Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows XML core services memory corruption
updated since 14.08.2007
Published:17.08.2007
Source:
SecurityVulns ID:8039
Type:library
Threat Level:
9/10
Description:Memory corruption on XML parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Office 2003
 MICROSOFT : Windows Vista
 MICROSOFT : Office 2007
CVE:CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.)
Original documentdocumentAlla Bezroutchko, [Full-disclosure] MS07-042 XMLDOM substringData() PoC (17.08.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 08.14.07: Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability (15.08.2007)
 documentZDI, [Full-disclosure] ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability (15.08.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-042 - Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) (14.08.2007)
Files:Microsoft Security Bulletin MS07-042 - Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.08.2007
Published:17.08.2007
Source:
SecurityVulns ID:8042
Type:client
Threat Level:
10/10
Description:Memory corruption on ActiveX parsing, unsafe Visual Basic ActiveX execution, Visual Basic ActiveX memory corruption.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability.")
 CVE-2007-2216
 CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.)
Original documentdocumentBrett Moore, TlbInf32 ActiveX Command Execution (17.08.2007)
 documentNSFOCUS, NSFOCUS SA2007-01 : Microsoft IE5 CSS Parsing Memory Corruption Vulnerability (16.08.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-045 - Critical Cumulative Security Update for Internet Explorer (937143) (14.08.2007)
Files:Microsoft Security Bulletin MS07-045 - Critical Cumulative Security Update for Internet Explorer (937143)

Cisco VPN client privilege escalation
updated since 16.08.2007
Published:17.08.2007
Source:
SecurityVulns ID:8059
Type:local
Threat Level:
6/10
Description:Weak files permissions, code execution before logon with "Allow launching of third party applications before logon" and dialup networking.
Affected:CISCO : Cisco VPN Client 4.8
 CISCO : Cisco VPN Client 5.0
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Local privilege escalation vulnerability in Cisco VPN client (17.08.2007)
 documentCISCO, Cisco Security Advisory: Local Privilege Escalation Vulnerabilities in Cisco VPN Client (16.08.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.08.2007
Source:
SecurityVulns ID:8063
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : Blix 0.9
 OLATE : Olate Download 3.4
 IBM : Rational ClearQuest 7.0
CVE:CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).)
Original documentdocumentswhite_(at)_securestate.com, IBM Rational ClearQuest Web SQL Injection Login Bypass (17.08.2007)
 documentimei, Olate Download 3.4.1 ~ admin.php ~ Admin authentication bypassing (17.08.2007)
 documentMustLive, Vulnerability in theme Blix 0.9.1 for WordPress (17.08.2007)

MySQL multiple security vulnerabilities
Published:17.08.2007
Source:
SecurityVulns ID:8064
Type:remote
Threat Level:
5/10
Description:CREATE TABLE LIKE privilege escalation, server crash on authentication.
Affected:ORACLE : MySQL 5.0
CVE:CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.)
 CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.)
Original documentdocumentGENTOO, [ GLSA 200708-10 ] MySQL: Denial of Service and information leakage (17.08.2007)

Multiple Linux kernel vulnerabilities
Published:17.08.2007
Source:
SecurityVulns ID:8065
Type:remote
Threat Level:
6/10
Description:nf_conntrack_h323 NULL pointer dereference, invalid suid applications parent process termination signal handling, privilege escalation on Intel 965 chipset.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
CVE:CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.)
 CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).)
 CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities (17.08.2007)

Lighttpd multiple security vulnerabilities
Published:17.08.2007
Source:
SecurityVulns ID:8066
Type:remote
Threat Level:
7/10
Description:Multiple memory corruption on request headers parsing.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.)
 CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.)
 CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.)
 CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.)
 CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.)
Original documentdocumentGENTOO, [ GLSA 200708-11 ] Lighttpd: Multiple vulnerabilities (17.08.2007)

Adonis privilege escalation
Published:17.08.2007
Source:
SecurityVulns ID:8067
Type:local
Threat Level:
2/10
Description:By using shell characters problem administrator can access device with root privileges.
Affected:BLUECATNETWORKS : Adonis 5.0
Original documentdocumentanonymous.c7ffa4057a_(at)_anonymousspeech.com, TS-2007-003-0: BlueCat Networks Adonis CLI root privilege escalation (17.08.2007)

Wireshark DoS
updated since 28.06.2007
Published:17.08.2007
Source:
SecurityVulns ID:7866
Type:remote
Threat Level:
5/10
Description:Endless loop on MMS and SSL parsing, off-by-one on iSeries and DHCP/BOOTP parsing.
Affected:WIRESHARK : wireshark 0.99
CVE:CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.)
 CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.)
 CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.)
 CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.)
 CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.)
Original documentdocumentzwell_(at)_sohu.com, WireShark MMS Remote Denial of Service vulnerability (15.08.2007)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1322-1] New wireshark packages fix denial of service (28.06.2007)
Files:WireShark<0.99.6 MMS protocol DOS PoC

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod