Search:Vulnerability:18.10.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Cisco PIX / ASA / Firewall Service Module multiple security vulnerabilities
Published: 18.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8273
Type: remote
Level: 6/10
Description: Vulnerabilities on MGGP and TLS parsing.

Affected: CISCO : FWSM 3.1
CISCO : FWSM 3.2
CISCO : PIX 500
CISCO : Cisco 5500

Original document CISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances (18.10.2007)

CISCO, Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module (18.10.2007)

Discuss: Read or add your comments to this news (0 comments)

Mathcad protection bypass
Published: 18.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8264
Type: local
Level: 4/10
Description: It's possible to bypass 'Protect Worksheet' protection.

Affected: MATHSOFT : Mathcad 13
PTC : Mathcad 14
MATHSOFT : Mathcad 13.1
MATHSOFT : Mathcad 12
CVE: CVE-2007-4600

Original document bugtraq_(at)_firewraith.co.uk, CVE-2007-4600 - Mathcad Protect Worksheet Vulnerability (18.10.2007)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 18.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8265
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: SIMPLEPHPBLOG : SimplePHPBlog 0.4
PHPMYADMIN : phpMyAdmin 2.11
WWWISIS : WWWISIS 7.1

Original document deme_(at)_hackish.eu, Multiple CSRF in SimplePHPBlog (18.10.2007)

Jose Luis Góngora Fernández, WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities (18.10.2007)

Jose Luis Góngora Fernández, WWWISIS <= 7.1 (IsisScript) Multiple Vulnerabilities (18.10.2007)

Marc Delisle, about phpMyAdmin setup.php XSS vulnerability (18.10.2007)

Discuss: Read or add your comments to this news (0 comments)

IrfanView buffer overflow
Published: 18.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8268
Type: client
Level: 5/10
Description: Buffer overlfow on .pal files parsing.

Affected: IRFANVIEW : IrfanView 3.99
IRFANVIEW : IrfanView 4.00

Original document SECUNIA, Secunia Research: IrfanView Palette File Importing Buffer Overflow Vulnerability (18.10.2007)

Discuss: Read or add your comments to this news (0 comments)

Asterisk cdr_addon_mysql SQL injection
Published: 18.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8271
Type: remote
Level: 5/10
Description: SQL injection with destination number.

Affected: ASTERISK : Asterisk 1.2
ASTERISK : Asterisk 1.4
ASTERISK : Asterisk s800i
CVE: CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.)

Original document ASTERISK, AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql (18.10.2007)

Files: Exploits Asterisk cdr_addon_mysql CSS
Discuss: Read or add your comments to this news (0 comments)

TIBCO SmartPGM FX multiple security vulnerabilities
Published: 18.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8266
Type: remote
Level: 6/10

Affected: TIBCO : SmartPGM FX

Original document Andy Davis, IRM Vendor Alerts: Six critical remote vulnerabilities in TIBCO SmartPGM FX (18.10.2007)

Discuss: Read or add your comments to this news (0 comments)

GNU tar buffer overflow
Published: 18.10.2007
Source: CVE
SecurityVulns ID: 8267
Type: client
Level: 5/10

CVE: CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack.")

Discuss: Read or add your comments to this news (0 comments)

Balsa e-mail client buffer overflow
Published: 18.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8269
Type: client
Level: 5/10
Description: Buffer overflow on oversized IMAP server response.

Affected: BALSA : Balsa 2.3
CVE: CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.)

Original document GENTOO, [ GLSA 200710-17 ] Balsa: Buffer overflow (18.10.2007)

Discuss: Read or add your comments to this news (0 comments)

Cisco Unified Communications unaurhoized access
Published: 18.10.2007
Source: BUGTRAQ
SecurityVulns ID: 8272
Type: remote
Level: 5/10
Description: Any active directory user has access to web administration tools.

Affected: CISCO : Cisco Unified Intelligent Contact Management 7.1

Original document CISCO, Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability (18.10.2007)

Discuss: Read or add your comments to this news (0 comments)

Oracle multiple security vulnerabilities
updated since 18.10.2007
Published: 02.11.2007
Source: CERT
SecurityVulns ID: 8270
Type: remote
Level: 7/10
Description: New quartly critical patch update fixes few dozens of security vulnerabilities.

Affected: ORACLE : Oracle 9i
ORACLE : Oracle 10g
CVE: CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.)

Original document ZDI, ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability (02.11.2007)

SHATTER, [Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO (29.10.2007)

SHATTER, [Full-disclosure] Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM (29.10.2007)

document David Litchfield, SQL Injection Flaw in Oracle Workspace Manager (18.10.2007)

NGSSoftware Insight Security Research Advisory (NISR), Oracle audit issue with XMLDB ftp service (18.10.2007)

NGSSoftware Insight Security Research Advisory (NISR), Oracle RDBMS TNS Data packet DoS (18.10.2007)

document NGSSoftware Insight Security Research Advisory (NISR), Multiple SQL Injection Flaws in Oracle CTX_DOC package (18.10.2007)

NGSSoftware Insight Security Research Advisory (NISR), Oracle TNS Listener DoS and/or remote memory inspection (18.10.2007)

CERT, US-CERT Technical Cyber Security Alert TA07-290A -- Oracle Updates for Multiple Vulnerabilities (18.10.2007)

Discuss: Read or add your comments to this news (0 comments)