Computer Security
[EN] securityvulns.ru no-pyccku


VMWare multiple security vulnerabilities
updated since 08.05.2007
Published:19.05.2007
Source:
SecurityVulns ID:7683
Type:local
Threat Level:
5/10
Description:Multiple denial of service conditions against guest and host system.
Affected:VMWARE : VMware Workstation 5.5
 VMWARE : VMware Player 1.0
 VMWARE : VMware Server 1.0
 VMWARE : VMware ACE 1.0
CVE:CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.)
 CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.)
 CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction.")
 CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.)
 CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).)
Original documentdocumentVMWARE, VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability (19.05.2007)
 documentReversemode, [Reversemode Advisory] VMware Products - GPF Denial of Service (08.05.2007)
 documentVMWARE, VMSA-2007-0004 Multiple Denial-of-Service issues fixed (08.05.2007)

HP Systems Insight Manager for Windows unauthorized access
updated since 18.05.2007
Published:19.05.2007
Source:
SecurityVulns ID:7723
Type:remote
Threat Level:
6/10
Description:Invalid session cookie processing allows administrative session hijacknig.
Affected:HP : Systems Insight Manager 5.0
 HP : Systems Insight Manager 4.2
Original documentdocumentACROS Security, ACROS Security: Session Fixation Vulnerability in HP SIM 5.0 (19.05.2007)
 documentHP, [security bulletin] HPSBMA02213 SSRT061214 rev.1 - HP Systems Insight Manager (SIM) for Windows, Remote Privileged Access and Arbitrary Code Execution (18.05.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.05.2007
Source:
SecurityVulns ID:7724
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:APACHE : Tomcat 4.0
 APACHE : Tomcat 4.1
 APACHE : Tomcat 5.0
 APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 CANDYPRESS : CandyPress 3.5
 PARODIA : Parodia 6.4
 CLIENTEXEC : ClientExec 3.0
 TRACKPLUS : Track+ 3.3
 ACAL : ACal Web Calendar 2.2
 MADRISHWEBMAIL : Madirish Webmail 2.0
 PSYCHOSTATS : PsychoStats 3.0
CVE:CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.)
Original documentdocumentMark Thomas, [CVE-2007-1355] Tomcat documentation XSS vulnerabilities (19.05.2007)
 documentmybeni websecurity, [Full-disclosure] Wordpress Akismet XSS flaw (19.05.2007)
 documentkefka, [Full-disclosure] PsychoStats 3.0.6b and prior (19.05.2007)
 document...::BoZKuRTSeRDaR::..., ACal Web Calendar 2.2.6 Remote File Include Vulnerabilities (19.05.2007)
 document...::BoZKuRTSeRDaR::..., Madirish Webmail v2.0 Remote File Include Vulnerabilities (19.05.2007)
 documentr0t, Track+ XSS vuln. (19.05.2007)
 documentr0t, ClientExec XSS vuln. (19.05.2007)
 documentr0t, Parodia XSS vuln (19.05.2007)
 documentr0t, CandyPress™ Store XSS vuln. (19.05.2007)

ratvox IRC server DoS
Published:19.05.2007
Source:
SecurityVulns ID:7725
Type:remote
Threat Level:
5/10
Description:Resource exhaustion by too many open connections.
Affected:RATBOX : ratbox 2.2
Original documentdocumentOPENPKG, [OpenPKG-SA-2007.017] OpenPKG Security Advisory (ratbox) (19.05.2007)

Rational Soft Hidden Administrator authentication bypass
Published:19.05.2007
Source:
SecurityVulns ID:7726
Type:remote
Threat Level:
5/10
Affected:RATIONAL : Hidden Administrator 1.7
Original documentdocumentrewterz, REWTERZ-20070518 - Authentication Bypass in Rational Soft's Hidden Administrator (19.05.2007)

PHP SOAP extension buffer overflow
updated since 19.05.2007
Published:19.05.2007
Source:
SecurityVulns ID:7727
Type:library
Threat Level:
6/10
Description:Buffer overflow in make_http_soap_request function.
Affected:PHP : PHP 5.2
CVE:CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.)

TinyIdentD buffer overflow
Published:19.05.2007
Source:
SecurityVulns ID:7728
Type:remote
Threat Level:
5/10
Description:ident (TCP/113) oversized request string buffer overflow.
Affected:TINYIDENTD : TinyIdentD 2.2
Files:tinyidentd exploit

realpath() BSD and wu-ftpd / BSD FTP / SSH buffer overflow
updated since 01.08.2003
Published:19.05.2007
Source:
SecurityVulns ID:3022
Type:library
Threat Level:
8/10
Description:off-by-one overflow in fb_realpath() function in oversized path of few FTP commands.
Affected:FREEBSD : FreeBSD 5.0
 NETBSD : NetBSD 1.5
 WU : WU-FTPD 2.6
 NETBSD : NetBSD 1.6
 WU : wu-ftpd 2.5
 FREEBSD : FreeBSD 4.8
Original documentdocumentkingcope_(at)_gmx.net, [Full-disclosure] ssh.com ssh-3.2.9.1 sftp server remote off by one (19.05.2007)
 documentNETBSD, NetBSD Security Advisory 2003-011: off-by-one error in realpath(3) (05.08.2003)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-03:08.realpath (04.08.2003)
 documentJanusz Niewiadomski, wu-ftpd fb_realpath() off-by-one bug (01.08.2003)
Files:wu-ftpd-2.6.2 off-by-one remote exploit

Trillian instant messenger multiple security vulnerabilities
updated since 02.05.2007
Published:19.05.2007
Source:
SecurityVulns ID:7656
Type:remote
Threat Level:
6/10
Description:Multiple security vulnerabilities on IRC handling lead to information leaks and buffer overflow. Buffer overflows on Rendezvous and XMPP protocols parsing.
CVE:CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.)
 CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.)
 CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.)
Original documentdocumentZDI, TPTI-07-06: Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption (04.05.2007)
 documentIDEFENSE, iDefense Security Advisory 04.30.07: Cerulean Studios Trillian Multiple IRC Vulnerabilities (02.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod