Computer Security
[EN] securityvulns.ru no-pyccku


IBM AIX libodm buffer overflow
Published:11.07.2007
Source:
SecurityVulns ID:7913
Type:local
Threat Level:
5/10
Description:Buffer overflow on ODMPATH environment variable parsing.
Affected:IBM : AIX 5.3
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.09.07: IBM AIX libodm ODMPATH Stack Overflow Vulnerability (11.07.2007)

AVG antivirus privilege escalation
Published:11.07.2007
Source:
SecurityVulns ID:7914
Type:local
Threat Level:
5/10
Description:IOCTL 0x5348E004 allows unprivileged user to write kernel memory.
Affected:AVG : AVG Antivirus 7.5
Original documentdocumentjohn-lindsay_(at)_ngssoftware.com, Advisory: Arbitrary kernel mode memory writes in AVG (11.07.2007)

Microsoft Windows Active Directory array overflow
updated since 10.07.2007
Published:11.07.2007
Source:
SecurityVulns ID:7910
Type:remote
Threat Level:
7/10
Description:Array index overflow on LDAP request parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.)
 CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes.")
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Low Risk Vulnerability in Active Directory (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (10.07.2007)
Files:Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)

Sun Java Webstart buffer overflow
updated since 10.07.2007
Published:11.07.2007
Source:
SecurityVulns ID:7903
Type:client
Threat Level:
8/10
Description:Buffer overflow on JNLP file parsing.
Affected:ORACLE : JRE 5
 ORACLE : JRE 6
Original documentdocumentBrett Moore, SUN Java JNLP Overflow (11.07.2007)
 documentEEYE, EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability (10.07.2007)
Files:Java Web Start Buffer Overflow POC Exploit

ISS Proventia Appliance multiple security vulnerabilities
Published:11.07.2007
Source:
SecurityVulns ID:7917
Type:remote
Threat Level:
5/10
Description:SSH user accounts detection, crossite scripting, PHP include, protection bypass.
Affected:ISS : Proventia GX5108
 ISS : Proventia GX5008
Original documentdocumentSECURITEAM, [REVS] Having Fun with Sensor Appliance Proventia GX5108 and GX5008 Insecurities (Part One) (11.07.2007)

VisionSoft Audit multiple security vulnerabilities
Published:11.07.2007
Source:
SecurityVulns ID:7916
Type:remote
Threat Level:
5/10
Description:Buffer overflow, arbitrary files overwrite, information leak.
Affected:VISIONSOFT : Visionsoft Audit 12.4
Original documentdocumentadvisories_(at)_portcullis-security.com, Portcullis Security Advisory 06-046 (11.07.2007)
 documentadvisories_(at)_portcullis-security.com, Portcullis Security Advisory 06-039 (11.07.2007)
 documentadvisories_(at)_portcullis-security.com, Portcullis Security Advisory 06-040 (11.07.2007)
 documentadvisories_(at)_portcullis-security.com, Portcullis Security Advisory 06-041 (11.07.2007)

ClmAV antivirus / unrar denial of service
Published:11.07.2007
Source:
SecurityVulns ID:7915
Type:library
Threat Level:
6/10
Description:NULL pointer dereference on RAR archive parsing.
Affected:CLAMAV : ClamAV 0.90
 RARSOFT : unrar 3.70
Original documentdocumentNoam Rathaus, Re: [Full-disclosure] Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. (11.07.2007)
 documentMetaeye SG, [Full-disclosure] Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability. (11.07.2007)

Microsoft Publisher memory corruption
updated since 10.07.2007
Published:11.07.2007
Source:
SecurityVulns ID:7908
Type:client
Threat Level:
6/10
Description:Memory corruption on .PUB files parsing.
Affected:MICROSOFT : Publisher 2007
CVE:CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".)
Original documentdocumentEEYE, EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-037 - Important Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548) (10.07.2007)
Files:Microsoft Security Bulletin MS07-037 - Important Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)

Zenturi Program Checker Pro ActiveX buffer overflow
Published:11.07.2007
Source:
SecurityVulns ID:7912
Type:remote
Threat Level:
5/10
Description:Buffer overflow in Fill method.
Original documentdocumentGOODFELLAS SRT, [Full-disclosure] [GOODFELLAS - VULN] sasatl.dll 1.5.0.531 Program Checker - Javascript Heap Spraying Exploit (11.07.2007)
Files:Program Checker - Javascript Heap Spraying Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod