Computer Security
[EN] securityvulns.ru no-pyccku


po4a symbolic links problem
Published:14.09.2007
Source:
SecurityVulns ID:8151
Type:remote
Threat Level:
5/10
Description:Symbolic links problem on /tmp/gettextization.failed.po file creation.
Affected:PO4A : po4a 0.32
CVE:CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.)
Original documentdocumentGENTOO, [ GLSA 200709-04 ] po4a: Insecure temporary file creation (14.09.2007)

WinSCP unfiltered shell characters security vulnerability
Published:14.09.2007
Source:
SecurityVulns ID:8152
Type:client
Threat Level:
6/10
Description:Shell characters problem on sftp:// and scp:// URL handlers.
Affected:WINSCP : WinSCP 4.03
Original documentdocumentKender.Security_(at)_gmail.com, WinSCP < 4.04 url protocol handler flaw (14.09.2007)

Qt library buffer overflow
Published:14.09.2007
Source:
SecurityVulns ID:8153
Type:library
Threat Level:
5/10
Description:Buffer overflow on Unicode strings parsing.
Affected:QT : qt 3.3
 QT : qt 4.1
CVE:CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.)
Original documentdocumentMANDRIVA, [Full-disclosure] [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability (14.09.2007)

lighttpd buffer overflow
Published:14.09.2007
Source:
SecurityVulns ID:8154
Type:remote
Threat Level:
6/10
Description:mod_fastcgi buffer overflow on headers parsing.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow.")
Original documentdocumentRPATH, [Full-disclosure] rPSA-2007-0183-1 lighttpd (14.09.2007)

Apache mod_proxy denial of service
Published:14.09.2007
Source:
SecurityVulns ID:8155
Type:remote
Threat Level:
5/10
Description:Buffer overread on server ersponse parsing.
Affected:APACHE : Apache 2.3
CVE:CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.)
Original documentdocumentRPATH, [Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl (14.09.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod