Computer Security
[EN] securityvulns.ru no-pyccku


Apache MyFaces Tomahawk crossite scripting
Published:15.06.2007
Source:
SecurityVulns ID:7817
Type:remote
Threat Level:
5/10
Description:Crossite scripting on 'autoscroll' parameter.
Affected:APACHE : MyFaces Tomahawk 1.1
CVE:CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability (15.06.2007)

Kaspersky Internet Security privilege escalation
Published:15.06.2007
Source:
SecurityVulns ID:7819
Type:local
Threat Level:
5/10
Description:Invalid processing of SSDT hooked functions arguments.
Affected:KASPERSKY : Kaspersky Internet Security 6.0
Original documentdocumentMatousec - Transparent security Research, Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability (15.06.2007)

ClamAV antivirus multiple security vulnerabilities
Published:15.06.2007
Source:
SecurityVulns ID:7820
Type:remote
Threat Level:
7/10
Description:Multiple buffer
Affected:CLAMAV : ClamAV 0.90
CVE:CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.)
 CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.)
 CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.)
 CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.)
 CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200706-05 ] ClamAV: Multiple Denials of Service (15.06.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.06.2007
Source:
SecurityVulns ID:7818
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SMF : Simple Machines Forum 1.1
 SHNEWS : SH-News 3.1
 ELXIS : Elxis CMS 2006.4
Original documentdocumentedi.strosar_(at)_varnostne-novice.com, [Full-disclosure] Letterman subscriber module XSS vulnerability (15.06.2007)
 documentRaeD Hasadya, RFI In Script SH-News 3.1 (15.06.2007)
 documentRaeD Hasadya, ByPass In PortalApp (15.06.2007)
 documenthack2prison_(at)_yahoo.com, MIME-tools 5.411 (Entity 5.404) (15.06.2007)
 documentNico Leidecker, Elxis CMS <= 2006.4 - banner module - sql injection (15.06.2007)
 documentShAnKaR, уязвимости smf 1.1.2 (15.06.2007)
Files:SMF WAV capcha breaker

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod