 |
|
|
|
| HP-UX SLSd unauthorized access | | Published: |  | 15.02.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7239 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | It's possible to create any file with attacker-supplied data. |
| Affected: |  | HP : HP-UX 10.20 | | | | HP : HP-UX 11.11 | | CVE: |  | CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.) |
| Cisco PIX / ASA / FWSM multiple security vulnerabilities | | Published: | | 15.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7242 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple DoS conditions on HTTP, SIP, TCP traffic parsing. |
| Affected: | | CISCO : PIX 6.3 | | | | CISCO : PIX 7.0 | | | | CISCO : FWSM 2.3 | | | | CISCO : PIX 7.1 | | | | CISCO : ASA 7.0 | | | | CISCO : ASA 7.1 | | | | CISCO : FWSM 3.1 | | | | CISCO : PIX 7.2 | | | | CISCO : ASA 7.2 | | | | CISCO : ASA 6.3 | | CVE: | | CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.) | | | | CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests.) | | | | CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.) | | | | CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.) | | | | CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.) | | | | CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.) | | | | CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.) | | | | CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets.) | | | | CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.) | | | | CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service (device reboot) via malformed TCP packets.) |
| iTinySoft Studio Total Video Player buffer overflow | | Published: | | 15.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7246 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on .m3U files parsing. |
| Affected: | | ITINYSOFT : Total Video Player 1.03 | | CVE: | | CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) |
| Sun Solaris TCP packets processing race conditions | | Published: | | 15.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7247 | | Type: | | remote | | Level: | | 6/10 | | Description: | | DoS against system is possible. |
| Affected: | | ORACLE : Solaris 10 | | CVE: | | CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.) |
| ejabberd roster ODBC module vulnerability | | Published: | | 15.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7249 | | Type: | | remote | | Level: | | 5/10 |
| CVE: | | CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.) |
| Lizardtech DjVu plugin multiple security vulnerabilities | | Published: | | 15.02.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7244 | | Type: | | client | | Level: | | 5/10 | | Description: | | Multiple buffer overflows in different methods. |
| PalmOS Treo smartphones protection bypass | | Published: | | 15.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7240 | | Type: | | local | | Level: | | 4/10 | | Description: | | Find feature allows access to locked device. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 15.02.2007 | | Source: | | | | SecurityVulns ID: | | 7245 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | DESKPRO : DeskPRO 1.1 | | | | ADVANCEDPOLL : Advanced Poll 2.0 | | | | DRUPAL : Drupal 4.7 | | | | PHPCC : phpCC 4.2 | | | | DRUPAL : Drupal 5.1 | | | | NABOCORP : nabopoll 1.1 | | | | MOHA : MOHA Chat 0.1 | | | | ATMAIL : @mail 0.61 | | | | HARPIA : Harpia CMS 1.0 | | | | SCART : SCart 2.0 | | | | APACHESTATS : Apache Stats 0.0 | | | | TAGIT : TagIt! Tagboard 2.1 | | | | ZEBRAFEEDS : ZebraFeeds 1.0 | | | | ANSATHEUS : AT Contenator 1.0 | | | | XARANCMS : Xaran CMS 2.0 | | | | POLLMENTOR : PollMentor 2.0 | | CVE: | | CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.) | | | | CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.) | | | | CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.) | | | | CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter.) | | | | CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.) | | | | CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.) | | | | CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.) | | | | CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.) | | | | CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.) | | | | CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.) | | | | CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.) | | | | CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.) | | | | CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.) | | | | CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.) | | | | CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.) | | | | CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.) | | | | CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.) | | | | CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.) | | | | CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.) | | | | CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter.) |
| Comodo firewall protection bypass | | Published: | | 15.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7243 | | Type: | | local | | Level: | | 4/10 | | Description: | | CRC32 control checksum is used for files protection making in trivial to bypass it. |
| Multiple PHP vulnerabilities | | Published: | | 15.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7248 | | Type: | | local | | Level: | | 6/10 | | Description: | | Multiple buffer overflows, DoS conditions, information leaks, etc. |
| Affected: | | PHP : PHP 5.2 | | CVE: | | CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.) | | | | CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.) | | | | CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.) | | | | CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.) | | | | CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).) |
| ClamAV antivirus directory traversal | | Published: | | 15.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7250 | | Type: | | remote | | Level: | | 8/10 | | Description: | | MIME part id is used to form local filename without checking for ../. In addition, there is a DoS on CAB files parsing. |
| Affected: | | CLAMAV : ClamAV 0.88 | | CVE: | | CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.) | | | | CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.) |
Mozilla Firefox cross domain access
updated since 15.02.2007 | | Published: | | 27.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7238 | | Type: | | client | | Level: | | 8/10 | | Description: | | By using
location.hostname='evil.com\x00foo.example.com'
in javascript it's possible to make request for foo.example.com domain to be sent to evil.com. It makes it possible cross-domain access. Vulnerability can be used for hidden malware installation. |
| Affected: | | MOZILLA : Firefox 2.0 | | CVE: | | CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.) | | | | CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.) | | | | CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.) |
HP-UX ARPA transport DoS
updated since 15.02.2007 | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7241 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | HP : HP-UX 11.11 | | | | HP : HP-UX 11.23 | | CVE: | | CVE-2007-6425 | | | | CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.) | | | | CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.) |
| Original document |  | HP, [security bulletin] HPSBUX02306 SSRT071463 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) (24.01.2008) |
| | | HP, [security bulletin] HPSBUX02248 SSRT071437 rev.1 - HP-UX Running ARPA Transport, Remote Denial of Service (DoS) (03.08.2007) |
| | | HP, [security bulletin] HPSBUX02247 SSRT071432 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (03.08.2007) |
| | | HP, HPSBUX02205 SSRT061120 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (13.04.2007) |
| | | HP, [security bulletin] HPSBUX02192 SSRT061233 rev.1 - HP-UX Running ARPA Transport, Local Denial of Service (DoS) (15.02.2007) |
|
|
|
|
|
|
|
|
