Computer Security
[EN] securityvulns.ru no-pyccku


Netsprint Toolbar ActiveX buffer overfow
updated since 17.04.2007
Published:20.04.2007
Source:
SecurityVulns ID:7594
Type:client
Threat Level:
5/10
Description:Buffer overflow in isChecked() interface.
Affected:NETSPRINT : Netsprint Toolbar 1.1
Original documentdocumentMichal Bucko, Multiple Ask IE Toolbar denial of service vulnerabilities (20.04.2007)
 documentMichal Bucko, Netsprint Toolbar 1.1 arbitrary remote code vulnerability (17.04.2007)
Files:NetSprint Toolbar ActiveX toolbar.dll DOS POC

Oracle critical patch update
updated since 18.04.2007
Published:20.04.2007
Source:
SecurityVulns ID:7601
Type:remote
Threat Level:
7/10
Description:Patch set fixes 36 vulnerabilities in Oracle applications, including 13 vulnerabilities in Oracle database server.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 10g
 ORACLE : Oracle Secure Enterprise Search 10g
 ORACLE : Oracle Application Server 10g
 ORACLE : Oracle10g Collaboration Suite
 ORACLE : Oracle E-Business Suite Release 11i
 ORACLE : Oracle E-Business Suite Release 12
 ORACLE : Oracle Enterprise Manager 9i
 ORACLE : PeopleTools 8.48
 ORACLE : PeopleTools 8.47
 ORACLE : PeopleTools 8.22
 ORACLE : Human Capital Management 8.9
 ORACLE : JD Edwards EnterpriseOne Tools 8.96
CVE:CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.)
 CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.)
Original documentdocumentSHATTER, Oracle Database Buffer overflow vulnerabilities in package DBMS_SNAP_INTERNAL (20.04.2007)
 documentZDI, ZDI-07-016: Oracle E-Business Suite Arbitrary Node Deletion Vulnerability (20.04.2007)
 document3COM, ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability (20.04.2007)
 documentKornbrust, Alexander, Bypass Oracle Logon Trigger (18.04.2007)
 documentKornbrust, Alexander, SQL Injection in package SYS.DBMS_AQADM_SYS (18.04.2007)
 documentKornbrust, Alexander, SQL Injection in package SYS.DBMS_UPGRADE_INTERNAL (18.04.2007)
 documentKornbrust, Alexander, Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search (SES) (18.04.2007)
 documentKornbrust, Alexander, Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01] (18.04.2007)
 documentORACLE, Oracle Critical Patch Update - April 2007 (18.04.2007)
Files:Details Oracle Critical Patch Update April 2007

Macrovision InstallAnywhere protection bypass
Published:20.04.2007
Source:
SecurityVulns ID:7614
Type:local
Threat Level:
3/10
Description:It's possible to bypass serial number / password protection.
Affected:MACROVISION : InstallAnywhere Enterprise 8.0
CVE:CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.)
Original documentdocumentSYMANTEC, SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass (20.04.2007)

BlueArc Titan storage server FTP bounce attack
Published:20.04.2007
Source:
SecurityVulns ID:7615
Type:remote
Threat Level:
5/10
Description:Bounced port scan is possible.
Affected:BLUEARC : Titan 2100
 BLUEARC : Titan 2200
 BLUEARC : Titan 2500
Original documentdocumentTim Rupp, BlueArc Firmware 4.2.944b FTP bounce (20.04.2007)

Novell Groupwise WebAccess buffer overflow
updated since 20.04.2007
Published:20.04.2007
Source:
SecurityVulns ID:7616
Type:remote
Threat Level:
6/10
Description:Stack buffer overflow (stack overrun) during TCP/7205 TCP/7211 HTTP basic authentication on base64 decoding.
CVE:CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.)
Original documentdocumentZDI, ZDI-07-015: Novell Groupwise WebAccess Base64 Decoding Stack Overflow Vulnerability (20.04.2007)

IBM Tivoli Monitoring Express buffer overflow
Published:20.04.2007
Source:
SecurityVulns ID:7617
Type:remote
Threat Level:
6/10
Description:Heap buffer overflow on oversized request to Universal Agent Primary Service (TCP/10110), Monitoring Agent for Windows (TCP/6014), Tivoli Enterprise Portal Server (TCP/14206).
Affected:IBM : Tivoli Monitoring Express 6.1
CVE:CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.)
Original documentdocumentZDI, ZDI-07-018: IBM Tivoli Monitoring Express Universal Agent Heap Overflow Vunlerability (20.04.2007)

WinAmp memory corruption
Published:20.04.2007
Source:
SecurityVulns ID:7618
Type:client
Threat Level:
6/10
Description:Memory corruption on WMV files processing.
Files:Winamp <= (WMV) 5.3 Buffer Overflow DOS Exploit (0-DAY)

BMC Patrol PerformAgent memory corruption
Published:20.04.2007
Source:
SecurityVulns ID:7619
Type:remote
Threat Level:
5/10
Description:Buffer overflow on bgs_sdservice.exe TCP/10128 XDR data parsing.
CVE:CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.)
Original documentdocumentZDI, ZDI-07-019: BMC Patrol PerformAgent bgs_sdservice Memory Corruption Vulnerability (20.04.2007)

BMC Performance Manager unauthorized access
Published:20.04.2007
Source:
SecurityVulns ID:7620
Type:remote
Threat Level:
5/10
Description:PatrolAgent.exe TCP/3181 allows SNMP community definition modification.
CVE:CVE-2007-1972 (** DISPUTED ** PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured.)
Original documentdocumentZDI, ZDI-07-020: BMC Performance Manager SNMP Command Execution Vulnerability (20.04.2007)

Dovecot unauthorized access
updated since 20.04.2007
Published:20.04.2007
Source:
SecurityVulns ID:7621
Type:remote
Threat Level:
5/10
Description:zlib plugin allows access to the files behind mail directory.
Affected:DOVECOT : Dovecot 1.0
Original documentdocumentRPATH, rPSA-2007-0074-1 dovecot (20.04.2007)

GraceNote CDDBControl ActiveX buffer overflow
Published:20.04.2007
Source:
SecurityVulns ID:7623
Type:client
Threat Level:
5/10
Description:Buffer overflow on oversized proxy configuration paramters.
CVE:CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.)
Original documentdocumentZDI, ZDI-07-021: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability (20.04.2007)

eXtremail buffer overflow
Published:20.04.2007
Source:
SecurityVulns ID:7624
Type:remote
Threat Level:
6/10
Description:DNS resolver code buffer overflow.
Affected:EXTREMAIL : eXtremail 2.1
Original documentdocumentmu-b, [Full-disclosure] eXtremail-v9 (20.04.2007)
Files:eXtremail <2.1.1 remote root POC (x86-lnx)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.04.2007
Published:22.04.2007
Source:
SecurityVulns ID:7622
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INVISION : Invision Power Board 2.1
 PHORUM : Phorum 5.1
 ECLIPSEBB : EclipseBB 0.5
 GIZZAR : Gizzar 03162002
 NUKEEVOLUTION : Nuke-Evolution 2.0
 PHPBB : Extreme 3.0 phpBB module
 INVISION : Invision Power Board 2.2
 NEATUPLOAD : NeatUpload 1.2
 EBASCRIPTS : Eba News 1.1
 FREEPBX : freePBX 2.2
Original documentdocumentXenoMuta, [Full-disclosure] freePBX 2.2.x's Music-on-hold Remote Code Execution Injection (22.04.2007)
 documentseko_(at)_se-ko.info, Eba News Version : v1.1 <= (webpages.php) Remote File Include // starhack.org (20.04.2007)
 documentdean_(at)_brettle.com, NeatUpload vulnerability and fix (20.04.2007)
 documentJanek Vind, [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20 (20.04.2007)
 documentHACKERS PAL, IPB (Invision Power Board) Full Path Disclusure (20.04.2007)
 documentjohn_(at)_martinelli.com, NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities (20.04.2007)
 documentHACKERS PAL, Extreme PHPBB2 Remote File Inclusion (20.04.2007)
 documentHACKERS PAL, EclipseBB Remote File Inclusion (20.04.2007)
 documentHACKERS PAL, FullyModdedphpBB2 Remote File Inclusion (20.04.2007)
 documentHACKERS PAL, MediaBeez Sql query Execution .. Wear isn't ?? :) (20.04.2007)
 documentprogrammer_(at)_serbiansite.com, NukeSentinel Bypass SQL Injection & Nuke Evolution <= 2.0.3 SQL Injections (20.04.2007)
 documentBorN To K!LL BorN To K!LL, Gizzar <= (basePath) Remote File Include Vulnerability (20.04.2007)
Files:Exploits MediaBeez Sql Query Execution
 Fully Moded PHPBB2 Command Execution Exploit
 EclipseBB Command Execution Exploit
 Extreme PHPBB2 Command Execution Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod