 |
|
|
|
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.01.2007 | | Published: |  | 24.01.2007 | | Source: |  | | | SecurityVulns ID: |  | 7090 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | PHPADSNEW : phpAdsNew 2.0 | | | | PHPOPENADS : phpPgAds 2.0 | | | | PHPNUKE : PHP-Nuke 7.9 | | | | WEBSITEBAKER : Website Baker 2.6 | | | | BITWEAVER : bitweaver 1.3 | | | | FREEFORUM : FreeForum 0.9 | | | | CMSIMPLE : cmsimple 2.7 | | | | PHPLINKDIRECTORY : PHP Link Directory 3.0 | | | | OPENREALTY : Open-Realty 2.3 | | | | UPLOADSCRIPT : UploadScript 1.02 | | | | UPLOADSERVICE : Upload Service 1.0 | | | | ADVANCEDGUESTBOO : Advanced Guestbook 2.4 | | | | SCRIPTSEZ : Random PHP Quote 1.0 | | | | YANAFRAMEWORK : Yana Framework 2.8 | | | | INDISGUISE : Enthusiast 3.1 | | | | PHPXD : phpxd 0.3 | | | | BBCLONE : bbclone 0.31 | | | | RPW : RPW 1.0 | | | | ASPEDGE : ASP EDGE 1.2 | | | | ASPNEWS : ASP NEWS 3 | | | | VOTEPRO : Vote-Pro 4.0 | | | | FREEWEBSHOP : FreeWebshop.org Script 2.2 | | | | DRUPAL : Drupal Acidfree Module 4.6 | | | | OPENADS : Openads 2.0 | | | | WEBGUI : WebGUI 7.3 | | | | DJANGO : django 0.95 | | | | ZIXFORUM : ZixForum 1.14 | | | | MAXTRICITY : Maxtricity Tagger 0.1 | | CVE: |  | CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.) | | | | CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.) | | | | CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.) | | | | CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.) | | | | CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.) | | | | CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.) | | | | CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.) | | | | CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.) | | | | CVE-2007-054 | | | | CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.) | | | | CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.) | | | | CVE-2007-0530 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use.) | | | | CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.) | | | | CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.) | | | | CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.) | | | | CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.) | | | | CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.) | | | | CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.) | | | | CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.) | | | | CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.) | | | | CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.) | | | | CVE-2007-0487 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used.) | | | | CVE-2007-0486 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions.) | | | | CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.) | | | | CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.) | | | | CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.) | | | | CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.) | | | | CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.) | | | | CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.) |
| Original document |  | beks, Maxtricity Tagger Password Disclosure Vulnerability (24.01.2007) |
| | | me you, ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability (24.01.2007) |
| | | Matteo Beccati, [Full-disclosure] [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed (24.01.2007) |
| | | beks, Toxiclab Shoutbox Password Disclosure Vulnerability (24.01.2007) |
| | | SECUNIA, [SA23826] Django Two Vulnerabilities (24.01.2007) |
| | | SECUNIA, [SA23754] WebGUI User Name Script Insertion Vulnerability (24.01.2007) |
| | | SECUNIA, [SA23720] Openads / Openads for PostgreSQL Cross-Site Scripting Vulnerability (24.01.2007) |
| | | PHPNUKE, [SA23748] PHP-Nuke "cat" Old Articles Block SQL Injection (24.01.2007) |
| | | SECUNIA, [SA23895] Drupal Acidfree Module "node titles" SQL Injection Vulnerability (24.01.2007) |
| | | SECUNIA, [SA23898] FreeWebShop.org "lang_file" File Inclusion Vulnerability (24.01.2007) |
| | | Advisory_(at)_Aria-Security.net, [Aria-Security Team] MyBB Cross-Site Scripting (24.01.2007) |
| | | ajannhwt_(at)_hotmail.com, ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability (24.01.2007) |
| | | ajannhwt_(at)_hotmail.com, ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability (24.01.2007) |
| | | Dr Max Virus, phpXD <= 0.3 (path) Remote File Inclusion Vulnerability (24.01.2007) |
| | | Dr Max Virus, BBClone 0.31 (selectlang.php) Remote File Inclusion Vulnerability (24.01.2007) |
| | | Dr Max Virus, RPW 1.0.2 (config.php sql_language) Remote File Inclusion Vulnerability: (24.01.2007) |
| | | SECUNIA, [SA23865] Enthusiast Cross-Site Scripting and SQL Injection (24.01.2007) |
| | | SECUNIA, [SA23855] Yana Framework Guestbook Profile Security Bypass (24.01.2007) |
| | | the.tiger100_(at)_gmail.com, subscribe (pwd.txt) Remote Password Disclosur (24.01.2007) |
| | | the.tiger100_(at)_gmail.com, RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur (24.01.2007) |
| | | C0r3 1mp4ct, AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability (24.01.2007) |
| | | me you, Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability (24.01.2007) |
| | | y3dips_(at)_gmail.com, [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion (24.01.2007) |
| | | Rolf Huisman, SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before (24.01.2007) |
| | | me you, Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability (24.01.2007) |
| | | me you, UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability (24.01.2007) |
| | | CorryL, [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit (24.01.2007) |
| | | xx_hack_xx_2004_(at)_hotmail.com, Full Path Disclosure in Open-Realty ( v2.3.4 ) (24.01.2007) |
| | | jussi.vuokko_(at)_smilehouse.com, PHP Link Directory XSS Vulnerability version <= 3.0.6 (24.01.2007) |
| | | mr alkomandoz, phpAdsNew 2.0.7 Remote File Include (24.01.2007) |
| | | mr alkomandoz, cmsimple 2.7 Remote File Include (24.01.2007) |
| | | xx_hack_xx_2004_(at)_hotmail.com, SQL Injection in Unique Ads ( UDS ) (24.01.2007) |
| | | xx_hack_xx_2004_(at)_hotmail.com, XSS in Guestbook ( v.4.00 beta ) (24.01.2007) |
| | | Advisory_(at)_Aria-Security.net, XMB "U2U Instant Messenger" Cross-Site Scripting (24.01.2007) |
| | | me you, FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability (24.01.2007) |
| | | laurent gaffié, FishCart [injection sql] (24.01.2007) |
| Apple Safari / Konqueror SCRIPT tag filtering bypass | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7091 | | Type: | | client | | Level: | | 3/10 | | Description: | | Brower follows <script> tags within HTML comment. It violates HTML standard. |
| Affected: | | KDE : KDE 3.5 | | | | APPLE : MacOS X 10.4 | | | | KDE : Konqueror 3.5 | | CVE: | | CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.) | | | | CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.) |
| OpenLDAP installation symbolic links vulnerability | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7094 | | Type: | | remote | | Level: | | 4/10 | | Description: | | gencert.sh installation script insecure tempoary files creation. |
| Affected: | | OPENLDAP : OpenLDAP 2.2 | | | | OPENLDAP : OpenLDAP 2.1 | | | | OPENLDAP : OpenLDAP 2.3 | | CVE: | | CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.) |
| Multiple IP Phones unauthorized access | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7095 | | Type: | | remote | | Level: | | 5/10 | | Description: | | After administrative login it's possible to access administration interface from any IP without password validation. |
| Microsoft Visual Studio buffer overflow | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7096 | | Type: | | local | | Level: | | 3/10 | | Description: | | Buffer overflows on oversized filename in different paramters. |
| Affected: | | MICROSOFT : Visual Studio 6.0 | | CVE: | | CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.) |
| Sienzo Digital Music Mentor ActiveX buffer overflow | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7098 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow in NCTAudioFile2.AudioFile SetFormatLikeSample() method. |
| Affected: | | SIENZO : Sienzo Digital Music Mentor 2.6 | | CVE: | | CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD B) |
| Multiple mobile phones bluetooth DoS | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7092 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Flood with ussp-push messages causes user interface blocking by multiple download prompt messages. |
| Affected: | | NOKIA : Nokia N70 | | | | SONYERICSSON : Sony Ericsson K700i | | | | MOTOROLLA : MOTORAZR V3 | | | | SONYERICSSON : Sony Ericsson W810i | | | | LG : Chocolate KG800 | | CVE: | | CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.) | | | | CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.) | | | | CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.) | | | | CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.) |
| xine-ui format string vulnerability | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7093 | | Type: | | client | | Level: | | 5/10 | | Description: | | Format string vulnerability in errors_create_window() on media files parsing. |
| Affected: | | XINE : xine-ui 0.99 | | CVE: | | CVE-2007-0254 (Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.) |
| Cisco routers IPv6 DoS | | Published: | | 24.01.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7100 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Router crash on parsing IPv6 packet RH (routing header). |
| Apple QuickDraw libraries memory corruption | | Published: | | 24.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7102 | | Type: | | library | | Level: | | 6/10 | | Description: | | Memory corruption on maleformed PICT image ARGB record. |
| Affected: | | APPLE : Mac OS X 10.4 | | CVE: | | CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.) | | | | CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.) |
| Sun Solaris tip privilege escalation | | Published: | | 24.01.2007 | | Source: | | SECUNIA | | SecurityVulns ID: | | 7103 | | Type: | | local | | Level: | | 5/10 | | Description: | | Privilege escalation to 'uucp' user. |
| OpenBSD IPv6 ICMPv6 DoS | | Published: | | 24.01.2007 | | Source: | | SECUNIA | | SecurityVulns ID: | | 7105 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Infinite loop on ICMPv6 packet parsing. |
| Sun Ray Server password information leak | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7106 | | Type: | | local | | Level: | | 5/10 | | Description: | | /cgi-bin/mail scripts records utadmin administrator's password is recorded into log file. |
| pam unauthorized access | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7104 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Any password is accepted if password hash contains some set of characters. |
| Affected: | | PAM : pam 0.99 | | CVE: | | CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.) |
| Cisco routers memory leak DoS | | Published: | | 24.01.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7097 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Memory leak on incoming TCP packets. |
| Apple Mac OS X UserNotificationCenter privilege escalation | | Published: | | 24.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7101 | | Type: | | local | | Level: | | 6/10 | | Description: | | Application doesn't droup wheel group privileges. |
| Affected: | | APPLE : Mac OS X 10.4 | | CVE: | | CVE-2007-0023 (The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.) |
| Cisco routers and code execution with IP options DoS | | Published: | | 24.01.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7107 | | Type: | | remote | | Level: | | 10/10 | | Description: | | ICMP, UDP or TCP packets with some IP options set can cause device reload and potentially code execution. |
NCTsoft multiple applications ActiveX buffer overflow
updated since 24.01.2007 | | Published: | | 11.05.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7099 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow in NCTAudioFile2.AudioFile SetFormatLikeSample() method. |
| Affected: | | NCTSOFT : NCTAudioStudio 2.7 | | | | NCTSOFT : NCTAudioEditor 2.7 | | | | NCTSOFT : NCTDialogicVoice 2.7 | | | | BEARSHARE : BearShare 6.0 | | CVE: | | CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD B) |
|
|
|
|
|
|
|
|
