 |
|
|
|
| Progress database server buffer overflow | | Published: |  | 13.07.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7931 | | Type: |  | remote | | Level: |  | 7/10 | | Description: |  | Buffer overflow in network service TCP/5220, TCP/5230. Progress is installed by diffgerent RSA products. |
| XFS rc script race conditions | | Published: | | 13.07.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7933 | | Type: | | local | | Level: | | 6/10 | | Description: | | Insecure usage of chown for temporary file allows to change ownersip of arbitrary file. |
| CVE: |  | CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.) |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 13.07.2007 | | Published: | | 13.07.2007 | | Source: | | | | SecurityVulns ID: | | 7929 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | OSCOMMERCE : osCommerce 2.2 | | | | GOOGLE : Google Custom Search Engine | | | | ALTAVISTA : AltaVista local engine | | | | ACTIVEWEB : activeWeb contentserver 5.6 | | | | SITESCAPE : SiteScape 7.2 | | | | YANDEX : Yandex.Server | | CVE: | | CVE-2007-3484 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.") | | | | CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.) | | | | CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.) | | | | CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).) | | | | CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.) |
| Original document |  | MustLive, MOSEB-07 Bonus: Vulnerabilities in Yandex.Server (15.07.2007) |
| | | MustLive, Vulnerabilities in Yandex.Server (15.07.2007) |
| | | MustLive, Vulnerability in AltaVista local search engine (15.07.2007) |
| | | Marc Ruef, [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting (13.07.2007) |
| | | Marc Ruef, [Full-disclosure] [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting (13.07.2007) |
| | | does_not_exist_(at)_jmp-esp.kicks-ass.net, MkPortal - Multiple SQL Injection Vulnerabilities (13.07.2007) |
| | | RedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings (13.07.2007) |
| | | RedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Editor Permission Settings Problem (13.07.2007) |
| | | RedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS SQL Injection Management Interface (13.07.2007) |
| | | RedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content (13.07.2007) |
| | | Debasis Mohanty, Re: [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings (13.07.2007) |
| | | matrix_killer ma3x, osCommerce Online Merchant v2.2 RC1 local include bug (13.07.2007) |
| | | MustLive, MOSEB-15 Bonus: Vulnerability in Google Custom Search Engine (13.07.2007) |
| | | MustLive, MOSEB-12 Bonus: Vulnerability in AltaVista (13.07.2007) |
| | | MustLive, Vulnerability in Google Custom Search Engine (13.07.2007) |
| libarchive multiple security vulnerabilities | | Published: | | 13.07.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7934 | | Type: | | library | | Level: | | 5/10 | | Description: | | Memory corruption, buffer overflow, NULL pointer dereference. |
| Affected: | | FREEBSD : FreeBSD 6.1 | | | | FREEBSD : FreeBSD 5.5 | | | | FREEBSD : FreeBSD 6.2 | | CVE: | | CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.) | | | | CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.) | | | | CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.) |
Apple QuickTime buffer overflow
updated since 12.07.2007 | | Published: | | 13.07.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7925 | | Type: | | library | | Level: | | 7/10 | | Description: | | Buffer overflow on SMIL format parsing. |
| Affected: | | APPLE : QuickTime 7.1 | | CVE: | | CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.) |
| XMLDSIG code execution | | Published: | | 13.07.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7935 | | Type: | | library | | Level: | | 6/10 | | Description: | | Multiple vulnerabilities on XML signatures validation. |
| Symantec Antivirus multiple buffer overflows | | Published: | | 13.07.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7930 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflows on CAB, RAR archives parsing. |
Perl Net::DNS package multiple security vulnerabilities
updated since 13.07.2007 | | Published: | | 17.12.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7932 | | Type: | | library | | Level: | | 5/10 | | Description: | | Weak DNS ID generation allows response spoofing, DoS on parsing DNS request. |
| Affected: | | PERL : Net::DNS 0.59 | | | | PERL : Net::DNS 0.60 | | CVE: | | CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.) | | | | CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.) | | | | CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.) |
|
|
|
|
|
|
|
|
