 |
|
|
|
| Novell Netware client privilege escalation | | Published: |  | 14.11.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8341 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Unprivileged user can manipulate kernel memory with \.\nwfilter device. |
| Affected: |  | NOVELL : NetWare Client 4.91 | | CVE: |  | CVE-2007-5667 |
| Original document |  | IDEFENSE, iDefense Security Advisory 11.12.07: Novell NetWare Client Local Privilege Escalation Vulnerability (14.11.2007) |
| Emacs safe mode protection bypass | | Published: | | 14.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8343 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to bypass enable-local-variables safe mode. |
| Affected: | | EMACS : emacs 22.1 | | CVE: | | CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.) |
| Original document | | UBUNTU, [USN-541-1] Emacs vulnerability (14.11.2007) |
| KDE Konqueror cookie buffer overflow | | Published: | | 14.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8345 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized cookie. |
| Affected: | | KDE : Konqueror 3.5 |
| Original document | | laurent.gaffie_(at)_gmail.com, Konqueror Remote Denial Of Service (14.11.2007) |
| Oracle privilege escalation | | Published: | | 14.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8338 | | Type: | | local | | Level: | | 5/10 | | Description: | | Multi-step sequence of operations allows user to get SYSDBA privileges. |
| Affected: | | ORACLE : Oracle 10g |
| Original document | | David Litchfield, Oracle 11g/10g Installation Vulnerability (14.11.2007) |
| | | pete_(at)_petefinnigan.com, Oracle 0-day to get SYSDBA access (14.11.2007) |
| PHP multiple denial of service conditions | | Published: | | 14.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8342 | | Type: | | library | | Level: | | 5/10 | | Description: | | DoS in stream_wrapper_register(), dgettext(), dcgettext(), dngettext(), gettext(), ngettext(), dcgettext() functions. |
| Affected: | | PHP : PHP 5.2 |
| Original document | | laurent.gaffie_(at)_gmail.com, PHP <= 5.2.5 Gettext Lib Multiple Denial of service (14.11.2007) |
| | | laurent.gaffie_(at)_gmail.com, PHP <= 5.2.5 stream_wrapper_register() denial of service (14.11.2007) |
| Nagios plugins multiple security vulnerabilities | | Published: | | 14.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8344 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflows in check_snmp and check_http on server reply parsing. |
| Affected: | | NAGIOS : nagios-plugins 1.4 | | CVE: | | CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.) | | | | CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10 allows remote web servers to execute arbitrary code via long Location header responses (redirects).) |
| Original document | | GENTOO, [ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows (14.11.2007) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 14.11.2007 | | Source: | | | | SecurityVulns ID: | | 8337 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
PHP-Nuke: CAPTCHA protection bypass.
Peter’s Random Anti-Spam Image: CAPTACHA protection bypass and crossite scripting. |
| Affected: | | PHPNUKE : PHP-Nuke 8.1 | | | | AUTOINDEX : AutoIndex 2.2 | | | | PETERSRANDOMANTI : Peter’s Random Anti-Spam Image 0.2 | | | | AURACMS : AURA CMS 2.1 |
| Original document | | no-reply_(at)_aria-security.net, Free Forums "search" Sql Injection (14.11.2007) |
| | | no-reply_(at)_aria-security.net, Aria-Security.Net: MetaCart SQL Injection (14.11.2007) |
| | | no-reply_(at)_aria-security.net, DocuSafe "Search" SQL Injection (14.11.2007) |
| | | ULTRA.HAQRS.4.ALL ULTRA.HAQRS.4.ALL, [Full-disclosure] 0day0day0day0day AURACMS XSS!! LATEST VERSION!!! 0day0day0day0day (14.11.2007) |
| | | Elazar Broad, [Full-disclosure] WebEx GPCContainer Memory Access Violation (14.11.2007) |
| | | MustLive, Vulnerabilities in Peter’s Random Anti-Spam Image (14.11.2007) |
| | | joseph.giron13_(at)_gmail.com, ExoPHPdesk user profile XSS / profile SQL injection (14.11.2007) |
| | | ISecAuditors Security Advisories, [ISecAuditors Security Advisories] VTLS.web.gateway cgi is vulnerable to XSS (14.11.2007) |
| | | L4teral, AutoIndex <= 2.2.2 Cross Site Scripting and Denial of Service (14.11.2007) |
| | | MustLive, Another vulnerability in PHP-Nuke captcha (14.11.2007) |
| IBM WebSphere MQ multiple security vulnerabilities | | Published: | | 14.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8346 | | Type: | | remote | | Level: | | 5/10 |
| |
|
| |
