Computer Security
[EN] securityvulns.ru no-pyccku


NetBSD ktruser integer overflow
Published:12.03.2007
Source:
SecurityVulns ID:7387
Type:local
Threat Level:
5/10
Affected:NETBSD : NetBSD 2.0
 NETBSD : NetBSD 3.0
CVE:CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 aand 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.)

Linux setsockopt / getsockopt IPv6 DoS
Published:12.03.2007
Source:
SecurityVulns ID:7389
Type:local
Threat Level:
5/10
Description:IPV6_RTHDR option with invalid value causes system crash.
Affected:LINUX : kernel 2.6
CVE:CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.)
 CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.)

Ktorrent multiple security vulnerabilities
Published:12.03.2007
Source:
SecurityVulns ID:7390
Type:client
Threat Level:
6/10
Description:Directory traversal with torrent files and DoS conditions.
Affected:KTORRENT : KTorrent 2.1
CVE:CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.)
 CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.)
 CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.)
 CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.03.2007
Source:
SecurityVulns ID:7391
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ASSETMAN : AssetMan 2.4
 MOODLE : Moodle 1.7
 CLIPSHARE : ClipShare 1.5
 FLATCHAT : Flat Chat 2.0
 MAGICCMS : Magic CMS 4.2
CVE:CVE-2007-1456 (** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file. However, it is possible that the original researcher was referring to a different product.)
 CVE-2007-1430 (PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.)
 CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.)
 CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.)
 CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.)
Original documentdocumentz3r0 z3r0.2.z3r0, Fantastico In all Version Cpanel 10.x <= local File Include (12.03.2007)
 documentBorN To K!LL BorN To K!LL, AssetMan 2.4a <= (download_pdf.php) Remote File Disclosure Vulnerability (12.03.2007)
 documentzeus olimpusklan, [Full-disclosure] TinyMCE_exp Remote File Include Vulnerability (12.03.2007)
 documentHackers Center Security Group, Wiki Remote Authentication Bypass Vulnerability (12.03.2007)
 documentRaeD Hasadya, Remote File Include In ClipShare.v1.5.3 (12.03.2007)
 documentRaeD Hasadya, Remote File Include In Script moodle-1.7.1 (12.03.2007)
 documentRaeD Hasadya, Remote File Include In Script PHP Photo Album (12.03.2007)

RIM BlackBerry 8100 Wireless DoS
Published:12.03.2007
Source:
SecurityVulns ID:7392
Type:client
Threat Level:
5/10
Description:Resources exhaustion on activating long web link.
Affected:RIM : BlackBerry 8100
CVE:CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page.)
Original documentdocumentclappymonkey_(at)_gmail.com, [Full-disclosure] RIM BlackBerry Pearl 8100 Browser DoS (12.03.2007)

Trac content displaying vulnerability
Published:12.03.2007
Source:
SecurityVulns ID:7393
Type:client
Threat Level:
5/10
Description:Content-Disposition MIME header is not defined. Crossite scripting.
Affected:EDGEWALL : Trac 0.10
CVE:CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.)
 CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)

Plash sandbox protection bypass
Published:12.03.2007
Source:
SecurityVulns ID:7394
Type:remote
Threat Level:
5/10
Description:It's possible to execute any command via /dev/tty device.
CVE:CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl.)

FiSH IRC clients encryption plugin multiple security vulnerabilities
Published:12.03.2007
Source:
SecurityVulns ID:7395
Type:client
Threat Level:
5/10
Description:Multiple buffer overflows on different IRC messages.
CVE:CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.)

OpenBSD ICMPv6 buffer overflow
updated since 12.03.2007
Published:14.03.2007
Source:
SecurityVulns ID:7388
Type:remote
Threat Level:
8/10
Description:Buffer oveflow on fragmented IPv6 packet.
Affected:OPENBSD : OpenBSD 3.9
 OPENBSD : OpenBSD 4.0
 OPENBSD : OpenBSD 4.1
CVE:CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow (14.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod