 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 16.04.2007 | | Source: |  | | | SecurityVulns ID: |  | 7582 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | lo-talt-alayam_(at)_hotmail.com, Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities (16.04.2007) |
| | | irvian, Pixaria Gallery 1.0 (class.Smarty.php) Remote File Include Vulnerability (16.04.2007) |
| | | the_3dit0r_(at)_yahoo.com, Back-End CMS Database Tables v0.4.7 Cross Site Scripting (16.04.2007) |
| | | the_3dit0r_(at)_yahoo.com, bloofoxCMS 0.2.2 Cross Site Scripting (16.04.2007) |
| | | the_3dit0r_(at)_yahoo.com, MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities (16.04.2007) |
| | | the_3dit0r_(at)_yahoo.com, FloweRS v2.0 Cross Site Scripting (16.04.2007) |
| | | the_3dit0r_(at)_yahoo.com, Back-End CMS Database Tables v0.4.7 Remote File Include Vulnerabilities (16.04.2007) |
| | | the_3dit0r_(at)_yahoo.com, bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy (16.04.2007) |
| | | k4rtal_(at)_gmail.com, Maian Weblog v3.1 (16.04.2007) |
| | | k4rtal_(at)_gmail.com, Flip-search-add-on 2.0 (16.04.2007) |
| | | k4rtal_(at)_gmail.com, MySpeach v1.9 (16.04.2007) |
| | | k4rtal_(at)_gmail.com, B2evolution 1.6 RFi (16.04.2007) |
| | | k4rtal_(at)_gmail.com, Maian Gallery v1.0 (16.04.2007) |
| | | k4rtal_(at)_gmail.com, Maian Search v1.1 (16.04.2007) |
| | | k4rtal_(at)_gmail.com, phpMyChat-0.14.5 (16.04.2007) |
| FreeRADIUS memory leak | | Published: | | 16.04.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7584 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Memory leak on large number of EAP-TLS requests leads to Denial of Service conditions. |
| Affected: |  | FREERADIUS : freeRADIUS 1.1 | | CVE: |  | CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.) |
| elinks format string vulnerability | | Published: | | 16.04.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7585 | | Type: | | local | | Level: | | 5/10 | | Description: | | Relative path is used to search text strings (.po) file. It makes it possible to spoof the file and to conduct format string attack. |
| Affected: | | ELINKS : elinks 0.11 | | CVE: | | CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.) |
| SecuStick USB flash drive protection bypass | | Published: | | 16.04.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7587 | | Type: | | local | | Level: | | 5/10 | | Description: | | File access does not dependant on authentication, making it's possible to bypass authentication for file access. |
| CVE: | | CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.) |
| bftpd FTP server DoS | | Published: | | 16.04.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7589 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Denial of service on processing GET / MGET commands. |
| Affected: | | BFTPD : bftpd 1.7 | | CVE: | | CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.) |
Quagga bgpd BGP service DoS
updated since 16.04.2007 | | Published: | | 16.04.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7590 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Denial of service on BGP UPDATE messages processing. |
| Affected: | | QUAGGA : Quagga 0.98 | | | | QUAGGA : quagga 0.99 | | CVE: | | CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.) |
ClamAV antivirus multiple vulnerabilities
updated since 13.04.2007 | | Published: | | 16.04.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7580 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow on CAB files parsing, DoS on CHM parsing. PDF files parsing descriptors leak. |
| Affected: | | CLAMAV : ClamAV 0.90 | | CVE: | | CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.) | | | | CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.) | | | | CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.) |
| Adobe Macromedia Flash Player code execution | | Published: | | 16.04.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7588 | | Type: | | client | | Level: | | 6/10 | | Description: | | *nix platforms code execution. |
| CVE: | | CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.) |
| VCDGear buffer overflow | | Published: | | 16.04.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7583 | | Type: | | local | | Level: | | 4/10 | | Description: | | Buffer overflow on parsing .cue files. |
| Affected: | | VCDGEAR : VCDGear 3.56 | | CVE: | | CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file.) |
| 'file' utility regular expressions DoS | | Published: | | 16.04.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7586 | | Type: | | library | | Level: | | 5/10 | | Description: | | Large number of LF characters leads to CPU consumption. |
| Affected: | | FILE : file 4.20 | | CVE: | | CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.) |
| Metamod-P DoS | | Published: | | 16.04.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7591 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Denial of service on oversized list command. |
| Affected: | | METAMODP : Metamod-P 1.19 | | CVE: | | CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.) |
|
|
|
|
|
|
|
|
