Computer Security

Search:Vulnerability:14.09.2007
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



po4a symbolic links problem
Published:14.09.2007
Source:BUGTRAQ
SecurityVulns ID:8151
Type:remote
Level:5/10
Description:Symbolic links problem on /tmp/gettextization.failed.po file creation.
Affected:PO4A : po4a 0.32
CVE:CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.)
Original documentdocumentGENTOO, [ GLSA 200709-04 ] po4a: Insecure temporary file creation (14.09.2007)
Discuss:Read or add your comments to this news (0 comments)

lighttpd buffer overflow
Published:14.09.2007
Source:FULL-DISCLOSURE
SecurityVulns ID:8154
Type:remote
Level:6/10
Description:mod_fastcgi buffer overflow on headers parsing.
Affected:LIGHTHTTPD : lighttpd 1.4
CVE:CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow.")
Original documentdocumentRPATH, [Full-disclosure] rPSA-2007-0183-1 lighttpd (14.09.2007)
Discuss:Read or add your comments to this news (0 comments)

WinSCP unfiltered shell characters security vulnerability
Published:14.09.2007
Source:BUGTRAQ
SecurityVulns ID:8152
Type:client
Level:6/10
Description:Shell characters problem on sftp:// and scp:// URL handlers.
Affected:WINSCP : WinSCP 4.03
Original documentdocumentKender.Security_(at)_gmail.com, WinSCP < 4.04 url protocol handler flaw (14.09.2007)
Discuss:Read or add your comments to this news (0 comments)

Qt library buffer overflow
Published:14.09.2007
Source:FULL-DISCLOSURE
SecurityVulns ID:8153
Type:library
Level:5/10
Description:Buffer overflow on Unicode strings parsing.
Affected:QT : qt 3.3
 QT : qt 4.1
CVE:CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.)
Original documentdocumentMANDRIVA, [Full-disclosure] [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability (14.09.2007)
Discuss:Read or add your comments to this news (0 comments)

Apache mod_proxy denial of service
Published:14.09.2007
Source:FULL-DISCLOSURE
SecurityVulns ID:8155
Type:remote
Level:5/10
Description:Buffer overread on server ersponse parsing.
Affected:APACHE : Apache 2.3
CVE:CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.)
Original documentdocumentRPATH, [Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl (14.09.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru