Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.12.2007
Published:18.12.2007
Source:
SecurityVulns ID:8458
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm: Crossite scripting.
Affected:MAMBO : Mambo 4.6
 NEURONNEWS : neuron news 1.0
 WORDPRESS : WP-ContactForm 1.5
 SURGEMAIL : SurgeMail 0.38
 UBERUPLOADER : Uber Uploader 5.3
 PHPSECURITYFRAME : PHP Security Framework Beta 1
Original documentdocumentbeenudel1986_(at)_gmail.com, Multiple xss in mambo 4.6.2 (18.12.2007)
 documentgmdarkfig_(at)_gmail.com, PHP Security Framework: Vuln and Security Bypass (18.12.2007)
 documentJose Luis Góngora Fernández, Uber Uploader <= 5.3.6 Remote File Upload Vulnerability (18.12.2007)
 documentretrog_(at)_alice.donotspam.it, SurgeMail v.38k4 webmail Host header crash (18.12.2007)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) (18.12.2007)
 documentMustLive, XSS vulnerabilities in WP-ContactForm (18.12.2007)
Files:SurgeMail v.38k4 webmail Host header denial of service exploit

syslog-ng DoS
Published:18.12.2007
Source:
SecurityVulns ID:8459
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on malformed timestamp format.
Affected:SYSLOGNG : syslog-ng 2.0
 SYSLOGNG : syslog-ng 2.1
Original documentdocumentBalazs Scheidler, ZSA-2007-029: syslog-ng Denial of Service (18.12.2007)

RaidenHTTPD Web server directory traversal
Published:18.12.2007
Source:
SecurityVulns ID:8461
Type:remote
Threat Level:
5/10
Description:Directory traversal in web administration script.
Affected:RAIDENHTTPD : RaidenHTTPD 2.0
Original documentdocumentretrog_(at)_alice.donotspam.it, RaidenHTTPD 2.0.19 ulang cmd exec poc exploit (18.12.2007)
Files:RaidenHTTPD 2.0.19 ulang cmd exec poc exploit

Mac OS X insecure system update
Published:18.12.2007
Source:
SecurityVulns ID:8462
Type:m-i-t-m
Threat Level:
6/10
Description:Insecure uncrypted/unsigned protocol is used for system update.
Affected:APPLE : MacOS X 10.4
CVE:CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.)
Original documentdocumentMoritz Jodeit, Apple OS X Software Update Remote Command Execution (18.12.2007)

KDE multiple DoS conditions
Published:18.12.2007
Source:
SecurityVulns ID:8463
Type:remote
Threat Level:
5/10
CVE:CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.)
Original documentdocumentRPATH, rPSA-2007-0268-1 kdebase (18.12.2007)

St. Bernard Open File Manager buffer overflow
Published:18.12.2007
Source:
SecurityVulns ID:8464
Type:remote
Threat Level:
5/10
Description:Buffer overflow on dynamic TCP port traffic parsing.
Affected:STBERNARD : Open File Manager 9.5
Original documentdocumentZDI, ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability (18.12.2007)

Trend Micro ServerProtect unauthorized access
Published:18.12.2007
Source:
SecurityVulns ID:8465
Type:remote
Threat Level:
8/10
Description:TCP/5168 RPC-based service unauthorized access to system functions.
Affected:TM : ServerProtect 5.58
Original documentdocumentZDI, ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability (18.12.2007)

HP-UX swagentd buffer overflow
Published:18.12.2007
Source:
SecurityVulns ID:8466
Type:remote
Threat Level:
6/10
Description:Buffer overflow in sw_rpc_agent_init RPC function.
Affected:HP : HP-UX 11.11
Original documentdocumentZDI, ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability (18.12.2007)

Peercast buffer overflow
updated since 18.12.2007
Published:22.05.2008
Source:
SecurityVulns ID:8460
Type:remote
Threat Level:
6/10
Description:Buffer overflow in HTTP Basic authentication and on SOURCE header parsing.
Affected:PEERCAST : PeerCast 0.1218
CVE:CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication string with a long (1) username or (2) password.)
 CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.)
Original documentdocumentDEB IAN, [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities (22.05.2008)
 documentDEBIAN, [SECURITY] [DSA 1582-1] New peercast packages fix arbitrary code execution (22.05.2008)
 documentLuigi Auriemma, Heap overflow in PeerCast 0.1217 (18.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod