Computer Security
[EN] securityvulns.ru no-pyccku


Akamai Download Manager ActiveX buffer overflow
Published:17.04.2007
Source:
SecurityVulns ID:7592
Type:client
Threat Level:
5/10
Description:Buffer overflow in MANAGER.DLMCtrl.1 element.
Affected:AKAMAI : Akamai Download Manager 2.2
CVE:CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891.)
 CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.)
Original documentdocumentAKAMAI, Akamai Technologies Security Advisory 2007-0001 (17.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability (17.04.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 17.04.2007
Published:17.04.2007
Source:
SecurityVulns ID:7593
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WABBIT : Wabbit PHP Gallery 0.9
 PHPNUKE : PHP-Nuke 8.0
 WEBMETHODS : Glue 6.5
 JAMBOOK : Jambook 1.0
 ACTIONPOLL : Actionpoll 1.1
 MYBLOG : MyBlog 0.9
 IVANGALLERY : Ivan Gallery 0.1
 MYLITTLEHOMEPAGE : my little forum 1.7
 MYLITTLEHOMEPAGE : my little weblog
CVE:CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.)
 CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.)
 CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session.)
 CVE-2007-2072 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use.)
 CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.)
 CVE-2007-2048 (Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.)
 CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Original documentdocumentJeremy Epstein, webMethods Security Advisory: Glue console directory traversal vu lnerability (17.04.2007)
 documentpdp (architect), [Full-disclosure] Persistent CSRF and The Hotlink Hell (17.04.2007)
 documentprogrammer_(at)_serbiansite.com, PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities (17.04.2007)
 documentRaeD Hasadya, Remot File Include In Script phphd_downloads (17.04.2007)
 documentRaeD Hasadya, Remot File Include download_engine_V1.4.3 (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, Wabbit PHP Gallery v0.9 Cross Site Scripting (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, my little weblog Cross Site Scripting (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, my little forum 1.7 Remote File Include Vulnerabilitiy (17.04.2007)
 documentseko_(at)_se-ko.info, Persistent CSRF and The Hotlink Hell (17.04.2007)
 documentseko_(at)_se-ko.info, ActionPoll Script (actionpoll.php) Remote File Include // starhack.org (17.04.2007)
 documentAesthetico, [MajorSecurity Advisory #45]oe2edit CMS - Cross Site Scripting and Cookie Manipulation Issue (17.04.2007)
 documentjd2k2000_(at)_hotmail.com, Joomla/Mambo Jambook v1.0 beta7 Rfi Vuln. (17.04.2007)
 documentjd2k2000_(at)_hotmail.com, LS simple guestbook - arbitrary code execution (17.04.2007)
Files:MyBlog <= 0.9.8 Remote Command Execution Exploit
 Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit

Gentoo Linux Vixie cron denial of service
Published:17.04.2007
Source:
SecurityVulns ID:7595
Type:local
Threat Level:
5/10
Description:Weak file permissions allows to prevent cron jobs from running via hard links.
Affected:VIXIE : cron 4.1
CVE:CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.)
Original documentdocumentGENTOO, [ GLSA 200704-11 ] Vixie Cron: Denial of Service (17.04.2007)

3proxy buffer overflow
Published:17.04.2007
Source:
SecurityVulns ID:7596
Type:remote
Threat Level:
6/10
Description:Buffer overflow on parsing transparent HTTP proxy request.
Affected:3PROXY : 3proxy 0.5
 3PROXY : 3proxy 0.6
CVE:CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.)
Files:3proxy[v0.5.3g]: (win32 service) remote buffer overflow exploit
 3proxy[v0.5.3g]: (linux) remote buffer overflow exploit

DNS birthday attacks
updated since 25.04.2003
Published:17.04.2007
Source:
SecurityVulns ID:2773
Type:remote
Threat Level:
6/10
Description:DNS uses 2-bytes message identificator to prevent spoofing attack. The problem is if few same requests came in same time they are forwarded with different IDs from same UDP port. It increases chances to spoof reply (so called birthdey effect: probability that among 60 randomely choosen persons there are 2 with same bithdate is under 95%).
CVE:CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.)
 CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.)
 CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.)
Original documentdocumentMakoto Shiotsuki, Windows DNS Cache Poisoning by Forwarder DNS Spoofing (17.04.2007)
 documentRamon Izaguirre, An Implementation of a Birthday Attack in a DNS Spoofing (25.04.2003)
Files:Implementation of DNS birthday attack

Netsprint Toolbar ActiveX buffer overfow
updated since 17.04.2007
Published:20.04.2007
Source:
SecurityVulns ID:7594
Type:client
Threat Level:
5/10
Description:Buffer overflow in isChecked() interface.
Affected:NETSPRINT : Netsprint Toolbar 1.1
Original documentdocumentMichal Bucko, Multiple Ask IE Toolbar denial of service vulnerabilities (20.04.2007)
 documentMichal Bucko, Netsprint Toolbar 1.1 arbitrary remote code vulnerability (17.04.2007)
Files:NetSprint Toolbar ActiveX toolbar.dll DOS POC

ZoneAlarm personal firewall multiple security vulnerabilities
updated since 17.04.2007
Published:02.05.2007
Source:
SecurityVulns ID:7597
Type:local
Threat Level:
5/10
Description:Insufficient arguments validation for hooked functions allows privilege escalation.
Affected:ZONELABS : ZoneAlarm Pro 6.5
CVE:CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.)
 CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.)
Original documentdocumentMatousec - Transparent security Research, ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerability (02.05.2007)
 documentReversemode, [Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation (24.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability (21.04.2007)
 documentMatousec - Transparent security Research, ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vulnerability (17.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod