 |
|
|
|
| McAfee multiple antiviral products Security Center ActiveX buffer overflow | | Published: |  | 12.05.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7699 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | Buffer overflow in IsOldAppInstalled() function. |
| Affected: |  | MCAFEE : Security Center 7.2 | | | | MCAFEE : Security Center 6.0 | | | | MCAFEE : Virus Scan 10.0 |
| Original document |  | IDEFENSE, iDefense Security Advisory 05.08.07: McAfee Security Center IsOldAppInstalled ActiveX Buffer Overflow Vulnerability (12.05.2007) |
| PHP libxmlrpc buffer overflow | | Published: | | 12.05.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7704 | | Type: | | library | | Level: | | 6/10 |
| Affected: | | PHP : PHP 4.4 | | | | PHP : PHP 5.2 | | CVE: |  | CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.) |
| Novell NetMail buffer overflow | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7706 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Stack based overflow in NMDMC.EXE on SSL access. |
| Affected: | | NOVELL : NetMail 3.52 |
| Original document | | IDEFENSE, iDefense Security Advisory 05.10.07: Novell NetMail NMDMC Buffer Overflow Vulnerability (12.05.2007) |
| Apple Darwin Streaming Proxy multiple buffer overflows | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7707 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple buffer overflows on parsing different commands. |
| Affected: | | APPLE : Darwin Streaming Proxy 4.1 |
| Original document | | IDEFENSE, iDefense Security Advisory 05.10.07: Apple Darwin Streaming Proxy Multiple Vulnerabilities (12.05.2007) |
| TFTPdWin TFTP server directory traversal | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7708 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | TFTPDWIN : TFTPdWin 0.4 |
| Original document | | VulnerabilityResearch_(at)_digitaldefense.net, TFTPdWin 0.4.2 Server Directory Traversal Vulnerability (12.05.2007) |
Apple QuickTime / iTunes multiple vulnerabilities
updated since 12.01.2006 | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5620 | | Type: | | client | | Level: | | 6/10 | | Description: | | Heap overflow on GIF images parsing, stack overflow on QTIF parsing, heap overflow on video samples parsing. |
| Affected: | | APPLE : QuickTime 7.0 | | CVE: | | CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.) |
| Original document | | 3COM, TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability (12.05.2007) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory: "Apple QuickTime Player ImageWidth Integer Overflow Vulnerability" (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability" (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory: Apple Quick Time Player ImageWidth Denial of Service Vulnerability (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Acces (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability (13.01.2006) |
| | | CERT, US-CERT Technical Cyber Security Alert TA06-011A -- Apple QuickTime Vulnerabilities (12.01.2006) |
| | | EEYE, [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow (12.01.2006) |
| | | EEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006) |
| | | EEYE, [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow (12.01.2006) |
| | | EEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006) |
CA eTrust antivirus multiple security vulnerabilities
updated since 11.05.2007 | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7696 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Local buffer overflow in task scheduler, remote buffer overflow in antiviral server (TCP/12168). |
| Affected: | | CA : eTrust Integrated Threat Management 8 | | | | CA : eTrust AntiVirus Server 8 | | | | CA : eTrust Antivirus Agent 8 | | | | CA : CA Anti-Spyware 8 | | | | CA : CA Protection Suites 3 | | CVE: | | CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.) | | | | CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.) |
| Original document | | CA, [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and CA Anti-Spyware Console Login and File Mapping Vulnerabilities (12.05.2007) |
| | | binagres_(at)_gmail.com, Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability (11.05.2007) |
| | | ZDI, ZDI-07-028: CA eTrust AntiVirus Server inoweb Buffer Overflow Vulnerability (11.05.2007) |
| | | IDEFENSE, iDefense Security Advisory 05.09.07: Computer Associates eTrust InoTask.exe Antivirus Buffer Overflow Vulnerability (11.05.2007) |
| vim sandbox protection bypass | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7697 | | Type: | | local | | Level: | | 5/10 | | Description: | | Potentially dangerous functions are allowed in modeline processing. |
| Affected: | | VIM : vim 7.0 | | CVE: | | CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.) |
| Original document | | MANDRIVA, [ MDKSA-2007:101 ] - Updated vim packages fix vulnerability (12.05.2007) |
| Sun Solaris srsexec unauthorized files accesss | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7705 | | Type: | | local | | Level: | | 5/10 | | Description: | | By using combination of -d and -v command line options it's possible to read first line of any file. |
| Affected: | | SUN : Solaris 10 |
| Original document | | IDEFENSE, iDefense Security Advisory 05.10.07: Sun Microsystems Solaris SRS Proxy Core srsexec Arbitrary File Read Vulnerability (12.05.2007) |
| ISC BIND named DoS | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7698 | | Type: | | remote | | Level: | | 6/10 | | Description: | | DoS on SOA records processing if recursion is enabled. |
| Affected: | | ISC : bind 9.4 | | | | ISC : bind 9.5 | | CVE: | | CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.) |
| Original document | | MANDRIVA, [ MDKSA-2007:100 ] - Updated bind packages fix vulnerability (12.05.2007) |
| Symantec Norton Internet Security Code Execution | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7701 | | Type: | | client | | Level: | | 5/10 | | Description: | | Invalid processing of exceptional conditions allows to access ActiveX not makrked as safe for scripting. |
| Affected: | | SYMANTEC : Norton Internet Security 2006 | | | | SYMANTEC : Norton Antivirus 2006 | | CVE: | | CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.) |
| Original document | | IDEFENSE, iDefense Security Advisory 05.09.07: Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability (12.05.2007) |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.05.2007 | | Published: | | 12.05.2007 | | Source: | | | | SecurityVulns ID: | | 7702 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| |
|
| |
