Computer Security
[EN] securityvulns.ru no-pyccku


2wire routers crossite request forgery
Published:16.08.2007
Source:
SecurityVulns ID:8052
Type:remote
Threat Level:
4/10
Description:Referer is not checked on configuration form submission.
Affected:2WIRE : 2wire 1701HG
 2WIRE : 2wire 2071
Original documentdocumenthkm_(at)_hakim.ws, Cross Site Request Forgery in 2wire routers (16.08.2007)

ESRI ArcSDE database server buffer overflow
updated since 06.04.2007
Published:16.08.2007
Source:
SecurityVulns ID:7541
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversied TCP/5151 port request.
Affected:ESRI : ArcGIS 9.2
 ESRI : ArcSDE 9.2
Original documentdocumentIDEFENSE, iDefense Security Advisory 08.15.07: ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability (16.08.2007)
 documentIDEFENSE, iDefense Security Advisory 04.04.07: ESRI ArcSDE Buffer Overflow Vulnerability (06.04.2007)

McAfee VirusScan Antivirus for Linux / Unix buffer overflow
Published:16.08.2007
Source:
SecurityVulns ID:8053
Type:local
Threat Level:
4/10
Description:Buffer overflow on oversized filename in command line arguments.
Affected:MCAFEE : VirusScan 5.10
Original documentdocumentSebastian Wolfgarten, McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow (16.08.2007)

Multiple IRC NowPlaying scripts command injection
Published:16.08.2007
Source:
SecurityVulns ID:8054
Type:local
Threat Level:
3/10
Description:It's possible to inject IRC command thorugh unfiltered song titile.
Affected:IRSSI : ixmmsa.pl 0.3
 IRSSI : l33tmusic.pl 2.00
 IRSSI : mpg123.pl 0.01
 IRSSI : ogg123.pl 0.01
 IRSSI : xmms.pl 2.0
 IRSSI : xmms2.pl 1.1
 IRSSI : xmmsinfo.pl 1.1
 XCHAT : xmms-thing 1.0
 XCHAT : XMMS Remote Control Script 1.07
 XCHAT : Disrok 1.0
 XCHAT : a2x 0.0
 XCHAT : Another xmms-info script 1.0
 XCHAT : XChat-XMMS 0.8
 WEECHAT : now-playing.rb
 WEECHAT : xmms.pl 1.1
 BITCHX : xmms.bx 1.0
Original documentdocumentWouter Coekaerts, Vulnerability in multiple "now playing" scripts for various IRC clients (16.08.2007)

NetGear ReadyNAS RAIDiator default password
Published:16.08.2007
Source:
SecurityVulns ID:8055
Type:remote
Threat Level:
6/10
Description:There are 3 default account, one of which is undocumented with root access.
Affected:NETGEAR : RAIDiator 3.01
Original documentdocumentFelix Domke, Default Root Password in Infrant (now Netgear) ReadyNAS "RAIDiator" (16.08.2007)

ircu IRC server multiple security vulnerabilities
Published:16.08.2007
Source:
SecurityVulns ID:8056
Type:remote
Threat Level:
6/10
Description:Multiple DoS conditions, channels hijacking, information leakage.
Affected:IRCU : ircu 2.10
Original documentdocumentWouter Coekaerts, Multiple vulnerabilities in ircu (16.08.2007)

Streamripper stream to MP3 ripper buffer overflow
updated since 16.08.2007
Published:16.08.2007
Source:
SecurityVulns ID:8057
Type:client
Threat Level:
5/10
Description:Multiple buffer overflow on HTTP headers parsing.
Affected:STREAMRIPPER : Streamripper 1.62
CVE:CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.)
Original documentdocumentchris.rohlf_(at)_gmail.com, Streamripper 1.62.1 - Buffer Overflows (16.08.2007)

dovecot privilege escalation
Published:16.08.2007
Source:
SecurityVulns ID:8060
Type:local
Threat Level:
2/10
Description:User can save message flags without having permissions.
Affected:DOVECOT : Dovecot 1.0
CVE:CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.)
Original documentdocumentRPATH, rPSA-2007-0161-1 dovecot (16.08.2007)

Safari for Windows insecure files download
Published:16.08.2007
Source:
SecurityVulns ID:8061
Type:client
Threat Level:
5/10
Description:File of any type can be downloaded to desktop without intervation with user.
Affected:APPLE : Safari 3.0
Original documentdocumentlaurent gaffie, Safari for windows remote arbitry file upload (16.08.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.08.2007
Source:
SecurityVulns ID:8062
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SYSTMEDEVOTE : Systme de vote en temps 1.0
 TRACKEUR : Trackeur 1
Original documentdocumentcybermilitan_(at)_hotmail.com, Systme de vote en temps rel v1.0 Remote File include Bug (16.08.2007)

Cisco VPN client privilege escalation
updated since 16.08.2007
Published:17.08.2007
Source:
SecurityVulns ID:8059
Type:local
Threat Level:
6/10
Description:Weak files permissions, code execution before logon with "Allow launching of third party applications before logon" and dialup networking.
Affected:CISCO : Cisco VPN Client 4.8
 CISCO : Cisco VPN Client 5.0
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Local privilege escalation vulnerability in Cisco VPN client (17.08.2007)
 documentCISCO, Cisco Security Advisory: Local Privilege Escalation Vulnerabilities in Cisco VPN Client (16.08.2007)

Dell Remote Access Card DoS
updated since 16.08.2007
Published:20.01.2008
Source:
SecurityVulns ID:8058
Type:remote
Threat Level:
5/10
Description:nmap scan causes SSH service to crash.
Affected:DELL : Remote Access Card 4
Original documentdocumentRobert Scheck, [FIXED] Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH) (20.01.2008)
 documentRobert Scheck, Remote Denial of Service for SSH service at Dell DRAC4 (maybe Mocana SSH) (16.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod