Stegano weak cryptography
Published:		13.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7572
Type:		local
Level:		5/10
Description:		Decryption key is stored with data.

Affected:

STEGANOS : Steganos Safe 8

Original document

frankrizzo604_(at)_gmail.com, Steganos Encrypted Safe NOT so safe (13.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

Cisco Wireless Control System multiple security vulnerabilities
Published:		13.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7575
Type:		remote
Level:		6/10
Description:		Hardcoded unchangable FTP server account, privilege escalation thorugh group membership, information leaks.

Affected:		CISCO : Cisco Wireless Control System 4.0
CVE:		CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.)
		CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.)
		CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.)
		CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014.)

Original document

CISCO, Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System (13.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

eIQnetworks Enterprise Security Analyzer multiple buffer overflows
Published:		13.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7574
Type:		remote
Level:		5/10
Description:		Buffer overflow on parsing TCP/10616 ESA Server data.

Affected:		EIQNETWORKS : Enterprise Security Analyzer 2.5
CVE:		CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.)

Original document

infocus, INFIGO-2007-04-05: Enterprise Security Analyzer server remote buffer overflows (13.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

Cisco Wireless LAN Controller multiple security vulnerabilities updated since 13.04.2007
Published:		13.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7576
Type:		remote
Level:		5/10
Description:		Default SNMP communities, default passwords, DoS on Ethrenet frames parsing, multiple NPU DoS conditions, WLAN ACLs are lost during reboot.

Affected:		CISCO : Cisco Catalyst 6500
		CISCO : Cisco 4400
		CISCO : Cisco 2100
		CISCO : Cisco Catalyst 3750
		CISCO : Cisco Aironet 1000
		CISCO : Cisco Aironet 1500
CVE:		CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.)
		CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.)
		CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.)
		CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.)
		CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.)
		CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384.)

Original document

CISCO, Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points (13.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

Airodump-ng buffer overflow
Published:		13.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7578
Type:		remote
Level:		5/10
Description:		Buffer overflow on 802.11 authentication packet parsing.

Affected:		AIRODUMPNG : airodump-ng 0.7
CVE:		CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.)

Original document

jonny_(at)_nop-art.net, Aircrack-ng (airodump-ng) remote buffer overflow vulnerability (13.04.2007)

Files:		aircrack/airodump-ng (0.7) remote exploit
Discuss:		Read or add your comments to this news (0 comments)

HP Mercury Quality Center multiple security vulnerabilities updated since 03.04.2007
Published:		13.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7524
Type:		remote
Level:		5/10
Description:		SQL injection, ActiveX buffer overflow

Affected:		HP : Mercury Quality Center 9.0
CVE:		CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.)
		CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.)

Original document		HP, [security bulletin] HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution (13.04.2007)
		Isma Khan, [Full-disclosure] HP Mercury Quality Center Any SQL execution (03.04.2007)
		IDEFENSE, iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability (03.04.2007)

Files:		HP Mercury Quality Center runQuery exploit
		POC exploit for Mercury Quality Center Spider90.ocx ProgColor Overflow
Discuss:		Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		13.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7577
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		CHATNESS : Chatness 2.5
		DOTCLEAR : Dotclear 1.2
		OPENADS : Openads 2.0
		OPENADS : Max Media Manager 0.1
		OPENADS : Max Media Manager 0.3
		MEPHISTO : mephisto 0.7
		TUMUSIKA : TuMusika Evolution 1.6
		PHPWEBNEWS : phpwebnews 1
		FAC : FAC GuestBook 2.0
		OPENADS : Max Media Manager 0.2
		AFTERLOGIC : MailBee WebMail Pro 3.4
		PHPNUKE : Virtual War 1.5 module for PHP-Nuke
CVE:		CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.)
		CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.)
		CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.)

Original document		Janek Vind, [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke (13.04.2007)
		Aesthetico, [MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue (13.04.2007)
		nssimo nssimo, [Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability (13.04.2007)
		Matteo Beccati, [Full-disclosure] [OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed (13.04.2007)
		Matteo Beccati, [Full-disclosure] [OPENADS-SA-2007-004] Max Media Manager v0.1.29-rc and v0.3.31-alpha-pr2 vulnerability fixed (13.04.2007)
		the_3dit0r_(at)_yahoo.com, FAC GuestBook v2.0 remote database disclosure vulnerability (13.04.2007)
		the_3dit0r_(at)_yahoo.com, phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites (13.04.2007)
		the_3dit0r_(at)_yahoo.com, TuMusika Evolution 1.6 Cross Site Scripting Vulnerabilitiy (13.04.2007)
		Hanno Bock, Cross site scripting in mephisto 0.7.3 (13.04.2007)

Files:		Exploits Chatness <= 2.5.3 - Arbitrary Code Execution
Discuss:		Read or add your comments to this news (0 comments)

HP-UX pfs_mountd.rpc PFS file system daemon buffer overflow
Published:		13.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7573
Type:		remote
Level:		6/10
Description:		Buffer overflow on UDP datagrams parsing.

Affected:		HP : HP-UX 11.00
		HP : HP-UX 11.11
		HP : HP-UX 11.23
CVE:		CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2.")

Original document		HP, [security bulletin] HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote Increase in Privilege (13.04.2007)
		IDEFENSE, iDefense Security Advisory 04.12.07: Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability (13.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

ClamAV antivirus multiple vulnerabilities updated since 13.04.2007
Published:		16.04.2007
Source:		BUGTRAQ
SecurityVulns ID:		7580
Type:		remote
Level:		6/10
Description:		Buffer overflow on CAB files parsing, DoS on CHM parsing. PDF files parsing descriptors leak.

Affected:		CLAMAV : ClamAV 0.90
CVE:		CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.)
		CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.)
		CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.)

Original document		IDEFENSE, [Full-disclosure] iDefense Security Advisory 04.16.07: ClamAV CAB File Unstore Buffer Overflow Vulnerability (16.04.2007)
		SECUNIA, [SA24891] Clam AntiVirus Two Vulnerabilities (13.04.2007)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Windows DNS Server 0-day buffer overflow updated since 13.04.2007
Published:		08.05.2007
Source:		MICROSOFT
SecurityVulns ID:		7579
Type:		remote
Level:		8/10
Description:		Buffer overflow in RPC-based interface is used for remote system compromisation.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2003 Server
CVE:		CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.)

Original document		MICROSOFT, Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) (08.05.2007)
		Andres Tarasco , [Full-disclosure] Microsoft DNS Server Remote Code execution Exploit and analysis (16.04.2007)
		CERT, US-CERT Technical Cyber Security Alert TA07-103A -- Microsoft Windows DNS RPC Buffer Overflow (14.04.2007)
		MICROSOFT, Microsoft Security Advisory (935964) Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (13.04.2007)

Files:		Microsoft DNS Server Remote Code execution Exploit
		Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
Discuss:		Read or add your comments to this news (0 comments)