 |
|
|
|
| IBM DB2 database symboli links | | Published: |  | 22.02.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7281 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Symboli links problem on temporary files creation. |
| Affected: |  | IBM : DB2 9.0 | | CVE: |  | CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.) |
| Linux ftpd ls privilege escalation | | Published: | | 22.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7284 | | Type: | | remote | | Level: | | 3/10 | | Description: | | ls command is executed with effective gid 0. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 22.02.2007 | | Source: | | | | SecurityVulns ID: | | 7287 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | SAPHPLESSON : SaphpLesson 3.0 | | | | PHPTRAFFICA : phpTrafficA 1.4 | | | | JWEB : Pics Navigator 2.0 | | | | JWEB : Pics Navigator 1.0 | | | | MAGICNEWSPLUS : Magic News Plus 1.0 | | | | LOVECMS : LoveCMS 1.4 | | | | INTERSPIRE : SendStudio 2004.14 | | CVE: | | CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.) | | | | CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.) | | | | CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.) | | | | CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.) | | | | CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.) | | | | CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.) | | | | CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.) | | | | CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.) | | | | CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.) | | | | CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.) | | | | CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.) | | | | CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.) |
| TurboFTP multiple security vulnerabilities | | Published: | | 22.02.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 7288 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple heap overflows. |
| Affected: | | TURBOFTP : TurboFTP 5.30 | | CVE: | | CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.) | | | | CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.) |
| Multiple Newsrover / Newsbin / Newsreactor / Grabbit / News Files Grabber security vulnerabilities | | Published: | | 22.02.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 7289 | | Type: | | client | | Level: | | 5/10 | | Description: | | Vulnerabilities on different XML-format files parsing. |
| Affected: | | NEWSBINPRO : News Bin Pro 5.33 | | | | NEWSROVER : News Rover 12.1 | | | | SHEMES : Grabit 1.5 | | | | NEWSFILEGRABBER : News File Grabber 4.1 | | | | NEWSREACTOR : NewsReactor 20070220 | | | | GLUESOFTWARE : NewsGlue 1.3 | | CVE: | | CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.) | | | | CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information.) | | | | CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.) | | | | CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.) | | | | CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.) | | | | CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) |
| Linux NFS/ACL DoS | | Published: | | 22.02.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7282 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Memory corruption on nfsacl verison 2 'ACCESS' request parsing. |
| CVE: | | CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.) |
| Microsoft Windows ReadDirectoryChangesW information leak | | Published: | | 22.02.2007 | | Source: | | SECURITYVULNS | | SecurityVulns ID: | | 7283 | | Type: | | remote | | Level: | | 6/10 | | Description: | | ReadDirectoryChangesW() API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files. |
| Linux SCSI devices unauthorized access | | Published: | | 22.02.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7285 | | Type: | | local | | Level: | | 6/10 | | Description: | | pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly. |
| Trend Micro Server Protect unauthorized access | | Published: | | 22.02.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7286 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Unauthorized TCP/14942 Web interface access. |
| Affected: | | TM : Trend Micro ServerProtect for Linux 1.3 | | CVE: | | CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.) | | | | CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).) |
| FTP Explorer DoS | | Published: | | 22.02.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 7291 | | Type: | | client | | Level: | | 2/10 | | Description: | | Infinite loop on oversized server response. |
| Affected: | | FTPEXPLORER : FTP Explorer 1.0 | | CVE: | | CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.) |
| FTP Voyager buffer overflow | | Published: | | 22.02.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 7290 | | Type: | | client | | Level: | | 5/10 | | Description: | | Stack buffer overflow (stack overrun) on server reply parsing. |
| Affected: | | FTPVOYAGER : FTP Voyager 14.0 | | CVE: | | CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.) |
JBoss insecure defaults
updated since 22.02.2007 | | Published: | | 23.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7280 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Web console and management instruments are available without authentication. |
| CVE: | | CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.) | | | | CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.) | | | | CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.) |
PHP zend_hash_init function infinite loop
updated since 22.02.2007 | | Published: | | 02.03.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7279 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Infinite loop on 64-bit platforms. |
| Affected: | | PHP : PHP 4.4 | | | | PHP : PHP 5.2 | | CVE: | | CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.) | | | | CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.) |
|
|
|
|
|
|
|
|
