Search:Vulnerability:19.09.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 19.09.2007
Source:
SecurityVulns ID: 8162
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: SITEUP : Site-UP 2.64
DBLOG : dBlog 2.0
COPPERMINE : Coppermine 1.4
B1GMAIL : b1gmail 6.3
OBEDIT : Obedit 3.03
GCALDAEMON : GCALDaemon 1.0
PHPBBPLUS : PHPBB PLUS 1.53

Original document Mehrad1989_(at)_gmail.com, PHPBBPLUS 1.5.3 RFI BUG (19.09.2007)

luca.carettoni_(at)_securenetwork.it, GCALDaemon Remote DoS (19.09.2007)

fuxxx0rz_(at)_gmail.com, XSS on Obedit v3.03 (19.09.2007)

malibu.r_(at)_hotmail.com, b1gmail Cross Site Scripting (19.09.2007)

document L4teral, Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion (19.09.2007)

Janek Vind, [waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval (19.09.2007)

MustLive, Vulnerabilities in Site-UP (19.09.2007)

Files: GCALDaemom DoS Expoit
Discuss: Read or add your comments to this news (0 comments)

Alcatel-Lucent OmniPCX code execution
Published: 19.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8163
Type: remote
Level: 6/10
Description: Code execution in Web interface.

Affected: ALCATEL : OmniPCX Enterprise R7.1
ALCATEL : OmniPCX Enterprise R6.2
CVE: CVE-2007-3010

Original document RedTeam Pentesting, Alcatel-Lucent OmniPCX Remote Command Execution (19.09.2007)

Discuss: Read or add your comments to this news (0 comments)

OpenOffice integer overflow
Published: 19.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8164
Type: client
Level: 6/10
Description: Integer overflow on TIFF images parsing.

Affected: OPENOFFICE : OpenOffice 2.2
CVE: CVE-2007-2834

Original document IDEFENSE, iDefense Security Advisory 09.17.07: Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities (19.09.2007)

DEBIAN, [SECURITY] [DSA 1375-1] New OpenOffice.org packages fix arbitrary code execution (19.09.2007)

Discuss: Read or add your comments to this news (0 comments)

RemoteDocs R-Viewer multiple security vulnerabilities
Published: 19.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8165
Type: client
Level: 5/10
Description: Code execution with RDZ files. Information leak.

Affected: REMOTEDOCS : R-Viewer 1.6
CVE: CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files.)
CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension.)

Original document SYMANTEC, SYMSA-2007-009: RemoteDocs R-Viewer Code Execution and Sensitive Information Disclosure (19.09.2007)

Discuss: Read or add your comments to this news (0 comments)

OpenSSH privilege escalation
Published: 19.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8166
Type: local
Level: 5/10
Description: Invalid usage of X11 cookies.

Affected: OPENSSH : OpenSSH 4.7
CVE: CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.)

Original document FORESIGHT, FLEA-2007-0055-1 openssh openssh-client openssh-server gnome-ssh-askpass (19.09.2007)

Discuss: Read or add your comments to this news (0 comments)

Multiple antiviral / firewall applications SSDT hooked functions vulnerabilities
Published: 19.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8167
Type: local
Level: 6/10

Affected: ISS : BlackICE PC Protection 3.6
AGNITUM : Outpost Firewall Pro 4.0
GDATA : G DATA InternetSecurity 2007
SYMANTEC : Ghost Security Suite beta 1.110
KASPERSKY : Kaspersky Internet Security 7.0
SYMANTEC : Norton Internet Security 2008
TALLEMU : Online Armor Personal Firewall 2.0
PRIVACYWARE : Privatefirewall 5.0
SYSINTERNALS : Process Monitor 1.22
DIAMONDCS : ProcessGuard 3.410
ISECSOFT : ProSecurity 1.40
SYSINTERNALS : RegMon 7.04
ZONEALARM : ZoneAlarm Pro 7.0

Original document Matousec - Transparent security Research, Plague in (security) software drivers & BSDOhook utility (19.09.2007)

Discuss: Read or add your comments to this news (0 comments)

Automated Solutions Modbus TCP Slave ActiveX memory corruption
Published: 19.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8168
Type: remote
Level: 5/10
Description: Memory corruption on TCP/502 request handling.

CVE: CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in MiniHMI.exe for the Automated Solutions Modbus Slave ActiveX Control before 1.5 allows remote attackers to corrupt the heap and possibly execute arbitrary code via malformed Modbus requests to TCP port 502.)

Original document 3COM, TPTI-07-15: Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerability (19.09.2007)

Discuss: Read or add your comments to this news (0 comments)

Level One WBR3404TX wireless router crossite scripting
Published: 19.09.2007
Source: BUGTRAQ
SecurityVulns ID: 8169
Type: remote
Level: 5/10
Description: Web interface crossite scripting.

Affected: LEVELONE : WBR3404TX

Original document azizov_(at)_itdefence.ru, WBR3404TX Broadband Router XSS (19.09.2007)

Discuss: Read or add your comments to this news (0 comments)

python imageop integer overflow
Published: 19.09.2007
Source: FULL-DISCLOSURE
SecurityVulns ID: 8170
Type: library
Level: 5/10
Description: imageop.tovideo function integer overflow

Affected: PYTHON : python 2.5

Original document bad boy, [Full-disclosure] python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module (19.09.2007)

Discuss: Read or add your comments to this news (0 comments)

ISO images extracting software directory traversal
updated since 28.04.2006
Published: 19.09.2007
Source: FULL-DISCLOSURE
SecurityVulns ID: 6066
Type: local
Level: 5/10
Description: Directory traversal whiel extracting directory from ISO image.

Affected: WINISO : WinISO 5.3
ULTRAISO : UltraISO 8.0
MAGICISO : Magic ISO 5.0
POWERISO : PowerISO 2.9
WINIMAGE : WinImage 8.10

Original document j00ru.vx_(at)_gmail.com, WinImage 8.10 vulnerabilities (19.09.2007)

Sowhat ., [Full-disclosure] WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability (28.04.2006)

Discuss: Read or add your comments to this news (0 comments)