Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Unified Communications unaurhoized access
Published:18.10.2007
Source:
SecurityVulns ID:8272
Type:remote
Threat Level:
5/10
Description:Any active directory user has access to web administration tools.
Affected:CISCO : Cisco Unified Intelligent Contact Management 7.1
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability (18.10.2007)

Mathcad protection bypass
Published:18.10.2007
Source:
SecurityVulns ID:8264
Type:local
Threat Level:
4/10
Description:It's possible to bypass 'Protect Worksheet' protection.
Affected:MATHSOFT : Mathcad 13
 PTC : Mathcad 14
 MATHSOFT : Mathcad 13.1
 MATHSOFT : Mathcad 12
CVE:CVE-2007-4600
Original documentdocumentbugtraq_(at)_firewraith.co.uk, CVE-2007-4600 - Mathcad Protect Worksheet Vulnerability (18.10.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.10.2007
Source:
SecurityVulns ID:8265
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIMPLEPHPBLOG : SimplePHPBlog 0.4
 PHPMYADMIN : phpMyAdmin 2.11
 WWWISIS : WWWISIS 7.1
Original documentdocumentdeme_(at)_hackish.eu, Multiple CSRF in SimplePHPBlog (18.10.2007)
 documentJose Luis Góngora Fernández, WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities (18.10.2007)
 documentJose Luis Góngora Fernández, WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities (18.10.2007)
 documentMarc Delisle, about phpMyAdmin setup.php XSS vulnerability (18.10.2007)

IrfanView buffer overflow
Published:18.10.2007
Source:
SecurityVulns ID:8268
Type:client
Threat Level:
5/10
Description:Buffer overlfow on .pal files parsing.
Affected:IRFANVIEW : IrfanView 3.99
 IRFANVIEW : IrfanView 4.00
Original documentdocumentSECUNIA, Secunia Research: IrfanView Palette File Importing Buffer Overflow Vulnerability (18.10.2007)

Asterisk cdr_addon_mysql SQL injection
Published:18.10.2007
Source:
SecurityVulns ID:8271
Type:remote
Threat Level:
5/10
Description:SQL injection with destination number.
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk s800i
CVE:CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.)
Original documentdocumentASTERISK, AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql (18.10.2007)
Files:Exploits Asterisk cdr_addon_mysql CSS

Cisco PIX / ASA / Firewall Service Module multiple security vulnerabilities
Published:18.10.2007
Source:
SecurityVulns ID:8273
Type:remote
Threat Level:
6/10
Description:Vulnerabilities on MGGP and TLS parsing.
Affected:CISCO : FWSM 3.1
 CISCO : FWSM 3.2
 CISCO : PIX 500
 CISCO : Cisco 5500
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances (18.10.2007)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module (18.10.2007)

Balsa e-mail client buffer overflow
Published:18.10.2007
Source:
SecurityVulns ID:8269
Type:client
Threat Level:
5/10
Description:Buffer overflow on oversized IMAP server response.
Affected:BALSA : Balsa 2.3
CVE:CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.)
Original documentdocumentGENTOO, [ GLSA 200710-17 ] Balsa: Buffer overflow (18.10.2007)

TIBCO SmartPGM FX multiple security vulnerabilities
Published:18.10.2007
Source:
SecurityVulns ID:8266
Type:remote
Threat Level:
6/10
Affected:TIBCO : SmartPGM FX
Original documentdocumentAndy Davis, IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX (18.10.2007)

Oracle multiple security vulnerabilities
updated since 18.10.2007
Published:02.11.2007
Source:
SecurityVulns ID:8270
Type:remote
Threat Level:
7/10
Description:New quartly critical patch update fixes few dozens of security vulnerabilities.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 10g
CVE:CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.)
Original documentdocumentZDI, ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability (02.11.2007)
 documentSHATTER, [Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO (29.10.2007)
 documentSHATTER, [Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM (29.10.2007)
 documentDavid Litchfield, SQL Injection Flaw in Oracle Workspace Manager (18.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Oracle audit issue with XMLDB ftp service (18.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Oracle RDBMS TNS Data packet DoS (18.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Multiple SQL Injection Flaws in Oracle CTX_DOC package (18.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Oracle TNS Listener DoS and/or remote memory inspection (18.10.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-290A -- Oracle Updates for Multiple Vulnerabilities (18.10.2007)

GNU tar buffer overflow
updated since 18.10.2007
Published:18.10.2008
Source:
SecurityVulns ID:8267
Type:client
Threat Level:
5/10
CVE:CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack.")

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod