Computer Security
[EN] securityvulns.ru no-pyccku


OpenBSD ICMPv6 buffer overflow
updated since 12.03.2007
Published:14.03.2007
Source:
SecurityVulns ID:7388
Type:remote
Threat Level:
8/10
Description:Buffer oveflow on fragmented IPv6 packet.
Affected:OPENBSD : OpenBSD 3.9
 OPENBSD : OpenBSD 4.0
 OPENBSD : OpenBSD 4.1
CVE:CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2007-0219: OpenBSD's IPv6 mbufs remote kernel buffer overflow (14.03.2007)

Microsoft Windows ChangeServiceConfig2A memory corruption
Published:14.03.2007
Source:
SecurityVulns ID:7397
Type:local
Threat Level:
6/10
Description:Memory corruption on ChangeServiceConfig2A() call.
Files:MS Windows DCE-RPC svcctl ChangeServiceConfig2A() 0day Memory Corruption PoC Exploit

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.03.2007
Source:
SecurityVulns ID:7398
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : vBulletin 3.6
 XICE : X-ice News System 1.0
 PHPROJEKT : PHProjekt 5.2
 WSNGUEST : WSN Guest 1.21
 AMP : Activist Mobilization Platform 3.2
CVE:CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.)
 CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out.)
 CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.)
 CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in Radical Designs Activist Mobilization Platform (AMP) 3.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.)
 CVE-2007-1570 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-1438. Reason: This candidate is a duplicate of CVE-2007-1438. Notes: All CVE users should reference CVE-2007-1438 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
Original documentdocumenterdc_(at)_echo.or.id, [ECHO_ADV_71$2007] AMP v3.2 (base_path) Remote File Inclusion Vulnerability (14.03.2007)
 documentdisfigure, [Full-disclosure] vbulletin admincp sql injection (14.03.2007)
 documentsecurity_(at)_nruns.com, n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection (14.03.2007)
 documentsecurity_(at)_nruns.com, n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion (14.03.2007)
 documentsecurity_(at)_nruns.com, n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery (14.03.2007)
 documentsecurity_(at)_nruns.com, n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation (14.03.2007)
 documentCyberGhost, X-ice News System v1.0 Remote SQL Injection Vulnerability (14.03.2007)
 documentDj7xpl, GestArt beta 1 (aide.php aide) Remote File Inclusion Vulnerability: (14.03.2007)
Files:WSN Guest 1.21 Version Comments.PHP "ID" SQL Injection Exploit

PHP filtering extension multiple security vulnerabilities
Published:14.03.2007
Source:
SecurityVulns ID:7399
Type:remote
Threat Level:
5/10
Description:Buffer underflow, filtering protection bypass.
Affected:PHP : PHP 5.2
CVE:CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.)
 CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.)
Original documentdocumentPHP-SECURITY, MOPB-19-2007:PHP ext/filter Space Trimming Buffer Underflow Vulnerability (14.03.2007)
 documentPHP-SECURITY, MOPB-18-2007:PHP ext/filter HTML Tag Stripping Bypass Vulnerability (14.03.2007)
Files:PHP ext/filter Space Trimming Buffer Underflow Vulnerability

AstroCam DoS
Published:14.03.2007
Source:
SecurityVulns ID:7400
Type:remote
Threat Level:
5/10
Affected:ASTROCAM : AstroCam 2.6
CVE:CVE-2007-1426 (AstroCam before 2.6.6 allows remote attackers to cause a denial of service (daemon shutdown) via certain requests to the web interface.)

Java Dynamic Management Kit privilege escalation
Published:14.03.2007
Source:
SecurityVulns ID:7401
Type:local
Threat Level:
5/10
Description:Invalid appliance of restriction policies allows to access Inter-ORB applications data.
Affected:SUN : Java Dynamic Management Kit 5.1
CVE:CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user.)

Macromedia ShockWave ActiveX multiple security vulnerabilities
Published:14.03.2007
Source:
SecurityVulns ID:7402
Type:client
Threat Level:
5/10
Description:SwDir.dll multiple methods buffer overflows.
CVE:CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.)
Files:Macromedia SwDir.dll ver. 10.1.4.20 multiple methods Stack Overflow

Apache Tomcat directory traversal
Published:14.03.2007
Source:
SecurityVulns ID:7403
Type:remote
Threat Level:
6/10
Description:It's possible to traverse directories with /\../.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : mod_jk 1.2
CVE:CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.)
 CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal (14.03.2007)

Unfiltered shell characters in Amarok media player
Published:14.03.2007
Source:
SecurityVulns ID:7404
Type:client
Threat Level:
5/10
Description:Unfiltered shell characters on executing o external unzip command.
Affected:AMAROK : Amarok 1.4
Original documentdocumentGENTOO, [ GLSA 200703-11 ] Amarok: User-assisted remote execution of arbitrary code (14.03.2007)

unrarlib library buffer overflow
Published:14.03.2007
Source:
SecurityVulns ID:7405
Type:library
Threat Level:
5/10
Description:Buffer overflow in urarlib_get() function on oversized filename.
Affected:UNRARLIB : Unrarlib 0.4
CVE:CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument.)
Original documentdocumentstarcadi, [Full-disclosure] Unrarlib 0.4.0 (urarlib_get) Local buffer overflow (14.03.2007)

McAfee ePolicy Orchestrator ActiveX multiple buffer overflows
Published:14.03.2007
Source:
SecurityVulns ID:7406
Type:client
Threat Level:
5/10
Description:Buffer overflows in SiteManager.Dll ExportSiteList() and VerifyPackageCatalog() functions.
Affected:MCAFEE : ePolicy Orchestrator 3.5
 MCAFEE : ePolicy Orchestrator 3.6
CVE:CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.)
Original documentdocumenthfli, [Full-disclosure] [Advisory]McAfee ePolicy Orchestrator Multiple Remote Buffer Overflow Vulnerabilities (14.03.2007)

minigzip utility buffer overflow
Published:14.03.2007
Source:
SecurityVulns ID:7407
Type:local
Threat Level:
5/10
Description:Buffer overflow on oversized filename.
Affected:PYTHON : python 2.5
CVE:CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.)
Original documentdocumentstarcadi starcadi, [Full-disclosure] Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability (14.03.2007)

TrendMicro antivirus DoS
Published:14.03.2007
Source:
SecurityVulns ID:7408
Type:remote
Threat Level:
5/10
Description:Division by zero on UPX packed file parsing.
Affected:TM : Trend Micro Antivirus 14.10
CVE:CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error.)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 03.14.07: Trend Micro Antivirus UPX Parsing Kernel Divide by Zero Vulnerability (14.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod