 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 19.05.2007 | | Source: |  | | | SecurityVulns ID: |  | 7724 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| PHP SOAP extension buffer overflow | | Published: | | 19.05.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7727 | | Type: | | library | | Level: | | 6/10 | | Description: | | Buffer overflow in make_http_soap_request function. |
| Affected: |  | PHP : PHP 5.2 | | CVE: |  | CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.) |
HP Systems Insight Manager for Windows unauthorized access
updated since 18.05.2007 | | Published: | | 19.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7723 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Invalid session cookie processing allows administrative session hijacknig. |
| ratvox IRC server DoS | | Published: | | 19.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7725 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Resource exhaustion by too many open connections. |
| Rational Soft Hidden Administrator authentication bypass | | Published: | | 19.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7726 | | Type: | | remote | | Level: | | 5/10 |
| TinyIdentD buffer overflow | | Published: | | 19.05.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 7728 | | Type: | | remote | | Level: | | 5/10 | | Description: | | ident (TCP/113) oversized request string buffer overflow. |
VMWare multiple security vulnerabilities
updated since 08.05.2007 | | Published: | | 19.05.2007 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 7683 | | Type: | | local | | Level: | | 5/10 | | Description: | | Multiple denial of service conditions against guest and host system. |
| Affected: | | VMWARE : VMware Workstation 5.5 | | | | VMWARE : VMware Player 1.0 | | | | VMWARE : VMware Server 1.0 | | | | VMWARE : VMware ACE 1.0 | | CVE: | | CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.) | | | | CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.) | | | | CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction.") | | | | CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.) | | | | CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).) |
Trillian instant messenger multiple security vulnerabilities
updated since 02.05.2007 | | Published: | | 19.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7656 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple security vulnerabilities on IRC handling lead to information leaks and buffer overflow. Buffer overflows on Rendezvous and XMPP protocols parsing. |
| CVE: | | CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.) | | | | CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.) | | | | CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.) |
realpath() BSD and wu-ftpd / BSD FTP / SSH buffer overflow
updated since 01.08.2003 | | Published: | | 19.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 3022 | | Type: | | library | | Level: | | 8/10 | | Description: | | off-by-one overflow in fb_realpath() function in oversized path of few FTP commands. |
|
|
|
|
|
|
|
|
