Computer Security

Search:Vulnerability:13.12.2007
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



BarracudaDrive Web Server multiple security vulnerabilities
Published:13.12.2007
Source:BUGTRAQ
SecurityVulns ID:8442
Type:remote
Level:6/10
Description:Directory traversal, script source access, dile deletion, HTML injection, DoS.
Affected:BARRACUDASERVER : BarracudaDrive 3.7
Original documentdocumentLuigi Auriemma, Multiple vulnerabilities in BarracudaDrive 3.7.2 (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

QK SMTP Server DoS
Published:13.12.2007
Source:BUGTRAQ
SecurityVulns ID:8450
Type:remote
Level:5/10
Affected:QK : QK SMTP Server 3
Original documentdocumentjplopezy_(at)_gmail.com, QK SMTP Server 3 - Denial of service (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

OpenOffice certificate information spoofing
Published:13.12.2007
Source:BUGTRAQ
SecurityVulns ID:8451
Type:local
Level:5/10
Description:It's possible to spoof information about certificate used for signing.
Affected:OPENOFFICE : OpenOffice 2.2
 OPENOFFICE : OpenOffice 2.3
Original documentdocumentpoehls_(at)_informatik.uni-hamburg.de, OpenOffice: Duplicated, Unprotected Certificate Information shown in Signed ODF Documents (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows DirectX multiple security vulnerabilities
updated since 12.12.2007
Published:13.12.2007
Source:MICROSOFT
SecurityVulns ID:8434
Type:client
Level:8/10
Description:Synchronized Accessible Media Interchange (SAMI), WAV and AVI.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3901
 CVE-2007-3895
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.11.07: Microsoft DirectX 7 and 8 DirectShow Stack Buffer Overflow Vulnerability (13.12.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-064 – Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) (12.12.2007)
Files:Microsoft Security Bulletin MS07-064 – Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.12.2007
Published:13.12.2007
Source:MICROSOFT
SecurityVulns ID:8438
Type:client
Level:8/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-5347
 CVE-2007-5344
 CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability.")
 CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability (13.12.2007)
 documentZDI, ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability (12.12.2007)
 documentZDI, ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption (12.12.2007)
 documentZDI, ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability (12.12.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615) (12.12.2007)
Files:Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.12.2007
Source:
SecurityVulns ID:8441
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Rotabanner: crossite scripting
Affected:MKPORTAL : MKPortal 1.1
 WORDPRESS : WordPress 2.3
 BRAINHEAD : Brainhead 4.01
 SQUIRELMAIL : SquirrelMail GPG plugin 2.0
 SQUIRELMAIL : SquirrelMail GPG plugin 2.1
 ROUNDCUBE : RoundCube 0.1
 BITWEAVER : Bitweaver 2.0
 FALT4 : Falt4Extreme CMS RC4
 KAYAKO : Kayako SupportSuite
 HTDIG : htdig 3.2
CVE:CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.)
Original documentdocumentSw33t.h4cK3r_(at)_hotmail.com, SQL MKPortal M1.1 Rc1 (13.12.2007)
 documentimei, SupportSuite 3.11.01~ Multiple file ~ PHP SELF XSS (13.12.2007)
 documentAbel Cheung, WordPress Charset SQL injection vulnerability (re-resend) (13.12.2007)
 documentLiquidmatrix Security Digest, Advisory: Websense XSS Vulnerability (13.12.2007)
 documentbebe_(at)_gmail.com, SQL injection - GestDownV1.00Beta (13.12.2007)
 documentmesut_(at)_h-labs.org, Falt4 CMS Security Report/Advisory (13.12.2007)
 documentnoreply_(at)_aria-security.net, bttlxeForum Multiple SQL Injection And Cross Site Scripting (13.12.2007)
 documentHackers Center Security Group, Bitweaver XSS & SQL Injection Vulnerability (13.12.2007)
 documentkingoftheworld92_(at)_fastwebnet.it, Flat PHP Board <= 1.2 Multiple Vulnerabilities (13.12.2007)
 documentTomas Kuliavas, Unsanitized scripting in RoundCube webmail (13.12.2007)
 documentTomas Kuliavas, Two vulnerabilities in SquirrelMail GPG plugin (13.12.2007)
 documentbrainheadbrainhead_(at)_gmx.de, webSPELL 4.01.02 (calendar.php, usergallery.php) XSS Vulnerability (13.12.2007)
 documentMustLive, Vulnerabilities in RotaBanner (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

PEAR::MDB2 information leak
Published:13.12.2007
Source:BUGTRAQ
SecurityVulns ID:8445
Type:library
Level:5/10
Description:Under some conditions it's possible to proxy requests to different objects, including local files.
CVE:CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.)
Original documentdocumentGENTOO, [ GLSA 200712-05 ] PEAR::MDB2: Information disclosure (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

Переполнения буфера в Novell NetMail AntiVirus Agent
Published:13.12.2007
Source:BUGTRAQ
SecurityVulns ID:8446
Type:remote
Level:6/10
Description:Buffer overflow in avirus.exe via random TCP port.
Affected:NOVELL : NetMail 3.5
CVE:CVE-2007-6302 (Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CVE-162.")
Original documentdocumentZDI, ZDI-07-072: Novell Netmail AntiVirus Agent Multiple Overflow Vulnerabilities (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

DosBox sandbox protection bypass
Published:13.12.2007
Source:BUGTRAQ
SecurityVulns ID:8444
Type:remote
Level:5/10
Description:Any application inside emulator can use mount command to mount any folder.
Affected:DOSBOX : DOSBox 0.72
Original documentdocumentLuigi Auriemma, Filesystem access in DOSBox 0.72 (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

Meridian Prolog Manager weak encryption
Published:13.12.2007
Source:BUGTRAQ
SecurityVulns ID:8448
Type:m-i-t-m
Level:5/10
Description:Weak username/password encryption.
Original documentdocumentProlog Error, Meridian Prolog Manager Username and Plain Text Password Disclosure (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Office unsigned data
updated since 13.12.2007
Published:16.12.2007
Source:BUGTRAQ
SecurityVulns ID:8449
Type:remote
Level:4/10
Description:Metadata file and hyperlink desination is not signed on document signing.
Affected:MICROSOFT : Office 2007
Original documentdocumentpoehls_(at)_informatik.uni-hamburg.de, MS Office 2007: Target of Hyperlinks not covered by Digital Signatures (16.12.2007)
 documentpoehls_(at)_informatik.uni-hamburg.de, MS Office 2007: Digital Signature does not protect Meta-Data (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

HP Info Center ActiveX code execution
updated since 13.12.2007
Published:16.12.2007
Source:BUGTRAQ
SecurityVulns ID:8447
Type:client
Level:6/10
Description:Few unsafe methods are explosed.
Affected:HP : HP Quick Launch Button 6.3
CVE:CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.)
 CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.)
 CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.)
Original documentdocumentHP, [security bulletin] HPSBGN02298 SSRT071502 rev.1 - HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access (16.12.2007)
 documentporkythepig_(at)_anspi.pl, HP notebooks remote code execution vulnerability (multiple series) (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)

BadBlue Web server multiple security vulnerabilities
updated since 13.12.2007
Published:25.04.2008
Source:BUGTRAQ
SecurityVulns ID:8443
Type:remote
Level:6/10
Description:Buffer overflow, directory traversal, information leak, DoS.
Affected:BADBLUE : BadBlue 2.72
CVE:CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.)
Original documentdocumentVulnerabilityResearch_(at)_digitaldefense.net, DDIVRT-2008-11 BadBlue uninst.exe DoS (25.04.2008)
 documentLuigi Auriemma, Multiple vulnerabilities in BadBlue 2.72b (13.12.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server