 |
|
|
|
XnView buffer overflow
updated since 12.07.2007 | | Published: |  | 12.07.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7923 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | Buffer overflow on parsing XPM image files. |
| Affected: |  | XNVIEW : XnView 1.90 | | CVE: |  | CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.) |
| Original document |  | GENTOO, [ GLSA 200707-06 ] XnView: Stack-based buffer overflow (12.07.2007) |
| IPSwitch WS_FTP logging daemon DoS | | Published: | | 12.07.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7924 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Denial of service UDP/515 on network packet parsing. |
| Affected: | | IPSWITCH : WS_FTP 7.5 |
| Original document | | Jared DeMott, [Full-disclosure] IPSwitch WS_FTP Logging Server Remote Denial of Service -- a VDA Labs, LLC discovery (12.07.2007) |
| Multiple applications security vulnerabilities | | Published: | | 12.07.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7928 | | Level: | | 5/10 | | Description: | | Mozilla Firefox pop-ups DoS, Microsoft Register Server DoS, FreeWRL ActiveX memory corruption, Nonnoi ASP Barcode files overwrite, Eltima Software VSPAX DoS, Media Player Classic memory corruption, Eltima Software RunService AX DoS, Symantec Norton Ghost ActiveX DoS and code execution, ctiveReportsExcelReport, NMSDVDXLib, InnovaDSXP2.OCX ActiveX DoS. |
| Affected: | | MOZILLA : Firefox 2.0 | | | | FREEWRL : FreeWRL 1.19 | | | | MPC : Media Player Classic 6.4 | | | | SYMANTEC : Norton Ghost 12.0 |
| Original document | | sapheal_(at)_hack.pl, [Eleytt] 7LIPIEC2007 (12.07.2007) |
Adobe Flash player multiple security vulnerabilities
updated since 12.07.2007 | | Published: | | 12.07.2007 | | Source: | | CERT | | SecurityVulns ID: | | 7927 | | Type: | | client | | Level: | | 8/10 | | Description: | | Multiple vulnerabilities lead to code execution and denial of service. |
| Affected: | | ADOBE : Flash Player 9.0 | | | | ADOBE : Flash Player 7.070 | | | | ADOBE : Flex 2.0 | | | | ADOBE : Flash CS3 Professional | | | | ADOBE : Flash Basic | | | | ADOBE : Flash Player 8.0. | | CVE: | | CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file.) | | | | CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.) |
| Original document | | Minded Security Research Labs, [MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution (14.07.2007) |
| | | CERT, US-CERT Technical Cyber Security Alert TA07-192A -- Adobe Flash Player Updates for Multiple Vulnerabilities (12.07.2007) |
SquirrelMail PGP plugin unfiltered shell characters
updated since 11.07.2007 | | Published: | | 12.07.2007 | | Source: | | SECURITEAM | | SecurityVulns ID: | | 7918 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Unfiltered shell characters on external application invocation in fpr parameter of keyring_main.php script and in different places. |
| Original document | | IDEFENSE, iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability (12.07.2007) |
| | | IDEFENSE, iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability (12.07.2007) |
| | | IDEFENSE, iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability (12.07.2007) |
| | | IDEFENSE, iDefense Security Advisory 07.11.07: SquirrelMail G/PGP Plugin gpg_check_sign_pgp_mime() Command Injection Vulnerability (12.07.2007) |
| | | does_not_exist_(at)_jmp-esp.kicks-ass.net, SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability (11.07.2007) |
| | | SECURITEAM, [EXPL] SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability (11.07.2007) |
| Symantec Backup buffer overflow | | Published: | | 12.07.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7921 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow in RPC/based service (TCP/6106). |
| Affected: | | SYMANTEC : Backup Exec 10 |
| Original document | | IDEFENSE, iDefense Security Advisory 07.11.07: Symantec Backup Exec RPC Remote Heap Overflow Vulnerability (12.07.2007) |
| 3COM Tippingpoint multiple protection bypass ways | | Published: | | 12.07.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7919 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Invalid fragmented IP reassembly, some attacks against IIS may pass undetected. |
| Affected: | | 3COM : TippingPoint 2.1 | | | | 3COM : TippingPoint 2.2 |
| Original document | | Paul Craig, TippingPoint IPS Signature Evasion (12.07.2007) |
| | | Andres Riancho, TippingPoint detection bypass (12.07.2007) |
| Cisco Unified Communications Manager / Presence Server multiple security vulnerabilities | | Published: | | 12.07.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7920 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Unauthorized SNMP access, buffer overflow in Certificate Trust List (TCP/2444) and Real-Time Information Server Data Collector (TCP/2556). |
| Affected: | | CISCO : Cisco Unified CallManager 5.0 | | | | CISCO : Cisco Unified CallManager 4.1 | | | | CISCO : Cisco Unified CallManager 4.2 | | | | CISCO : Cisco Unified CallManager 4.3 | | | | CISCO : Cisco Unified CallManager 5.1 | | | | CISCO : Cisco Unified CallManager 3.3 | | | | CISCO : Cisco Unified Communications Manager 5.1 | | | | CISCO : Cisco Unified Presence Server 1.0 |
| Original document | | CISCO, Cisco Security Advisory: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities (12.07.2007) |
| | | CISCO, Cisco Security Advisory: Cisco Unified Communications Manager Overflow Vulnerabilities (12.07.2007) |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.07.2007 | | Published: | | 12.07.2007 | | Source: | | | | SecurityVulns ID: | | 7926 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | DVBBS : Dvbbs 7.1 | | CVE: | | CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.) |
| |
|
| |
