Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.12.2007
Source:
SecurityVulns ID:8476
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Original documentdocumentp4imi0, xeCMS 1.x.x Remote File Disclosure Vulnerability. (20.12.2007)

id3lib library array overflow
Published:20.12.2007
Source:
SecurityVulns ID:8477
Type:library
Threat Level:
6/10
Description:extflags array overflow on ID3v2 array parsing.
Affected:ID3LIB : id3lib 4.0
Original documentdocumentLuigi Auriemma, Array overflow in id3lib (devel CVS) (20.12.2007)
Files:Exploits id3lib (devel CVS) array overflow

HP Software Updates ActiveX unauthorized access
updated since 20.12.2007
Published:22.12.2007
Source:
SecurityVulns ID:8480
Type:client
Threat Level:
7/10
Description:Unsafe SaveToFile() method allows access to filesystem.
Affected:HP : HP Software Update client 3.0
CVE:CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 3.0.8.4 allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.)
Original documentdocumentHP, HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access (22.12.2007)
 documentporkythepig_(at)_anspi.pl, HP laptops Software Update tool vulnerability (20.12.2007)

Adobe Flash Player multiple security vulnerabilities
updated since 20.12.2007
Published:03.01.2008
Source:
SecurityVulns ID:8479
Type:client
Threat Level:
8/10
Description:Heap buffer overflow on JPEG processing, universal crossite scripting, information leak.
Affected:ADOBE : Flash Player 7.0
 ADOBE : Flash Player 8.0
 ADOBE : Flash Player 9.0
CVE:CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.)
 CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors.")
Original documentdocumentrich cannings, XSS Vulnerabilities in Common Shockwave Flash Files (03.01.2008)
 documentSECURITEAM, [EXPL] Socket Connection Timing Can Reveal Information About Network Configuration (Exploit) (24.12.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-355A -- Adobe Updates for Multiple Vulnerabilities (21.12.2007)
 documentCollin Jackson, [Full-disclosure] CVE-2007-6244: Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability (20.12.2007)
 document3COM, [Full-disclosure] TPTI-07-21: Adobe Flash Player JPG Processing Heap Overflow Vulnerability (20.12.2007)

HP eSupportDiagnostics ActiveX unauthorized access
updated since 20.12.2007
Published:27.04.2008
Source:
SecurityVulns ID:8481
Type:remote
Threat Level:
6/10
Description:Unsafe ReadTextFile() / ReadValue() methods allow file system / registry access.
CVE:CVE-2008-0712
Original documentdocumentHP, HPSBGN02333 SSRT080031 rev.1 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code (27.04.2008)
 documentElazar Broad, [Full-disclosure] HP eSupportDiagnostics hpediags.dll Information Disclosure (20.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod