Computer Security
[EN] securityvulns.ru no-pyccku


IBM DB2 database symboli links
Published:22.02.2007
Source:
SecurityVulns ID:7281
Type:local
Threat Level:
5/10
Description:Symboli links problem on temporary files creation.
Affected:IBM : DB2 9.0
CVE:CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.)

Linux NFS/ACL DoS
Published:22.02.2007
Source:
SecurityVulns ID:7282
Type:remote
Threat Level:
5/10
Description:Memory corruption on nfsacl verison 2 'ACCESS' request parsing.
CVE:CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.)

Microsoft Windows ReadDirectoryChangesW information leak
Published:22.02.2007
Source:
SecurityVulns ID:7283
Type:remote
Threat Level:
6/10
Description:ReadDirectoryChangesW() API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.)
Original documentdocument3APA3A, Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak (22.02.2007)
Files:Monitors directory tree changes
 Monitors directory tree changes (compiled)
 Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak

Linux ftpd ls privilege escalation
Published:22.02.2007
Source:
SecurityVulns ID:7284
Type:remote
Threat Level:
3/10
Description:ls command is executed with effective gid 0.
Original documentdocumentPaul Szabo, /bin/ls with gid=0 in Debian linux-ftpd (22.02.2007)

Linux SCSI devices unauthorized access
Published:22.02.2007
Source:
SecurityVulns ID:7285
Type:local
Threat Level:
6/10
Description:pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
Original documentdocumentJohn Cartwright, [Full-disclosure] Fwd: [full disclosure] Linux generic devices / pam.console problem (22.02.2007)

Trend Micro Server Protect unauthorized access
Published:22.02.2007
Source:
SecurityVulns ID:7286
Type:remote
Threat Level:
5/10
Description:Unauthorized TCP/14942 Web interface access.
Affected:TM : Trend Micro ServerProtect for Linux 1.3
CVE:CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.)
 CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.16.07: Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability (22.02.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.02.2007
Source:
SecurityVulns ID:7287
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SAPHPLESSON : SaphpLesson 3.0
 PHPTRAFFICA : phpTrafficA 1.4
 JWEB : Pics Navigator 2.0
 JWEB : Pics Navigator 1.0
 MAGICNEWSPLUS : Magic News Plus 1.0
 LOVECMS : LoveCMS 1.4
 INTERSPIRE : SendStudio 2004.14
CVE:CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.)
 CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.)
 CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.)
 CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.)
 CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.)
 CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.)
 CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.)
 CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.)
 CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.)
 CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.)
 CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.)
 CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.)
Original documentdocumenteufrato_(at)_gmail.com, [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability (22.02.2007)
 documentgamr-14_(at)_hotmail.com, SaphpLesson v3.0 SQL Injection Exploit (22.02.2007)
 documentlaurent gaffié, pheap [edit LFI] vulnerability (22.02.2007)
 documentlaurent gaffié, LoveCMS 1.4 multiple vulnerabilities (22.02.2007)
 documentlaurent gaffié, Plantilla PHP Simple (22.02.2007)
 documentsn0oPy.team_(at)_gmail.com, Pics Navigator Directory Traversal Vulnerability (22.02.2007)
 documentSECURITEAM, [UNIX] phpTrafficA Local File Inclusion (22.02.2007)
Files:Magic News PHP Code Execution Exploit

TurboFTP multiple security vulnerabilities
Published:22.02.2007
Source:
SecurityVulns ID:7288
Type:remote
Threat Level:
5/10
Description:Multiple heap overflows.
Affected:TURBOFTP : TurboFTP 5.30
CVE:CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.)
 CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.)
Files:Exploits TurboFTP 5.30 Build 572 Multiple Remote DoS

Multiple Newsrover / Newsbin / Newsreactor / Grabbit / News Files Grabber security vulnerabilities
Published:22.02.2007
Source:
SecurityVulns ID:7289
Type:client
Threat Level:
5/10
Description:Vulnerabilities on different XML-format files parsing.
Affected:NEWSBINPRO : News Bin Pro 5.33
 NEWSROVER : News Rover 12.1
 SHEMES : Grabit 1.5
 NEWSFILEGRABBER : News File Grabber 4.1
 NEWSREACTOR : NewsReactor 20070220
 GLUESOFTWARE : NewsGlue 1.3
CVE:CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.)
 CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.)
 CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.)
 CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.)
 CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Files:News Rover 12.1 Rev 1 Remote Stack Overflow exploit
 News Bin Pro 5.33 .NBI File Buffer Overflow exploit
 News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit
 News Bin Pro 4.32 Article Grabbing Remote Unicode Buffer Overflow
 NewsReactor 20070220 Article Grabbing Remote Buffer Overflow Exploit 1
 NewsReactor 20070220 Article Grabbing Remote Buffer Overflow

FTP Voyager buffer overflow
Published:22.02.2007
Source:
SecurityVulns ID:7290
Type:client
Threat Level:
5/10
Description:Stack buffer overflow (stack overrun) on server reply parsing.
Affected:FTPVOYAGER : FTP Voyager 14.0
CVE:CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.)
Files:FTP Voyager <= 14.0.0.3 CWD Remote Stack Overflow

FTP Explorer DoS
Published:22.02.2007
Source:
SecurityVulns ID:7291
Type:client
Threat Level:
2/10
Description:Infinite loop on oversized server response.
Affected:FTPEXPLORER : FTP Explorer 1.0
CVE:CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.)
Files:FTP Explorer 1.0.1 Build 047 Remote DoS (CPU consumption)

JBoss insecure defaults
updated since 22.02.2007
Published:23.02.2007
Source:
SecurityVulns ID:7280
Type:remote
Threat Level:
5/10
Description:Web console and management instruments are available without authentication.
CVE:CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.)
 CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.)
 CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.)
Original documentdocumentbuben.razuma_(at)_gmail.com, JBoss jmx-console CSRF (23.02.2007)

PHP zend_hash_init function infinite loop
updated since 22.02.2007
Published:02.03.2007
Source:
SecurityVulns ID:7279
Type:remote
Threat Level:
5/10
Description:Infinite loop on 64-bit platforms.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.)
 CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.)
Original documentdocumentPHP-SECURITY, MOPB-05-2007:PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability (02.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod