Search:Vulnerability:22.07.2007 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

NOD32 Antivirus multiple security vulnerabilities
Published: 22.07.2007
Source: BUGTRAQ
SecurityVulns ID: 7957
Type: remote
Level: 6/10
Description: Race conditions on CAB parsing, division by zero on ASPACK and FSG parsing, infinite loop on ASPACK parsing.

Affected: eset : NOD32 2.22

Original document security_(at)_nruns.com, 2007-07-20 - n.runs-SA-2007.017 - NOD32 Antivirus ASPACK parsing Infinite Loop Advisory (22.07.2007)

security_(at)_nruns.com, 202007-07-20 - n.runs-SA-2007.018 - NOD32 Antivirus ASPACK and FSG parsing Divide by Zero Advisory (22.07.2007)

security_(at)_nruns.com, 2007-07-20 - n.runs-SA-2007.016 - NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory (22.07.2007)

Discuss: Read or add your comments to this news (0 comments)

tcpdump buffer overflow
Published: 22.07.2007
Source: BUGTRAQ
SecurityVulns ID: 7959
Type: remote
Level: 6/10
Description: Buffer overflow on BGP parsing.

Affected: TCPDUMP : tcpdump 3.9
CVE: CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.)

Original document RPATH, rPSA-2007-0147-1 tcpdump (22.07.2007)

Discuss: Read or add your comments to this news (0 comments)

Citrix Access Gateway Citrix EPA ActiveX code execution
Published: 22.07.2007
Source: BUGTRAQ
SecurityVulns ID: 7960
Type: client
Level: 6/10
Description: ActiveX control allows to download and execute any executable module.

Affected: CITRIX : Access Gateway 4.5
CVE: CVE-2007-3679 (The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.)

Original document SYMANTEC, SYMSA-2007-006: Citrix EPA ActiveX Control Design Flaw (22.07.2007)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 22.07.2007
Source:
SecurityVulns ID: 7961
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: USEBB : UseBB 1.0
JBLOG : JBlog 1.0
VHCS : Virtual Hosting Control System 2.4

Original document Advisory_(at)_Aria-Security.net, [MajorSecurity Advisory #51]Virtual Hosting Control System - Session fixation Issue (22.07.2007)

Advisory_(at)_Aria-Security.net, [Aria-Security] Munch Pro Remote Login ByPass (22.07.2007)

Advisory_(at)_Aria-Security.net, [Aria-Security] Property Pro Remote Login ByPass (22.07.2007)

document s4mi_(at)_LinuxMail.org, JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation (22.07.2007)

s4mi_(at)_LinuxMail.org, UseBB 1.0.x Cross Site Scripting (XSS) (22.07.2007)

starext_(at)_msn.com, Elite Forum Full HTML ENject versin 1.0.0.0 (22.07.2007)

Files: JBlog version: 1.0 cookies Manipulation + Cross Site Scripting
Elite Forum FULL HTML ENjector
Discuss: Read or add your comments to this news (0 comments)

Panda Antivirus integer overflow
Published: 22.07.2007
Source: BUGTRAQ
SecurityVulns ID: 7958
Type: remote
Level: 6/10
Description: Integer overflow leads to buffer overflow on PE (.EXE) files parsing.

Affected: PANDASOFTWARE : Panda Truprevent 2006
PANDASOFTWARE : Panda Platinum Internet Security 2007 11.00
PANDASOFTWARE : Panda Antivirus 2007

Original document security_(at)_nruns.com, 2007-07-20 - n.runs-SA-2007.019 - Panda Antivirus EXE parsing Arbitrary Code Execution Advisory (22.07.2007)

Discuss: Read or add your comments to this news (0 comments)