Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Norton Personal Firewall / Norton Internet Security buffer overflow
updated since 18.09.2006
Published:15.03.2007
Source:
SecurityVulns ID:6623
Type:local
Threat Level:
5/10
Description:\Device\SymEvent driver interface buffer overflow.
Affected:SYMANTEC : Norton Personal Firewall 2006
 SYMANTEC : Norton Internet Security 2006
CVE:CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.)
 CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, and possibly Norton Internet Security 2006 and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.)
 CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.)
Original documentdocumentMatousec - Transparent security Research, [Full-disclosure] Norton Insufficient validation of 'SymTDI' driver input buffer (15.03.2007)
 documentMatousec - Transparent security Research, SymEvent Driver Local Access System Denial of Service (14.03.2007)
 documentDavid Matousek, Symantec Norton Insufficient validation of 'SymEvent' driver input buffer (18.09.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.03.2007
Source:
SecurityVulns ID:7409
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WOLTLAB : Woltlab Burning Board 2.7
 HORDE : Horde 3.1
 IMP : IMP 4.1
 ORIONBLOG : Orion-Blog 2.0
 WEBCREATOR : WebCreator 0.2
 CARE2X : CARE2X 1.1
CVE:CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.)
 CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.)
 CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.)
 CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files.)
Original documentdocumentMoritz Naumann, [Full-disclosure] Horde 3.1.4 (RC1) fixes XSS issue (15.03.2007)
 documentMoritz Naumann, [Full-disclosure] Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues (15.03.2007)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_72$2007] CARE2X (root_path) Remote File Inclusion Vulnerability (15.03.2007)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_74$2007] WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability (15.03.2007)
 documentx666_(at)_Safe-mail.net, Woltab Burning Board SQL Injection usergroups.php (15.03.2007)
Files:Orion-Blog v2.0 Version Remote Privilege Escalation Exploit
 Woltlab Burning Board 2.X usergroups.php SQL Injection exploit

Microsoft Internet Explorer page content spoofing
Published:15.03.2007
Source:
SecurityVulns ID:7410
Type:client
Threat Level:
5/10
Description:Crossite scripting in res://ieframe.dll/navcancl.htm#http://www.site.com page allows to inject HTML code into page.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability.")
Original documentdocumentAviv Raff, Phishing using IE7 local resource vulnerability (15.03.2007)

Microsoft Windows mmioRead () multimedia function integer overflow
Published:15.03.2007
Source:
SecurityVulns ID:7411
Type:library
Threat Level:
5/10
Description:Integer overflow on negative parameter values.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.)
Original documentdocumentSECURITEAM, [NT] Windows Multimedia mmioRead DoS Vulnerability (15.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod