Computer Security
[EN] securityvulns.ru no-pyccku


HP Help and Support Center buffer overflow
Published:21.06.2007
Source:
SecurityVulns ID:7833
Type:remote
Threat Level:
5/10
CVE:CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBPI02226 SSRT061274 rev.1 - HP Help and Support Center Running on HP Notebook Computers Running with Windows XP, Remote Unauthorized Access (21.06.2007)

ProFTPD authentication bypass
Published:21.06.2007
Source:
SecurityVulns ID:7836
Type:remote
Threat Level:
6/10
Description:There is no check data used for authentication is retrieved by the same authentication module if multiple authentication modules are configured.
Affected:PROFTPD : ProFTPD 1.3
CVE:CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.06.2007
Source:
SecurityVulns ID:7832
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:NETJUKEBOX : netjukebox 4.01
 INTERACT : Interact 2.4
Original documentdocumentr0t, PHPAccounts vuln. (21.06.2007)
 documentr0t, Interact multiple XSS vuln. (21.06.2007)
 documentr0t, netjukebox vuln. (21.06.2007)

httpsv multiple security vulnerabilities
Published:21.06.2007
Source:
SecurityVulns ID:7834
Type:remote
Threat Level:
5/10
Description:It's possible to retrieve script source with URL like http://127.0.0.1/test.htm%20. DoS on large number of requests to non-existant pages.
Affected:HTTPSV : httpsv 1.6
Original documentdocumentimprili_(at)_gmail.com, HTTP SERVER (httpsv1.6.2) 404 Denial of Service (21.06.2007)
 documentimprili_(at)_gmail.com, HTTP SERVER (httpsv1.6.2) source code disclosure (21.06.2007)
Files:HTTP SERVER (httpsv1.6.2) 404 Denial of Service

MyServer HTTP server multiple security vulnerabilities
Published:21.06.2007
Source:
SecurityVulns ID:7835
Type:remote
Threat Level:
5/10
Description:Crossite scripting with demo pages, script source code access with capital character in path.
Affected:MYSERVER : MyServer 0.8
Original documentdocumentimprili_(at)_gmail.com, MyServer-0.8.9 - xss in sample cgi page (21.06.2007)
 documentimprili_(at)_gmail.com, MyServer-0.8.9 - source code disclosure (21.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod