Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.08.2007
Source:
SecurityVulns ID:8082
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:RIPECMS : Ripe Website Manager 0.8
 JOOMLA : SimpleFAQ 2.11
Original documentdocumentOS2A BTO, Ripe Website Manager SQL Injection and Cross Site Scripting Vulnerabilities (22.08.2007)
 documentsystem-errrror_(at)_hotmail.com, Firesoft Remote File Inclusion (22.08.2007)
 documentsystem-errrror_(at)_hotmail.com, Dalai Forum Remote File Inclusion Exploit (22.08.2007)
 documentk1tk4t_(at)_newhack.org, Joomla Component SimpleFAQ V2.11 - Remote SQL Injection (22.08.2007)

Asterisk VoIP server Skinny protocol resources aexhaustions
Published:22.08.2007
Source:
SecurityVulns ID:8083
Type:remote
Threat Level:
5/10
Description:SIP dialog history is stored in memory regardless of settings, leading to memory exhaustion.
Affected:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk s800i
CVE:CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.)
Original documentdocumentASTERISK, AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver (22.08.2007)

Trend Micro antiviral products multiple security vulnerabilities
updated since 22.08.2007
Published:11.09.2007
Source:
SecurityVulns ID:8084
Type:remote
Threat Level:
7/10
Description:Buffer overflow in SSAPI engine on oversized local path. Buffer overflow in ServerProtect on different TCP/5168 RPC requests.
CVE:CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.)
 CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.)
 CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.)
 CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.)
Original documentdocumentZDI, ZDI-07-051: Trend Micro ServerProtect TMregChange() Stack Overflow Vulnerability (11.09.2007)
 documentZDI, ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability (11.09.2007)
 documentIDEFENSE, iDefense Security Advisory 08.21.07: Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability (22.08.2007)
 documentIDEFENSE, iDefense Security Advisory 08.21.07: Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities (22.08.2007)
 documentIDEFENSE, iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability (22.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod