Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows URL code execution
Published:14.11.2007
Source:
SecurityVulns ID:8335
Type:client
Threat Level:
7/10
Description:Invalid handling of %xx sequences on external URL handlers in Windows XP with Internet Explorer 7 installed allows to execute applications.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
CVE:CVE-2007-3896
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-061 – Critical Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460) (14.11.2007)
Files:Microsoft Security Bulletin MS07-061 – Critical Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)

Oracle privilege escalation
Published:14.11.2007
Source:
SecurityVulns ID:8338
Type:local
Threat Level:
5/10
Description:Multi-step sequence of operations allows user to get SYSDBA privileges.
Affected:ORACLE : Oracle 10g
Original documentdocumentDavid Litchfield, Oracle 11g/10g Installation Vulnerability (14.11.2007)
 documentpete_(at)_petefinnigan.com, Oracle 0-day to get SYSDBA access (14.11.2007)

WinPcap driver array overflow
Published:14.11.2007
Source:
SecurityVulns ID:8339
Type:local
Threat Level:
5/10
Description:Array index overflow in kernel mode on IOCTL handling.
Affected:WINPCAP : WinPcap 4.0
CVE:CVE-2007-5756
Original documentdocumentIDEFENSE, iDefense Security Advisory 11.12.07: WinPcap NPF.SYS bpf_filter_init Arbitrary Array Indexing Vulnerability (14.11.2007)

Novell Netware client privilege escalation
Published:14.11.2007
Source:
SecurityVulns ID:8341
Type:local
Threat Level:
5/10
Description:Unprivileged user can manipulate kernel memory with \.\nwfilter device.
Affected:NOVELL : NetWare Client 4.91
CVE:CVE-2007-5667
Original documentdocumentIDEFENSE, iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability (14.11.2007)

PHP multiple denial of service conditions
Published:14.11.2007
Source:
SecurityVulns ID:8342
Type:library
Threat Level:
5/10
Description:DoS in stream_wrapper_register(), dgettext(), dcgettext(), dngettext(), gettext(), ngettext(), dcgettext() functions.
Affected:PHP : PHP 5.2
Original documentdocumentlaurent gaffie, PHP <= 5.2.5 Gettext Lib Multiple Denial of service (14.11.2007)
 documentlaurent gaffie, PHP <= 5.2.5 stream_wrapper_register() denial of service (14.11.2007)

Emacs safe mode protection bypass
updated since 14.11.2007
Published:14.11.2007
Source:
SecurityVulns ID:8343
Type:local
Threat Level:
5/10
Description:It's possible to bypass enable-local-variables safe mode.
Affected:EMACS : emacs 22.1
CVE:CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.)
Original documentdocumentUBUNTU, [USN-541-1] Emacs vulnerability (14.11.2007)

Nagios plugins multiple security vulnerabilities
Published:14.11.2007
Source:
SecurityVulns ID:8344
Type:client
Threat Level:
5/10
Description:Buffer overflows in check_snmp and check_http on server reply parsing.
Affected:NAGIOS : nagios-plugins 1.4
CVE:CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.)
 CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10 allows remote web servers to execute arbitrary code via long Location header responses (redirects).)
Original documentdocumentGENTOO, [ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows (14.11.2007)

KDE Konqueror cookie buffer overflow
Published:14.11.2007
Source:
SecurityVulns ID:8345
Type:client
Threat Level:
5/10
Description:Buffer overflow on oversized cookie.
Affected:KDE : Konqueror 3.5
Original documentdocumentlaurent gaffie, Konqueror Remote Denial Of Service (14.11.2007)
Files:Exploits Konqueror Remote Denial Of Service

IBM WebSphere MQ multiple security vulnerabilities
Published:14.11.2007
Source:
SecurityVulns ID:8346
Type:remote
Threat Level:
5/10
Affected:IBM : WebSphere MQ 6.0
Original documentdocumentIRM Research, Six Remote Memory Corruption Vulnerabilities in IBM WebSphere MQ 6.0 (14.11.2007)

Microsoft Windows DNS server and DNS client DNS reply spoofing
updated since 14.11.2007
Published:09.07.2008
Source:
SecurityVulns ID:8336
Type:remote
Threat Level:
6/10
Description:Weak pseudo-random generator is used to generate DNS request ID.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2008-1454
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.")
 CVE-2008-0087
 CVE-2007-3898
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-037 – Important Vulnerabilities in DNS Could Allow Spoofing (953230) (09.07.2008)
 documentAmit Klein, Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020) (08.04.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-020 – Important Vulnerability in DNS Client Could Allow Spoofing (945553) (08.04.2008)
 documentAlla Bezroutchko, [Full-disclosure] Predictable DNS transaction IDs in Microsoft DNS Server (14.11.2007)
 documentAmit Klein, After 6 months - fix available for Microsoft DNS cache poisoning attack (14.11.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-062 – Important Vulnerability in DNS Could Allow Spoofing (941672) (14.11.2007)
Files:program for DNS id spoofing
 Microsoft Security Bulletin MS07-062 – Important Vulnerability in DNS Could Allow Spoofing (941672)
 Microsoft Security Bulletin MS08-020 – Important Vulnerability in DNS Client Could Allow Spoofing (945553)
 Microsoft Security Bulletin MS08-037 – Important Vulnerabilities in DNS Could Allow Spoofing (953230)

F5 FirePass 4100 crossite scripting
updated since 14.11.2007
Published:14.06.2009
Source:
SecurityVulns ID:8340
Type:remote
Threat Level:
5/10
Description:SSL VPN download_plugin.php3, page backurl parameter, my.logon.php3, my.activation.php3 crossite scripting.
Affected:F5 : FirePass 4100
 F5 : FirePass 5.4
 F5 : FirePass 5.5
 F5 : FirePass 6.0
Original documentdocumentProCheckUp Research, PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script (30.11.2007)
 documentProCheckUp Research, PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script (30.11.2007)
 documentProCheckUp Research, PR07-13: Cross-site Scripting / HTML injection on F5 FirePass 4100 SSL VPN 'download_plugin.php3' server-side script (14.11.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod