Search:Vulnerability:18.12.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Mac OS X insecure system update
Published: 18.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8462
Type: m-i-t-m
Level: 6/10
Description: Insecure uncrypted/unsigned protocol is used for system update.

Affected: APPLE : MacOS X 10.4
CVE: CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.)

Original document Moritz Jodeit, Apple OS X Software Update Remote Command Execution (18.12.2007)

Discuss: Read or add your comments to this news (0 comments)

Trend Micro ServerProtect unauthorized access
Published: 18.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8465
Type: remote
Level: 8/10
Description: TCP/5168 RPC-based service unauthorized access to system functions.

Affected: TM : ServerProtect 5.58

Original document ZDI, ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method Exposure Vulnerability (18.12.2007)

Discuss: Read or add your comments to this news (0 comments)

KDE multiple DoS conditions
Published: 18.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8463
Type: remote
Level: 5/10

CVE: CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.)

Original document RPATH, rPSA-2007-0268-1 kdebase (18.12.2007)

Discuss: Read or add your comments to this news (0 comments)

syslog-ng DoS
Published: 18.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8459
Type: remote
Level: 5/10
Description: NULL pointer dereference on malformed timestamp format.

Affected: SYSLOGNG : syslog-ng 2.0
SYSLOGNG : syslog-ng 2.1

Original document Balazs Scheidler, ZSA-2007-029: syslog-ng Denial of Service (18.12.2007)

Discuss: Read or add your comments to this news (0 comments)

RaidenHTTPD Web server directory traversal
Published: 18.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8461
Type: remote
Level: 5/10
Description: Directory traversal in web administration script.

Affected: RAIDENHTTPD : RaidenHTTPD 2.0

Original document retrog_(at)_alice.donotspam.it, RaidenHTTPD 2.0.19 ulang cmd exec poc exploit (18.12.2007)

Files: RaidenHTTPD 2.0.19 ulang cmd exec poc exploit
Discuss: Read or add your comments to this news (0 comments)

HP-UX swagentd buffer overflow
Published: 18.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8466
Type: remote
Level: 6/10
Description: Buffer overflow in sw_rpc_agent_init RPC function.

Affected: HP : HP-UX 11.11

Original document ZDI, ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability (18.12.2007)

Discuss: Read or add your comments to this news (0 comments)

St. Bernard Open File Manager buffer overflow
Published: 18.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8464
Type: remote
Level: 5/10
Description: Buffer overflow on dynamic TCP port traffic parsing.

Affected: STBERNARD : Open File Manager 9.5

Original document ZDI, ZDI-07-078: St. Bernard Open File Manager Heap Overflow Vulnerability (18.12.2007)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.12.2007
Published: 18.12.2007
Source:
SecurityVulns ID: 8458
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm: Crossite scripting.

Affected: MAMBO : Mambo 4.6
NEURONNEWS : neuron news 1.0
WORDPRESS : WP-ContactForm 1.5
SURGEMAIL : SurgeMail 0.38
UBERUPLOADER : Uber Uploader 5.3
PHPSECURITYFRAME : PHP Security Framework Beta 1

Original document beenudel1986_(at)_gmail.com, Multiple xss in mambo 4.6.2 (18.12.2007)

gmdarkfig_(at)_gmail.com, PHP Security Framework: Vuln and Security Bypass (18.12.2007)

Jose Luis Góngora Fernández, Uber Uploader <= 5.3.6 Remote File Upload Vulnerability (18.12.2007)

retrog_(at)_alice.donotspam.it, SurgeMail v.38k4 webmail Host header crash (18.12.2007)

document hadihadi_zedehal_2006_(at)_yahoo.com, neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) (18.12.2007)

MustLive, XSS vulnerabilities in WP-ContactForm (18.12.2007)

Files: SurgeMail v.38k4 webmail Host header denial of service exploit
Discuss: Read or add your comments to this news (0 comments)

Peercast buffer overflow
updated since 18.12.2007
Published: 22.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8460
Type: remote
Level: 6/10
Description: Buffer overflow in HTTP Basic authentication and on SOURCE header parsing.

Affected: PEERCAST : PeerCast 0.1218
CVE: CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication string with a long (1) username or (2) password.)
CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.)

Original document DEB IAN, [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities (22.05.2008)

DEBIAN, [SECURITY] [DSA 1582-1] New peercast packages fix arbitrary code execution (22.05.2008)

Luigi Auriemma, Heap overflow in PeerCast 0.1217 (18.12.2007)

Discuss: Read or add your comments to this news (0 comments)