 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 22.06.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7837 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| xfsdump symbolic links vulnerability | | Published: | | 22.06.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7842 | | Type: | | local | | Level: | | 5/10 | | Description: | | xfs_fsr utility insecurely creates .fsr temporary directory. |
| Affected: |  | XFSDUMP : xfsdump 2.2 | | CVE: |  | CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.) |
Microsoft Outlook Express / Windows Mail multiple security vulnerabilities
updated since 12.06.2007 | | Published: | | 22.06.2007 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 7808 | | Type: | | client | | Level: | | 8/10 | | Description: | | Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs. |
| Affected: | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | CVE: | | CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.") | | | | CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability.") | | | | CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).) | | | | CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability.") |
| GNU emacs DoS | | Published: | | 22.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7838 | | Type: | | local | | Level: | | 3/10 | | Description: | | Crash on images processing. |
| Affected: | | EMACS : emacs 21.4 | | CVE: | | CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.) |
| VLC media player multiple security vulnerabilities | | Published: | | 22.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7839 | | Type: | | client | | Level: | | 5/10 | | Description: | | Format string vulnerabilities in Ogg Vorbis and Ogg Theora comments parsing, CDDA data, SAP/SDP discovery service. Integer overflow and uninitialized variables on WAV parsing. |
| Affected: | | VLC : VLC 0.8 | | CVE: | | CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.) | | | | CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.) |
| MadWifi multiple security vulnerabilities | | Published: | | 22.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7840 | | Type: | | remote | | Level: | | 6/10 | | Description: | | DoS on different frames parsing, local array index overflow. |
| Affected: | | MADWIFI : Madwifi 0.9 | | CVE: | | CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.) | | | | CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.) | | | | CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.) |
| Evolution Data Server integer overflow | | Published: | | 22.06.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7843 | | Type: | | client | | Level: | | 5/10 | | Description: | | Integer overflow in Camel mailer component on negative value of IMAP server SEQUENCE command reply. |
| Affected: | | EVOLUTION : Evolution Data Server 1.11 | | CVE: | | CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.) |
Ingres database / CA security products multiple security vulnerabilities
updated since 22.06.2007 | | Published: | | 24.12.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7841 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple heap buffers overflows on TCP/10916 and TCP/10923 requests parsing. Local unauthorized files access with 'wakeup'. Buffer overflow in uuid_from_char() SQL function, privilege escalation. |
| Affected: | | INGRES : Ingres Database 3.0 | | | | INGRES : Ingres 2006 | | | | INGRES : Ingres 2.6 | | | | INGRES : Ingres 2.5 | | CVE: | | CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.) | | | | CVE-2007-3338 (Multiple buffer stack-based overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows attackers allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.) | | | | CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.) | | | | CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.) | | | | CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.) |
| Original document |  | CA, [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability (24.12.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres Unauthenticated Pointer Overwrite 1 (26.06.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres wakeup setuid(ingres) file truncation (26.06.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres stack overflow in uuid_from_char function (26.06.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres verifydb local stack overflow (26.06.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres Unauthenticated Pointer Overwrite 2 (26.06.2007) |
| | | CA, [Full-disclosure] [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities (22.06.2007) |
| | | IDEFENSE, iDefense Security Advisory 06.21.07: Ingres Database Multiple Heap Corruption Vulnerabilities (22.06.2007) |
|
|
|
|
|
|
|
|
