 |
|
|
|
Microsoft Windows GDI+ library DoS
updated since 11.06.2007 | | Published: |  | 12.06.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7788 | | Type: |  | library | | Level: |  | 5/10 | | Description: |  | Division by zero on .ICO files parsing. |
Microsoft Visio multiple security vulnerabilities
updated since 12.06.2007 | | Published: | | 12.06.2007 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 7804 | | Type: | | client | | Level: | | 6/10 | | Description: | | Multiple memory corruptions. |
| Affected: |  | MICROSOFT : Visio 2002 | | | | MICROSOFT : Visio 2003 | | CVE: |  | CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability.") | | | | CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.) |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.06.2007 | | Published: | | 12.06.2007 | | Source: | | | | SecurityVulns ID: | | 7797 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Windows Privacy Tray identiy spoofing | | Published: | | 12.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7799 | | Type: | | client | | Level: | | 5/10 | | Description: | | It's possible to spoof sender identity during message displaying. |
| PHP parse_str variables overwrite | | Published: | | 12.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7802 | | Type: | | library | | Level: | | 5/10 | | Description: | | Insufficient arguments validation allows to overwrite internal variables. |
| Arris Cadant C3 CMTS DoS | | Published: | | 12.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7803 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS on IP options processing. |
| Affected: | | ARRIS : Cadant C3 | | CVE: | | CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.) |
| Microsoft Windows Vista weak security permissions | | Published: | | 12.06.2007 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 7806 | | Type: | | local | | Level: | | 6/10 | | Description: | | Weak permissions for files and registry entries. |
| Affected: | | MICROSOFT : Windows Vista | | CVE: | | CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability.") |
| Microsoft Windows APi code execution | | Published: | | 12.06.2007 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 7809 | | Type: | | client | | Level: | | 9/10 | | Description: | | Insufficient validation of function arguments. |
| Ace-FTP FTP client buffer overflow | | Published: | | 12.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7798 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on parsing server banner. |
| Cisco Trust Agent for Mac OS X privilege escalation | | Published: | | 12.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7800 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to manipulate system settings with root permissions while message is displayed during user logon. |
Microsoft Windows Secure Channle DoS
updated since 12.06.2007 | | Published: | | 13.06.2007 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 7805 | | Type: | | library | | Level: | | 6/10 | | Description: | | Service hangs on SSL/TLS handshake parsing. |
Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.06.2007 | | Published: | | 13.06.2007 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 7807 | | Type: | | client | | Level: | | 9/10 | | Description: | | Multiple memory corruptions, content spoofing. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows 2003 | | | | MICROSOFT : Windows Vista | | CVE: | | CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability.") | | | | CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.) | | | | CVE-2007-1752 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-1499. Reason: This candidate is a duplicate of CVE-2007-1499. Notes: All CVE users should reference CVE-2007-1499 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.) | | | | CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability.") | | | | CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.) | | | | CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.) |
Apple Safari for Windows commands execution
updated since 12.06.2007 | | Published: | | 13.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7801 | | Type: | | client | | Level: | | 6/10 | | Description: | | Shell characters problem on protocol handlers invocation. Format string vulnerability. |
Microsoft Outlook Express / Windows Mail multiple security vulnerabilities
updated since 12.06.2007 | | Published: | | 22.06.2007 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 7808 | | Type: | | client | | Level: | | 8/10 | | Description: | | Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs. |
| Affected: | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | CVE: | | CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.") | | | | CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability.") | | | | CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).) | | | | CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability.") |
|
|
|
|
|
|
|
|
