Computer Security
[EN] securityvulns.ru no-pyccku


Progress database server buffer overflow
Published:13.07.2007
Source:
SecurityVulns ID:7931
Type:remote
Threat Level:
7/10
Description:Buffer overflow in network service TCP/5220, TCP/5230. Progress is installed by diffgerent RSA products.
Affected:RSA : RSA ACE/Server 5.2
 RSA : RSA Authentication Manager 6.0
 RSA : RSA SecurID Appliance 2.0
 RSA : RSA Authentication Manager 6.1
CVE:CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.)
Original documentdocument3COM, [Full-disclosure] TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability (13.07.2007)

XFS rc script race conditions
Published:13.07.2007
Source:
SecurityVulns ID:7933
Type:local
Threat Level:
6/10
Description:Insecure usage of chown for temporary file allows to change ownersip of arbitrary file.
CVE:CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability (13.07.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 13.07.2007
Published:13.07.2007
Source:
SecurityVulns ID:7929
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OSCOMMERCE : osCommerce 2.2
 GOOGLE : Google Custom Search Engine
 ALTAVISTA : AltaVista local engine
 ACTIVEWEB : activeWeb contentserver 5.6
 SITESCAPE : SiteScape 7.2
 YANDEX : Yandex.Server
CVE:CVE-2007-3484 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.")
 CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.)
 CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.)
 CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).)
 CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.)
Original documentdocumentMustLive, MOSEB-07 Bonus: Vulnerabilities in Yandex.Server (15.07.2007)
 documentMustLive, Vulnerabilities in Yandex.Server (15.07.2007)
 documentMustLive, Vulnerability in AltaVista local search engine (15.07.2007)
 documentMarc Ruef, [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting (13.07.2007)
 documentMarc Ruef, [Full-disclosure] [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting (13.07.2007)
 documentdoes_not_exist_(at)_jmp-esp.kicks-ass.net, MkPortal - Multiple SQL Injection Vulnerabilities (13.07.2007)
 documentRedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings (13.07.2007)
 documentRedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Editor Permission Settings Problem (13.07.2007)
 documentRedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS SQL Injection Management Interface (13.07.2007)
 documentRedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content (13.07.2007)
 documentDebasis Mohanty, Re: [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings (13.07.2007)
 documentmatrix_killer ma3x, osCommerce Online Merchant v2.2 RC1 local include bug (13.07.2007)
 documentMustLive, MOSEB-15 Bonus: Vulnerability in Google Custom Search Engine (13.07.2007)
 documentMustLive, MOSEB-12 Bonus: Vulnerability in AltaVista (13.07.2007)
 documentMustLive, Vulnerability in Google Custom Search Engine (13.07.2007)

libarchive multiple security vulnerabilities
Published:13.07.2007
Source:
SecurityVulns ID:7934
Type:library
Threat Level:
5/10
Description:Memory corruption, buffer overflow, NULL pointer dereference.
Affected:FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
 FREEBSD : FreeBSD 6.2
CVE:CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.)
 CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.)
 CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-07:05.libarchive (13.07.2007)

Apple QuickTime buffer overflow
updated since 12.07.2007
Published:13.07.2007
Source:
SecurityVulns ID:7925
Type:library
Threat Level:
7/10
Description:Buffer overflow on SMIL format parsing.
Affected:APPLE : QuickTime 7.1
CVE:CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA07-193A -- Apple Releases Security Updates for QuickTime (13.07.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability (12.07.2007)

XMLDSIG code execution
Published:13.07.2007
Source:
SecurityVulns ID:7935
Type:library
Threat Level:
6/10
Description:Multiple vulnerabilities on XML signatures validation.
Affected:SUN : JWSDP 2.0
 SUN : Sun Java System Web Server 7.0
 SUN : Sun Java System Application Server 8.2
 SUN : Sun Java System Application Server 9.0
 ORACLE : JRE 6
 IAIK : XML Security Toolkit 1.09
 IAIK : XML Signature Library 1.2
 SUN : JSR 105
 SUN : JWSDP 1.5
Original documentdocumentbrad_(at)_isecpartners.com, Command Injection in XML Digital Signatures (13.07.2007)

Symantec Antivirus multiple buffer overflows
Published:13.07.2007
Source:
SecurityVulns ID:7930
Type:remote
Threat Level:
7/10
Description:Buffer overflows on CAB, RAR archives parsing.
CVE:CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.)
 CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.)
Original documentdocument3COM, [Full-disclosure] ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability (13.07.2007)
 documentZDI, [Full-disclosure] ZDI-07-039: Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability (13.07.2007)

Perl Net::DNS package multiple security vulnerabilities
updated since 13.07.2007
Published:17.12.2007
Source:
SecurityVulns ID:7932
Type:library
Threat Level:
5/10
Description:Weak DNS ID generation allows response spoofing, DoS on parsing DNS request.
Affected:PERL : Net::DNS 0.59
 PERL : Net::DNS 0.60
CVE:CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.)
 CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.)
 CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.)
Original documentdocumentSECURITEAM, [UNIX] Net::DNS Malformed Packet DoS (17.12.2007)
 documentMANDRIVA, [Full-disclosure] [ MDKSA-2007:146 ] - Updated perl-Net-DNS packages fix multiple vulnerabilities (13.07.2007)
Files:Exploits Net::DNS Malformed Packet DoS

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod