 |
|
|
|
Microsoft Help Workshop buffer overflow
updated since 18.01.2007 | | Published: |  | 20.01.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7068 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Buffer overflow on .cnt / .hpj files parsing. |
| Affected: |  | MICROSOFT : Microsoft Help Workshop 4.03 | | CVE: |  | CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.) | | | | CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.) |
| HP-UX ipfilter DoS | | Published: | | 20.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7070 | | Type: | | remote | | Level: | | 6/10 | | Description: | | System crash on malcrafted packet. |
| Affected: | | HP : HP-UX 11.23 | | CVE: | | CVE-2007-0818 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0396. Reason: This candidate is a duplicate of CVE-2007-0396. Notes: All CVE users should reference CVE-2007-0396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.) | | | | CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 20.01.2007 | | Source: | | | | SecurityVulns ID: | | 7072 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | SMF : Simple Machines Forum 1.1 | | | | ARSDIGITA : Ars Digita Community System 4.2 | | | | ARSDIGITA : ACS-Java 3.4 | | | | ARSDIGITA : ACS-Java 4.0 | | | | ARSDIGITA : ACS-Java 4.7 | | | | SUBROSUS : sabros.us 1.7 | | | | EASYEBAYRESOURCE : Login Manager 3.0 | | CVE: | | CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.) | | | | CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.) | | | | CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.) | | | | CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.) | | | | CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.) | | | | CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.) | | | | CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.) | | | | CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.) | | | | CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.) |
| Mac OS X syscall DoS | | Published: | | 20.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7074 | | Type: | | local | | Level: | | 5/10 | | Description: | | Arguments of shared_region_map_file_np() syscall are not checking, making it's possible to exhaust all available memory. |
| Affected: | | APPLE : Mac OS X 10.4 | | CVE: | | CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.) |
| BitDefender client format string vulnerability | | Published: | | 20.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7073 | | Type: | | local | | Level: | | 5/10 | | Description: | | Format string vulnerability on scan settings logging. |
| AVM Fritz!Box VoIP router DoS | | Published: | | 20.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7075 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on empty UDP packet to UDP/5060 (SIP) port. |
| Affected: | | AVM : Fritz!Box 750 | | CVE: | | CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).) |
| Cisco CS MARS and Cisco ADSM TLS, SSL, SSH certificates validation problem | | Published: | | 20.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7071 | | Type: | | remote | | Level: | | 6/10 | | Description: | | On connecting to managed device, device certificate is not validated. |
| Affected: | | CISCO : CS-MARS 4.2 | | | | CISCO : ASDM 5.2 | | CVE: | | CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.) |
grsecurity privilege escalation
updated since 12.01.2007 | | Published: | | 20.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7045 | | Type: | | local | | Level: | | 7/10 | | Description: | | Privilege escalation with expand_stack(). |
| Affected: | | GRSECURITY : grsecurity 2.1 | | CVE: | | CVE-2007-0257 (** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.) | | | | CVE-2007-0253 (** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.) |
|
|
|
|
|
|
|
|
