Search:Vulnerability:20.12.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 20.12.2007
Source:
SecurityVulns ID: 8476
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Original document p4imi0, xeCMS 1.x.x Remote File Disclosure Vulnerability. (20.12.2007)

Discuss: Read or add your comments to this news (0 comments)

id3lib library array overflow
Published: 20.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8477
Type: library
Level: 6/10
Description: extflags array overflow on ID3v2 array parsing.

Affected: ID3LIB : id3lib 4.0

Original document Luigi Auriemma, Array overflow in id3lib (devel CVS) (20.12.2007)

Files: Exploits id3lib (devel CVS) array overflow
Discuss: Read or add your comments to this news (0 comments)

HP Software Updates ActiveX unauthorized access
updated since 20.12.2007
Published: 22.12.2007
Source: BUGTRAQ
SecurityVulns ID: 8480
Type: client
Level: 7/10
Description: Unsafe SaveToFile() method allows access to filesystem.

Affected: HP : HP Software Update client 3.0
CVE: CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 3.0.8.4 allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.)

Original document HP, HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access (22.12.2007)

porkythepig_(at)_anspi.pl, HP laptops Software Update tool vulnerability (20.12.2007)

Discuss: Read or add your comments to this news (0 comments)

Adobe Flash Player multiple security vulnerabilities
updated since 20.12.2007
Published: 03.01.2008
Source: FULL-DISCLOSURE
SecurityVulns ID: 8479
Type: client
Level: 8/10
Description: Heap buffer overflow on JPEG processing, universal crossite scripting, information leak.

Affected: ADOBE : Flash Player 7.0
ADOBE : Flash Player 8.0
ADOBE : Flash Player 9.0
CVE: CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.)
CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors.")

Original document rich cannings, XSS Vulnerabilities in Common Shockwave Flash Files (03.01.2008)

SECURITEAM, [EXPL] Socket Connection Timing Can Reveal Information About Network Configuration (Exploit) (24.12.2007)

CERT, US-CERT Technical Cyber Security Alert TA07-355A -- Adobe Updates for Multiple Vulnerabilities (21.12.2007)

document Collin Jackson, [Full-disclosure] CVE-2007-6244: Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability (20.12.2007)

3COM, [Full-disclosure] TPTI-07-21: Adobe Flash Player JPG Processing Heap Overflow Vulnerability (20.12.2007)

Discuss: Read or add your comments to this news (0 comments)

HP eSupportDiagnostics ActiveX unauthorized access
updated since 20.12.2007
Published: 27.04.2008
Source: BUGTRAQ
SecurityVulns ID: 8481
Type: remote
Level: 6/10
Description: Unsafe ReadTextFile() / ReadValue() methods allow file system / registry access.

CVE: CVE-2008-0712

Original document HP, HPSBGN02333 SSRT080031 rev.1 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code (27.04.2008)

Elazar Broad, [Full-disclosure] HP eSupportDiagnostics hpediags.dll Information Disclosure (20.12.2007)

Discuss: Read or add your comments to this news (0 comments)