038
Type:remote
Threat Level:
5/10
Description:Crash on malformed command to TCP/10618 port.
Affected:EIQNETWORKS : eIQnetworks Enterprise Security Analyzer 2.5
CVE:CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference.)
Original documentdocumentEthan Hunt, [Full-disclosure] EIQ Networks Network Security Analyzer DoS Vulnerability (11.01.2007)
Files:Exploits EIQ Networks Network Security Analyzer DoS

Microsoft Windows WMF invalid pointer dereference
Published:11.01.2007
Source:
SecurityVulns ID:7039
Type:client
Threat Level:
5/10
Description:Invalid pointer dereference in GDI on CreateBrushIndirect function.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentAlexander Sotirov, WMF CreateBrushIndirect vulnerability (DoS) (11.01.2007)
Files:WMF 0-day Dos Exploit

TIS Internet Firewall Toolkit buffer overflow
Published:11.01.2007
Source:
SecurityVulns ID:7041
Type:remote
Threat Level:
7/10
Description:Buffer overflow on FTP proxy oversized user name.
CVE:CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).)

Mac OS X / Apple Finder multiple file system parsing vulnerabilities
updated since 11.01.2007
Published:16.01.2007
Source:
SecurityVulns ID:7040
Type:local
Threat Level:
6/10
Description:Buffer overflow on oversized DMG volume label in Apple Finder. Integer overflows on UFS DMG image parsing. DoS on processing UFS and HFS+ volumes.
Affected:APPLE : Mac OS X 10.4
 FREEBSD : FreeBSD 6.1
CVE:CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.)
 CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.)
 CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.)
 CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.)
 CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.)
Original documentdocumentMOAB, MOAB-13-01-2007: Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-12-01-2007: Apple DMG UFS ufs_lookup() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-11-01-2007: Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability (16.01.2007)
 documentMOAB, MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability (16.01.2007)
 documentKevin Finisterre, DMA[2007-0109a] - 'Apple Finder Disk Image Volume Label Overflow / DoS' (11.01.2007)
Files:Exploits Apple Finder DMG Volume Name Memory Corruption
 Exploits Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
 Exploits Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability
 Exploits Apple DMG UFS ufs_lookup() Denial of Service Vulnerability
 Exploits Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod