Computer Security
[EN] securityvulns.ru no-pyccku


ClamAV antivirus multiple vulnerabilities
updated since 13.04.2007
Published:16.04.2007
Source:
SecurityVulns ID:7580
Type:remote
Threat Level:
6/10
Description:Buffer overflow on CAB files parsing, DoS on CHM parsing. PDF files parsing descriptors leak.
Affected:CLAMAV : ClamAV 0.90
CVE:CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.)
 CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.)
 CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.16.07: ClamAV CAB File Unstore Buffer Overflow Vulnerability (16.04.2007)
 documentSECUNIA, [SA24891] Clam AntiVirus Two Vulnerabilities (13.04.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.04.2007
Source:
SecurityVulns ID:7582
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPMYCHAT : phpMyChat 0.14
 MAIANSCRIPTWORLD : Maian Weblog 3.1
 flip : Flip-search-add-on 2.0
 MYSPEACH : MySpeach 1.9
 B2EVOLUTION : B2evolution 1.6
 MAIANSCRIPTWORLD : Maian Gallery 1.0
 MAIAN : Maian Search 1.1
 BLOOFOX : bloofoxCMS 0.2
 BACKEND : Back-End CMS Database Tables 0.4
 MPPHP : MobilePublisherphp 1.1
 FLOWERS : FloweRS 2.0
 PIXARIA : Pixaria Gallery 1.0
 SITEBAR : SiteBar 3.3
CVE:CVE-2007-2078 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use.)
 CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem.")
 CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0.")
 CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.)
 CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter.)
Original documentdocumentlo-talt-alayam_(at)_hotmail.com, Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities (16.04.2007)
 documentirvian, Pixaria Gallery 1.0 (class.Smarty.php) Remote File Include Vulnerability (16.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, Back-End CMS Database Tables v0.4.7 Cross Site Scripting (16.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, bloofoxCMS 0.2.2 Cross Site Scripting (16.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities (16.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, FloweRS v2.0 Cross Site Scripting (16.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities (16.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy (16.04.2007)
 documentk4rtal_(at)_gmail.com, Maian Weblog v3.1 (16.04.2007)
 documentk4rtal_(at)_gmail.com, Flip-search-add-on 2.0 (16.04.2007)
 documentk4rtal_(at)_gmail.com, MySpeach v1.9 (16.04.2007)
 documentk4rtal_(at)_gmail.com, B2evolution 1.6 RFi (16.04.2007)
 documentk4rtal_(at)_gmail.com, Maian Gallery v1.0 (16.04.2007)
 documentk4rtal_(at)_gmail.com, Maian Search v1.1 (16.04.2007)
 documentk4rtal_(at)_gmail.com, phpMyChat-0.14.5 (16.04.2007)

VCDGear buffer overflow
Published:16.04.2007
Source:
SecurityVulns ID:7583
Type:local
Threat Level:
4/10
Description:Buffer overflow on parsing .cue files.
Affected:VCDGEAR : VCDGear 3.56
CVE:CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file.)
Original documentdocumentMeftun_(at)_MeftunNet.Com, VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit (16.04.2007)
Files:VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit

FreeRADIUS memory leak
Published:16.04.2007
Source:
SecurityVulns ID:7584
Type:remote
Threat Level:
4/10
Description:Memory leak on large number of EAP-TLS requests leads to Denial of Service conditions.
Affected:FREERADIUS : freeRADIUS 1.1
CVE:CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.)

elinks format string vulnerability
Published:16.04.2007
Source:
SecurityVulns ID:7585
Type:local
Threat Level:
5/10
Description:Relative path is used to search text strings (.po) file. It makes it possible to spoof the file and to conduct format string attack.
Affected:ELINKS : elinks 0.11
CVE:CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.)

'file' utility regular expressions DoS
Published:16.04.2007
Source:
SecurityVulns ID:7586
Type:library
Threat Level:
5/10
Description:Large number of LF characters leads to CPU consumption.
Affected:FILE : file 4.20
CVE:CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.)

SecuStick USB flash drive protection bypass
Published:16.04.2007
Source:
SecurityVulns ID:7587
Type:local
Threat Level:
5/10
Description:File access does not dependant on authentication, making it's possible to bypass authentication for file access.
CVE:CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.)

Adobe Macromedia Flash Player code execution
Published:16.04.2007
Source:
SecurityVulns ID:7588
Type:client
Threat Level:
6/10
Description:*nix platforms code execution.
CVE:CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.)

bftpd FTP server DoS
Published:16.04.2007
Source:
SecurityVulns ID:7589
Type:remote
Threat Level:
5/10
Description:Denial of service on processing GET / MGET commands.
Affected:BFTPD : bftpd 1.7
CVE:CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.)

Quagga bgpd BGP service DoS
updated since 16.04.2007
Published:16.04.2007
Source:
SecurityVulns ID:7590
Type:remote
Threat Level:
5/10
Description:Denial of service on BGP UPDATE messages processing.
Affected:QUAGGA : Quagga 0.98
 QUAGGA : quagga 0.99
CVE:CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.)

Metamod-P DoS
Published:16.04.2007
Source:
SecurityVulns ID:7591
Type:remote
Threat Level:
5/10
Description:Denial of service on oversized list command.
Affected:METAMODP : Metamod-P 1.19
CVE:CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod