Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Backup buffer overflow
Published:12.07.2007
Source:
SecurityVulns ID:7921
Type:remote
Threat Level:
7/10
Description:Buffer overflow in RPC/based service (TCP/6106).
Affected:SYMANTEC : Backup Exec 10
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.11.07: Symantec Backup Exec RPC Remote Heap Overflow Vulnerability (12.07.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.07.2007
Published:12.07.2007
Source:
SecurityVulns ID:7926
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DVBBS : Dvbbs 7.1
CVE:CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.)
Original documentdocumentSusam Pal, [Full-disclosure] HomestayFinder XSS Vulnerability in Wikipedia Mirror (12.07.2007)
 documentHanno Bock, [Full-disclosure] CVE-2007-3693: Cross site scripting and information disclosure in gobi/helma (12.07.2007)
 documentCalyptix Advisories, [Full-disclosure] Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack (12.07.2007)
 documentSacha, Dotclear remote script execution (12.07.2007)
 documentRaeD Hasadya, Powered By Dvbbs Version 7.1.0 Sp1 By Pass (12.07.2007)

3COM Tippingpoint multiple protection bypass ways
Published:12.07.2007
Source:
SecurityVulns ID:7919
Type:remote
Threat Level:
5/10
Description:Invalid fragmented IP reassembly, some attacks against IIS may pass undetected.
Affected:3COM : TippingPoint 2.1
 3COM : TippingPoint 2.2
Original documentdocumentPaul Craig, TippingPoint IPS Signature Evasion (12.07.2007)
 documentAndres Riancho, TippingPoint detection bypass (12.07.2007)

Cisco Unified Communications Manager / Presence Server multiple security vulnerabilities
Published:12.07.2007
Source:
SecurityVulns ID:7920
Type:remote
Threat Level:
7/10
Description:Unauthorized SNMP access, buffer overflow in Certificate Trust List (TCP/2444) and Real-Time Information Server Data Collector (TCP/2556).
Affected:CISCO : Cisco Unified CallManager 5.0
 CISCO : Cisco Unified CallManager 4.1
 CISCO : Cisco Unified CallManager 4.2
 CISCO : Cisco Unified CallManager 4.3
 CISCO : Cisco Unified CallManager 5.1
 CISCO : Cisco Unified CallManager 3.3
 CISCO : Cisco Unified Communications Manager 5.1
 CISCO : Cisco Unified Presence Server 1.0
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities (12.07.2007)
 documentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Overflow Vulnerabilities (12.07.2007)

XnView buffer overflow
updated since 12.07.2007
Published:12.07.2007
Source:
SecurityVulns ID:7923
Type:client
Threat Level:
6/10
Description:Buffer overflow on parsing XPM image files.
Affected:XNVIEW : XnView 1.90
CVE:CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.)
Original documentdocumentGENTOO, [ GLSA 200707-06 ] XnView: Stack-based buffer overflow (12.07.2007)

IPSwitch WS_FTP logging daemon DoS
Published:12.07.2007
Source:
SecurityVulns ID:7924
Type:remote
Threat Level:
5/10
Description:Denial of service UDP/515 on network packet parsing.
Affected:IPSWITCH : WS_FTP 7.5
Original documentdocumentJared DeMott, [Full-disclosure] IPSwitch WS_FTP Logging Server Remote Denial of Service -- a VDA Labs, LLC discovery (12.07.2007)
Files:Exploits IPSwitch WS_FTP Logging Server Remote Denial of Service

Adobe Flash player multiple security vulnerabilities
updated since 12.07.2007
Published:12.07.2007
Source:
SecurityVulns ID:7927
Type:client
Threat Level:
8/10
Description:Multiple vulnerabilities lead to code execution and denial of service.
Affected:ADOBE : Flash Player 9.0
 ADOBE : Flash Player 7.070
 ADOBE : Flex 2.0
 ADOBE : Flash CS3 Professional
 ADOBE : Flash Basic
 ADOBE : Flash Player 8.0.
CVE:CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file.)
 CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.)
Original documentdocumentMinded Security Research Labs, [MSA01110707] Flash Player/Plugin Video file parsing Remote Code Execution (14.07.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-192A -- Adobe Flash Player Updates for Multiple Vulnerabilities (12.07.2007)

Multiple applications security vulnerabilities
Published:12.07.2007
Source:
SecurityVulns ID:7928
Threat Level:
5/10
Description:Mozilla Firefox pop-ups DoS, Microsoft Register Server DoS, FreeWRL ActiveX memory corruption, Nonnoi ASP Barcode files overwrite, Eltima Software VSPAX DoS, Media Player Classic memory corruption, Eltima Software RunService AX DoS, Symantec Norton Ghost ActiveX DoS and code execution, ctiveReportsExcelReport, NMSDVDXLib, InnovaDSXP2.OCX ActiveX DoS.
Affected:MOZILLA : Firefox 2.0
 FREEWRL : FreeWRL 1.19
 MPC : Media Player Classic 6.4
 SYMANTEC : Norton Ghost 12.0
Original documentdocumentsapheal_(at)_hack.pl, [Eleytt] 7LIPIEC2007 (12.07.2007)

Apple QuickTime buffer overflow
updated since 12.07.2007
Published:13.07.2007
Source:
SecurityVulns ID:7925
Type:library
Threat Level:
7/10
Description:Buffer overflow on SMIL format parsing.
Affected:APPLE : QuickTime 7.1
CVE:CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA07-193A -- Apple Releases Security Updates for QuickTime (13.07.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability (12.07.2007)

Symantec Antivirus privilege escalation
updated since 12.07.2007
Published:11.09.2007
Source:
SecurityVulns ID:7922
Type:local
Threat Level:
6/10
Description:It's possible to overwrite system memory regions with IOCTL 0x83022323 of \\symTDI\ device.
Affected:SYMANTEC : Symantec AntiVirus 5.5
Original documentdocumentSYMANTEC, Symantec Product Security: Symantec Device Driver Local Elevation of Privilege (11.09.2007)
 documentIDEFENSE, iDefense Security Advisory 07.11.07: Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability (12.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod