Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.03.2007
Source:
SecurityVulns ID:7432
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WAGORA : W-Agora 4.2
 PHPX : phpx 3.5
 UNCLASSIFIED : Unclassified NewsBoard 1.6
 SQLLEDGER : SQL-Ledger 2.6
 LEDGERSMB : LedgerSMB 1.1
 NPDS : Net Portal Dynamic System 5.10
 METAFORUM : MetaForum 0.513
 CASTILLOCENTRAL : CCleaguePro 1.0
CVE:CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log.)
 CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php.)
 CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php.)
 CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory.)
 CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.)
 CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.)
 CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.)
 CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.)
Original documentdocumentJesper Jurcenoks, w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities (19.03.2007)
 documentJesper Jurcenoks, w-agora version 4.2.1 Information Disclosure Vulnerability (19.03.2007)
 documentlaurent gaffié, phpx 3.5.15 multiples vulnerabilities (19.03.2007)
 documentsnakeapollon_(at)_yahoo.com, CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability (19.03.2007)
 documentlaurent gaffié, Unclassified NewsBoard 1.6.3 multiples logs disclosure (19.03.2007)
 documentaeroxteam_(at)_gmail.com, MetaForum <= 0.513 Beta - Remote file upload Vulnerability (19.03.2007)
 documentChris Travers, Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB (19.03.2007)
Files:Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution 0day

Linux Security Auditing Tool symbolic links problem
Published:19.03.2007
Source:
SecurityVulns ID:7433
Type:local
Threat Level:
5/10
Description:Symbolic links problem on temporary file creation.
Affected:LSAT : lsat 0.9
CVE:CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.)
Original documentdocumentGENTOO, [ GLSA 200703-20 ] LSAT: Insecure temporary file creation (19.03.2007)

F-Secure anti-virus format string vulnerability
Published:19.03.2007
Source:
SecurityVulns ID:7434
Type:local
Threat Level:
5/10
Description:Format string vulnerability in management server name allows local privilege escalation.
Affected:F-SECURE : F-Secure Anti-Virus Client Security 6.02
CVE:CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page.)
Original documentdocumentDeral Heiland, Layered Defense Research Advisory: F-Secure Anti-Virus Client Security 6.02 Format String Vulnerability (19.03.2007)

Microsoft Windows NDISTAPI DoS
Published:19.03.2007
Source:
SecurityVulns ID:7435
Type:local
Threat Level:
5/10
Description:During exceptions handling on \Device\NdisTapi device request handling URQL is not returned from DISPATCH level on switching to user mode, leading to crash (BSOD) with IRQL_LESS_THAN_NOT_EQUAL on accessing paged memory.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.)
Original documentdocumentReversemode, [Reversemode Advisory] Microsoft Windows Ndistapi.sys IRQL escalation (19.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod