Computer Security
[EN] securityvulns.ru no-pyccku


Trend Micro Antivirus multiple security vulnerabilities
updated since 08.02.2007
Published:11.02.2007
Source:
SecurityVulns ID:7200
Type:remote
Threat Level:
5/10
Description:Buffer overflow on UPX-packed executables parsing. Privilege escalation through \\.\TmComm DOS-device.
Affected:TM : PC-Cillin Internet Security 2007
 TM : Trend Micro ServerProtect for Linux 2.5
 TM : Trend Micro AntiVirus 2007
 TM : Trend Micro Anti-Spyware for SMB 3.2
 TM : Trend Micro Anti-Spyware for Enterprise 3.0
 TM : Trend Micro Anti-Spyware for Consumer 3.5
CVE:CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.)
 CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.)
Original documentdocumentReversemode, [Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities. (11.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.07.07: Trend Micro TmComm Local Privilege Escalation Vulnerability (08.02.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.02.2007
Source:
SecurityVulns ID:7209
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OVIDENTIA : OVidentia 5.8
 ALLONSVOTER : Allons_voter 1.0
 NABOCORP : nabopoll 1.1
 QDIG : qdig 1.2
 DEVTRACK : DevTrack 6.0
 TWIKI : Twiki 4.0
 TWIKI : Twiki 4.1
CVE:CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.)
 CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.)
 CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.)
 CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.)
 CVE-2007-0875 (** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.)
 CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks.)
 CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.)
 CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.)
 CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.)
 CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.)
 CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.)
Original documentdocumentAndrea "bunker" Purificato, [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel (11.02.2007)
 documentsn0oPy.team_(at)_gmail.com, nabopoll 1.1.2 sensitive file (admin without password) (11.02.2007)
 documentsn0oPy.team_(at)_gmail.com, Allons_voter Version 1.0 xss and admin votes (11.02.2007)
 documentsn0oPy.team_(at)_gmail.com, mcRefer SQL injection (11.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in Rainbow with Rainbow.Zen (11.02.2007)
 documentali_(at)_hackerz.ir, local bug :[xxs] in whm (11.02.2007)
 documentgokhankaya_(at)_hotmail.com, Capital Request Forms Db Username and Password Vulnerabilities (11.02.2007)
 documenthamed.bazargani_(at)_gmail.com, eXtreme File Hosting remote file upload vulnerability (11.02.2007)
Files:OVidentia 5.x Series Remote File İnclude
 Exploits McRefer PHP inclusion

Windows Mobile Internet Explorer DoS
Published:11.02.2007
Source:
SecurityVulns ID:7210
Type:client
Threat Level:
4/10
Description:Vulnerability during WML parsing. Hard reset is required to resume operations.
Affected:MICROSOFT : WIndows Mobile 5.0
CVE:CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.)
Original documentdocumentclappymonkey_(at)_gmail.com, Denial Of Service in Internet Explorer for MS Windows Mobile 5.0 (11.02.2007)

ImageMagick buffer overflow
updated since 15.08.2006
Published:11.02.2007
Source:
SecurityVulns ID:6494
Type:library
Threat Level:
5/10
Description:SGI, PALM, DCM graphics format parsing buffer overflows.
Affected:IMAGEMAGICK : ImageMagick 6.2
 IMAGEMAGIC : ImageMagick 6.3
 GRAPHICSMAGIC : GraphicsMagick 1.1
CVE:CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.)
 CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.)
Original documentdocumentMANDRIVA, [ MDKSA-2007:041 ] - Updated ImageMagick packages fix buffer overflow vulnerability (11.02.2007)
 documentGENTOO, [ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows (25.11.2006)
 documentDamian Put, [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (15.08.2006)
Files:Example crafted SGI file crash ImageMagick

Sun Solaris unauthorized access
updated since 11.02.2007
Published:01.03.2007
Source:
SecurityVulns ID:7211
Type:remote
Threat Level:
10/10
Description:User's pasword is not checked in telnet session if F flag is set. On older versions defining TTYPROMPT variable allows unauthorized access with bin group privileges. Vulnerability is used by internet worm.
Affected:SUN : Solaris 2.6
 ORACLE : Solaris 8
 SUN : Solaris 7
 ORACLE : Solaris 10
 ORACLE : Solaris 11
CVE:CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA07-059A -- Sun Solaris Telnet Worm (01.03.2007)
 documentThierry Zoller, Re[2]: Solaris telnet vulnberability - how many on your network? (22.02.2007)
 documentkingcope_(at)_gmx.net, [Full-disclosure] "0day was the case that they gave me" (11.02.2007)
Files:SunOS 5.10/5.11 in.telnetd Remote Exploit
 “0day was the case that they gave me” - SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod