Computer Security
[EN] securityvulns.ru no-pyccku


Apple iPhones multiple security vulnerabilities
Published:23.10.2007
Source:
SecurityVulns ID:8282
Type:remote
Threat Level:
6/10
Description:Vulnerable version of libtiff allows code execution and, as a result, allows to unlock phone.
Affected:APPLE : iPhone 1.1
Original documentdocumentH D Moore, Cracking the iPhone (5 article series) (23.10.2007)

Citrix Access Gateway information leak
Published:23.10.2007
Source:
SecurityVulns ID:8283
Type:remote
Threat Level:
5/10
Description:HTTP session cookie is passed through HTTP GET request parameters, making it possible to leak it value thorugh Referer: field or in the browsing history.
Affected:CITRIX : Citrix Advanced Access Control 4.0
 CITRIX : Citrix Advanced Access Control 4.2
 CITRIX : Citrix Access Gateway 4.5
Original documentdocumentadvisories, Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue (23.10.2007)

3proxy double free() security vulnerability
Published:23.10.2007
Source:
SecurityVulns ID:8284
Type:remote
Threat Level:
6/10
Description:Double free() on FTP proxy OPEN request handling.
Affected:3PROXY : 3proxy 0.5
CVE:CVE-2007-5622 (Double-free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy.)
Original documentdocument3APA3A, 3proxy 0.5.3j released (bugfix) (23.10.2007)
 documentxiaojunli.air, 3proxy double free vulnerability (23.10.2007)

Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities
Published:23.10.2007
Source:
SecurityVulns ID:8285
Type:client
Threat Level:
8/10
Description:Code exectuion with invalid % encoding in Windows, lcaol files accesss with sftp URL, content spoofing, user input focus stealing, memory corruption, code execution.
Affected:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
CVE:CVE-2007-5340
 CVE-2007-5339
 CVE-2007-5338
 CVE-2007-5337
 CVE-2007-5334
 CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary commands via a "single unexpected URI" within a (1) mailto, (2) nntp, (3) news, or (4) snews URI, related to improper file type handling, a variant of CVE-2007-3845. NOTE: this information is based upon a vague pre-advisory.)
 CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 and 2.0.0.4 allows remote attackers to change field focus and copy keystrokes via JavaScript, as demonstrated by changing focus from a textarea to a file upload field.)
 CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox 2.0.0.3 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.)
 CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.)
 CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-36 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-35 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-34 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-33 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-32 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-31 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-30 (23.10.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-29 (23.10.2007)

Zaptel драйвер buffer overflow
Published:23.10.2007
Source:
SecurityVulns ID:8281
Type:local
Threat Level:
5/10
Description:Buffer overflow on oversized IOCTL interface name.
Affected:ZAPTEL : Zaptel 1.4
Original documentdocumentMichal Bucko, [ELEYTT] Public Advisory 20-10-2007 (23.10.2007)

IBM Lotus Notes multiple security vulnerabilities
updated since 23.10.2007
Published:24.10.2007
Source:
SecurityVulns ID:8286
Type:client
Threat Level:
7/10
Description:Buffer overflow on viewing of different attachment types, information leak between local users thorugh memory mapped files.
Affected:IBM : Lotus Domino 6.5
 IBM : Lotus Notes 7.0
 IBM : Lotus Notes 8.0
CVE:CVE-2007-5544
 CVE-2007-4222
 CVE-2007-3510
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.23.07: IBM Lotus Domino IMAP Buffer Overflow Vulnerability (24.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.23.07: IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability (24.10.2007)
 documentSYMANTEC, SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability (23.10.2007)
 documentTAN Chew Keong, [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities (23.10.2007)
Files:IBM Lotus Domino - IMAP4 Mailbox Name Stack Overflow Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod