Search:Vulnerability:21.11.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

BitDefender online antivirus scanner ActiveX buffer overflow
Published: 21.11.2007
Source: BUGTRAQ
SecurityVulns ID: 8366
Type: client
Level: 5/10
Description: Buffer overflow in InitX method.

Affected: BITDEFENDER : BitDefender Online Anti-Virus Scanner 8.0

Original document EEYE, EEYE: BitDefender Online Scanner 8 Double Decode Heap Overflow (21.11.2007)

Discuss: Read or add your comments to this news (0 comments)

Linksys Wireless ADSL Gateway crossite scripting
Published: 21.11.2007
Source: BUGTRAQ
SecurityVulns ID: 8369
Type: remote
Level: 5/10
Description: Multiple crossite scripting vulnerabilities with /setup.cgi.

Affected: CISCO : Linksys WAG54GS
CVE: CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the c4_trap_ip_ parameter and other unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)

Original document pagvacito, Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS) (21.11.2007)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 21.11.2007
Source:
SecurityVulns ID: 8368
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Nucleus: CAPTCHA protection bypass.

Affected: NUCLEUS : Nucleus 3.01
PHPMYADMIN : phpMyAdmin 2.11
CVE: CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.)
CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.)

Original document no-reply_(at)_aria-security.net, [Aria-Security.Net] VU Case Manager "Username/Password" SQL Injection (21.11.2007)

no-reply_(at)_aria-security.net, Aria-Security.Net: VU Mailer (Mass Mail) "Password" SQL Injection (21.11.2007)

MANDRIVA, [ MDKSA-2007:229 ] - Updated phpMyAdmin packages fix multiple vulnerabilities (21.11.2007)

document MustLive, MoBiC-20: Nucleus CAPTCHA bypass (21.11.2007)

Discuss: Read or add your comments to this news (0 comments)

Feynmf symbolic links vulnerability
Published: 21.11.2007
Source: BUGTRAQ
SecurityVulns ID: 8367
Type: remote
Level: 5/10
Description: feynmf.pl symbolic linkcs vulnerability on temporary files creation.

Affected: FEYNMF : feynmf 1.08
CVE: CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.)

Original document GENTOO, [ GLSA 200711-32 ] Feynmf: Insecure temporary file creation (21.11.2007)

Discuss: Read or add your comments to this news (0 comments)

test server