Computer Security
[EN] securityvulns.ru no-pyccku


VLC Media Player buffer overflow
updated since 03.01.2007
Published:21.01.2007
Source:
SecurityVulns ID:6990
Type:client
Threat Level:
5/10
Description:Buffer overflow on oversized udp:// URI during M3U file parsing.
Affected:XINE : xine 0.99
 VLC : VLC Media Player 0.8
CVE:CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.)
 CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.)
 CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.)
Original documentdocumentMOAB, MOAB-02-01-2007: VLC Media Player udp:// Format String Vulnerability (21.01.2007)
Files:Exploits VLC Player for OSX to execute arbitrary code
 Exploits VLC Player for OSX to execute arbitrary code (PPC)
 VLC media player 0.8.6a Denial of Service

Multiple PDF library PDF parsing DoS
updated since 18.01.2007
Published:21.01.2007
Source:
SecurityVulns ID:7067
Type:library
Threat Level:
5/10
Description:Infinite loop on page model tree parsing.
Affected:XPDF : xpdf 3.0
 KDE : KDE 3.4
 ADOBE : Acrobat Reader 7.0
 KDE : koffice 1.4
 POPPLER : poppler 0.4
 PDFTOHTML : pdftohtml 0.36
 TETEX : tetex 3.0
 JADETEX : jadetex 3.12
 APPLE : Preview.app 3.0
CVE:CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.)
 CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.)
 CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.)
Original documentdocumentMOAB, MOAB-06-01-2007: Multiple Vendor PDF Document Catalog Handling Vulnerability (21.01.2007)
 documentMANDRIVA, [ MDKSA-2007:022 ] - Updated tetex packages fix crafted pdf file vulnerability (19.01.2007)
 documentMANDRIVA, [ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability (19.01.2007)
 documentMANDRIVA, [ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability (19.01.2007)
 documentUBUNTU, [USN-410-1] poppler vulnerability (18.01.2007)
Files:Exploits Multiple Vendor PDF Document Catalog Handling Vulnerability

T-Com Speedport ADSL router unauthorized access
Published:21.01.2007
Source:
SecurityVulns ID:7076
Type:remote
Threat Level:
5/10
Description:Constant Cookie value is set for Web access verification.
Affected:T-COM : Speedport 500V
CVE:CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.)
Original documentdocumentadvisory07_(at)_smtp.ru, Virginity Security Advisory 2007-001 : T-Com Speedport 500V Login bypass (21.01.2007)

WzdFTPD FTP server DoS
Published:21.01.2007
Source:
SecurityVulns ID:7077
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on FTP commands parsing.
Affected:WZFTPD : WzdFTPD 8.0
CVE:CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.)
Original documentdocumentlabs_(at)_s21sec.com, WzdFTPD < 8.1 Denial of service (21.01.2007)

AVM IGD CTRL Service directory traversal
Published:21.01.2007
Source:
SecurityVulns ID:7078
Type:remote
Threat Level:
5/10
Description:HTTP directory traversal with TCP/49001 (UPNP) port.
Affected:AVM : Fritz!DSL Software 02.02
CVE:CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.)
Original documentdocumentdpr_(at)_herr-der-mails.de, [Full-disclosure] Flaw in AVM UPNP service for windows (21.01.2007)

netrik shell characters problems
Published:21.01.2007
Source:
SecurityVulns ID:7079
Type:client
Threat Level:
5/10
Description:Shell characters problem on temporary files creation.
Affected:NETRIK : netrik 1.15
CVE:CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.)
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution (21.01.2007)

Colloquy IRC client multiple format string vulnerabilities
Published:21.01.2007
Source:
SecurityVulns ID:7080
Type:client
Threat Level:
6/10
Description:Multiple format string vulnerabilities, e.g. invite IRC command.
Affected:COLLOQUY : Colloquy 2.1
CVE:CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.)
Original documentdocumentMOAB, MOAB-16-01-2007: Multiple Colloquy IRC Format String Vulnerabilities (21.01.2007)
Files:Makes use of the Colloquy INVITE format string vulnerability.

Mac OS X SLP daemon buffer overflow
Published:21.01.2007
Source:
SecurityVulns ID:7081
Type:remote
Threat Level:
7/10
Description:Buffer overflow on parsing arguments list of SLP request.
Affected:APPLE : Mac OS X 10.4
CVE:CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.8 and earlier allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.)
Original documentdocumentMOAB, MOAB-17-01-2007: Apple SLP Daemon Service Registration Buffer Overflow Vulnerability (21.01.2007)
Files:Proof of concept for MOAB-17-01-2007

Rumpus FTP server multiple security vulnerabilities
Published:21.01.2007
Source:
SecurityVulns ID:7082
Type:remote
Threat Level:
6/10
Description:Shell characters problems, buffer overflows, weaklpermissions.
Affected:RUMPUS : Rumpus 5.1
CVE:CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.)
 CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.)
 CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.)
Original documentdocumentMOAB, MOAB-18-01-2007: Rumpus Multiple Vulnerabilities (21.01.2007)
Files:Proof of concept for issues described in MOAB-18-01-2007

Apple Mac OS X transmit.app buffer overflow
Published:21.01.2007
Source:
SecurityVulns ID:7083
Type:client
Threat Level:
6/10
Description:Buffer overflow on ftps:// URI parsing.
Affected:TRANSMIT : Transmit.app 3.5
CVE:CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.)
Original documentdocumentMOAB, MOAB-19-01-2007: Transmit.app ftps:// URL Handler Heap Buffer Overflow (21.01.2007)
Files:Exploits Transmit.app ftps:// URL Handler Heap Buffer Overflow
 Exploits Transmit.app ftps:// URL Handler Heap Buffer Overflow

Apple iChat format string vulnerability
Published:21.01.2007
Source:
SecurityVulns ID:7084
Type:remote
Threat Level:
6/10
Description:Format string vulnerability on aim:// URI parsing.
Affected:APPLE : iChat 3.1
CVE:CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.)
Original documentdocumentMOAB, MOAB-20-01-2007: Apple iChat aim:// URL Handler Format String Vulnerability (21.01.2007)
Files:Exploits Apple iChat aim:// URL Handler Format String Vulnerability

Apple QuickTime HREFTrack crossite scripting
Published:21.01.2007
Source:
SecurityVulns ID:7085
Type:remote
Threat Level:
8/10
Description:Script can refer to local resources. Vulnerability is used in-the-wild for malware code installation.
Affected:APPLE : QuickTime 7.1
CVE:CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.)
Original documentdocumentMOAB, MOAB-03-01-2007: Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability (21.01.2007)
Files:Exploit for Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Unsanity Application Enhancer privilege escalation
Published:21.01.2007
Source:
SecurityVulns ID:7086
Type:local
Threat Level:
5/10
Description:Multiple privilege escalation issues.
Affected:UNSANITY : Application Enhancer 2.0
CVE:CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.)
Original documentdocumentMOAB, MOAB-08-01-2007: Application Enhancer (APE) Local Privilege Escalation (21.01.2007)
Files:Exploit Of The Apes: A practical pwnage for Application (UN)Enhancer aka APU

Intel Centrino ipw2200 wireless drivers buffer overflow
Published:21.01.2007
Source:
SecurityVulns ID:7087
Type:remote
Threat Level:
7/10
Description:Buffer overflow on oversized SSID
Affected:INTEL : IPW2200BG
Files:PoC exploit for Intel Centrino ipw2200 integrated wireless card

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod