Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Visual Studio 64-bit time functions DoS
Published:13.02.2007
Source:
SecurityVulns ID:7216
Type:library
Threat Level:
5/10
Description:Invalid use of assert()-style macro causes application termination for time_t values behind _MAX__TIME64_T (January, 1 3000).
CVE:CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.)
Original documentdocument3APA3A, SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000). (13.02.2007)
Files:Sets file date to September, 27 14896
 Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.02.2007
Source:
SecurityVulns ID:7217
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JPORTAL : Jportal 2.3
 JOOMLA : Joomla! 1.0
 DOTCLEAR : Dotclear 1.2
 CPANEL : cPanel 11
CVE:CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.)
 CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.)
 CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.)
 CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.)
 CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.)
 CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.)
 CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.)
 CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.)
 CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.)
Original documentdocumentcrazy_king_(at)_eno7.org, Inertia News Remote File İnclude (13.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in eWay (13.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in lighttpd (13.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in communityserver ! (13.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in JBoss Portal (13.02.2007)
 documentme you, Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability (13.02.2007)
 documentclaxus_(at)_gmail.com, Radical Technologies - Portal Search- multiple XSS issue (13.02.2007)
 documentdzitu_(at)_poczta.fm, Jportal 2.3.1 CSRF vulnerability (13.02.2007)
 documentraphael.huck_(at)_free.fr, DotClear Full Path Disclosure Vulnerability (13.02.2007)

Miniwebsvr web server directory traversal
Published:13.02.2007
Source:
SecurityVulns ID:7218
Type:remote
Threat Level:
4/10
Description:It's possible to retrieve parent directory listing with /..%00 request.
Affected:MINIWEBSVR : Miniwebsvr 0.0
CVE:CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.)
Original documentdocumentDaniel Nyström, Miniwebsvr 0.0.6 - Directory traversal (13.02.2007)
Files:Exploits MiniWebsvr 0.0.7 Directory transversal vulnerability

PHP str_ireplace DoS
Published:13.02.2007
Source:
SecurityVulns ID:7219
Type:local
Threat Level:
5/10
Description: $Data = str_ireplace("\n", "<br>", $Data); can cause PHP engine to crash Because of off-by-one overflow.
Affected:PHP : PHP 5.2
CVE:CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).)
Original documentdocumentThomas Hruska, [PHP-DEV] PHP 5.2.1 crashing Apache/IIS... (13.02.2007)

Aruba Mobility Controller multiple security vulnerabilities
Published:13.02.2007
Source:
SecurityVulns ID:7220
Type:remote
Threat Level:
5/10
Description:Unauthorized access to management interface thorugh wireless network. Buffer overflow
Affected:ARUBA : Aruba Mobility Controller 200
 ARUBA : Aruba Mobility Controller 600
 ARUBA : Aruba Mobility Controller 2400
 ARUBA : Aruba Mobility Controller 6000
 ALCATEL : Lucent OmniAccess Wireless 4300
 ALCATEL : Lucent OmniAccess Wireless 6000
CVE:CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.)
 CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.)
Original documentdocumentsecurity_(at)_nruns.com, [Full-disclosure] Aruba Mobility Controller Management Buffer Overflow (13.02.2007)
 documentsecurity_(at)_nruns.com, [Full-disclosure] Aruba Networks - Unauthorized Administrative and WLAN Access through Guest Account (13.02.2007)

MIMEDefung buffer overflow
Published:13.02.2007
Source:
SecurityVulns ID:7221
Type:remote
Threat Level:
5/10
CVE:CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.)

Tiny FTPd buffer overflow
Published:13.02.2007
Source:
SecurityVulns ID:7222
Type:remote
Threat Level:
5/10
Description:Buffer overflow in User command
Affected:TINYFTPD : Tiny FTPd 1.4
CVE:CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133.)
 CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.)
Files:Tiny FTPd 0.52 beta3 Buffer Overflow

Microsoft Windows Shell Hardware Detection privilege escalation
Published:13.02.2007
Source:
SecurityVulns ID:7224
Type:local
Threat Level:
6/10
Description:Parameter of function executed during hardware detection is not validated.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) (13.02.2007)
Files:Microsoft Security Bulletin MS07-006 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

Microsoft Windows Image Acquisition Service buffer overflow
Published:13.02.2007
Source:
SecurityVulns ID:7225
Type:local
Threat Level:
6/10
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-007 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) (13.02.2007)
Files:Microsoft Security Bulletin MS07-007 Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)

Microsoft Windows HTML Help ActiveX code execution
Published:13.02.2007
Source:
SecurityVulns ID:7226
Type:client
Threat Level:
7/10
Description:It's possible to access unsafe functions from web page. Vulnerability can be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) (13.02.2007)
Files:Microsoft Security Bulletin MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)

Microsoft Malware Protection integer overflow
Published:13.02.2007
Source:
SecurityVulns ID:7228
Type:remote
Threat Level:
8/10
Description:Integer overflow on PDF files parsing.
Affected:MICROSOFT : Windows Live OneCare
 MICROSOFT : Microsoft Antigen
 MICROSOFT : Windows Defender
 MICROSOFT : Microsoft Forefront Security
CVE:CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-010 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135) (13.02.2007)
Files:Microsoft Security Bulletin MS07-010 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)

Microsoft Windows OLE dialog memory corruption
Published:13.02.2007
Source:
SecurityVulns ID:7229
Type:client
Threat Level:
7/10
Description:Memory corruption on RTF-embedded OLE object. Can be used for hideen malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-011 Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) (13.02.2007)
Files:Microsoft Security Bulletin MS07-011 Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)

Microsoft Windows RiсhEdit control memory corruption
Published:13.02.2007
Source:
SecurityVulns ID:7231
Type:client
Threat Level:
7/10
Description:Memory corruption in RF-enbedded OLE object can be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) (13.02.2007)
Files:Microsoft Security Bulletin MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)

Microsoft Step-by-Step Interactive Training buffer overflow
updated since 13.02.2007
Published:14.02.2007
Source:
SecurityVulns ID:7223
Type:client
Threat Level:
5/10
Description:Buffer overflow on bokmarks files handling (.cbl, .cbm, .cbo).
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.)
Original documentdocumentBrett Moore, MS Interactive Training .cbo Overflow (14.02.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-005 (13.02.2007)
Files:Microsoft Security Bulletin MS07-005 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

Multiple Microsoft Office vulnerabilities
updated since 13.02.2007
Published:14.02.2007
Source:
SecurityVulns ID:7232
Type:client
Threat Level:
6/10
Description:Multiple vulnerabilities with different object types handling.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.)
 CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.)
 CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.)
 CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.)
 CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.)
 CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.)
 CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.)
 CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.)
 CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.)
 CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.)
Original documentdocumentMICROSOF, Microsoft Security Bulletin MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) (13.02.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) (13.02.2007)
Files:Microsoft Security Bulletin MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)
 Microsoft Security Bulletin MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)

Microsoft MFC memory corruption
updated since 13.02.2007
Published:16.03.2007
Source:
SecurityVulns ID:7230
Type:client
Threat Level:
7/10
Description:Memory corruption on RTF files parsing. Can be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.)
 CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the the AfxOleSetEditMenu function in MFC42u.dll.)
Original documentdocumentgssincla_(at)_nnlsoftware.com, MS07-012 Not Fixed (16.03.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) (13.02.2007)
Files:Microsoft Security Bulletin MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)

Microsoft Data Access Components code execution
updated since 13.02.2007
Published:26.03.2007
Source:
SecurityVulns ID:7227
Type:client
Threat Level:
7/10
Description:ADODB.Connection NextRecordset() / Execute() double free() vulnerability. Can be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Microsoft Data Access Components 2.5
 MICROSOFT : Microsoft Data Access Components 2.8
CVE:CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) (13.02.2007)
Files:Microsoft Internet Explorer ADODB.Recordset Double Free Memory Exploit (ms07-009)
 Microsoft Security Bulletin MS07-009 Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod