 |
|
|
|
| Multiple mobile phones bluetooth DoS | | Published: |  | 24.01.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7092 | | Type: |  | remote | | Level: |  | 4/10 | | Description: |  | Flood with ussp-push messages causes user interface blocking by multiple download prompt messages. |
| Affected: |  | NOKIA : Nokia N70 | | | | SONYERICSSON : Sony Ericsson K700i | | | | MOTOROLLA : MOTORAZR V3 | | | | SONYERICSSON : Sony Ericsson W810i | | | | LG : Chocolate KG800 | | CVE: |  | CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.) | | | | CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.) | | | | CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.) | | | | CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.) |
| Original document |  | Armin Hornung, Bluetooth DoS by obex push (24.01.2007) |
| xine-ui format string vulnerability | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7093 | | Type: | | client | | Level: | | 5/10 | | Description: | | Format string vulnerability in errors_create_window() on media files parsing. |
| Affected: | | XINE : xine-ui 0.99 | | CVE: | | CVE-2007-0254 (Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.) |
| Original document | | saik0pod_(at)_yahoo.com, Xine-ui format string Vulnerabilties. (24.01.2007) |
| Cisco routers IPv6 DoS | | Published: | | 24.01.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7100 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Router crash on parsing IPv6 packet RH (routing header). |
| Affected: | | CISCO : IOS 12.0 | | | | CISCO : IOS 12.1 | | | | CISCO : IOS 12.2 | | | | CISCO : IOS 12.3 | | | | CISCO : IOS 12.4 | | CVE: | | CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.) |
| Original document | | CISCO, [Full-disclosure] Cisco Security Advisory: IPv6 Routing Header Vulnerability (24.01.2007) |
| Apple QuickDraw libraries memory corruption | | Published: | | 24.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7102 | | Type: | | library | | Level: | | 6/10 | | Description: | | Memory corruption on maleformed PICT image ARGB record. |
| Affected: | | APPLE : Mac OS X 10.4 | | CVE: | | CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.) | | | | CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.) |
| Original document | | MOAB, MOAB-23-01-2007: Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability (24.01.2007) |
| Sun Solaris tip privilege escalation | | Published: | | 24.01.2007 | | Source: | | SECUNIA | | SecurityVulns ID: | | 7103 | | Type: | | local | | Level: | | 5/10 | | Description: | | Privilege escalation to 'uucp' user. |
| Affected: | | SUN : Solaris 8 | | | | SUN : Solaris 9 | | | | SUN : Solaris 10 | | CVE: | | CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.) |
| Original document | | SECUNIA, [SA23821] Sun Solaris "tip" Command Privilege Escalation (24.01.2007) |
| OpenBSD IPv6 ICMPv6 DoS | | Published: | | 24.01.2007 | | Source: | | SECUNIA | | SecurityVulns ID: | | 7105 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Infinite loop on ICMPv6 packet parsing. |
| Affected: | | OPENBSD : OpenBSD 3.9 | | | | OPENBSD : OpenBSD 4.0 | | CVE: | | CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.) |
| Original document | | SECUNIA, [SA23830] OpenBSD ICMP6 Denial of Service Vulnerability (24.01.2007) |
| Sun Ray Server password information leak | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7106 | | Type: | | local | | Level: | | 5/10 | | Description: | | /cgi-bin/mail scripts records utadmin administrator's password is recorded into log file. |
| Affected: | | SUN : Sun Ray Server Software 3.0 | | | | SUN : Sun Ray Server Software 2.0 | | CVE: | | CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.) |
| Original document | | SECUNIA, [SA23900] Sun Ray Server Software Password Disclosure (24.01.2007) |
| Cisco routers memory leak DoS | | Published: | | 24.01.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7097 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Memory leak on incoming TCP packets. |
| Affected: | | CISCO : IOS 12.0 | | | | CISCO : IOS 12.1 | | | | CISCO : IOS 12.2 | | | | CISCO : IOS 12.3 | | | | CISCO : IOS 12.4 | | CVE: | | CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.) |
| Original document | | CISCO, [Full-disclosure] Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service (24.01.2007) |
| Apple Mac OS X UserNotificationCenter privilege escalation | | Published: | | 24.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7101 | | Type: | | local | | Level: | | 6/10 | | Description: | | Application doesn't droup wheel group privileges. |
| Affected: | | APPLE : Mac OS X 10.4 | | CVE: | | CVE-2007-0023 (The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.) |
| Original document | | MOAB, MOAB-22-01-2007: Apple UserNotificationCenter Privilege Escalation Vulnerability (24.01.2007) |
| Cisco routers and code execution with IP options DoS | | Published: | | 24.01.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7107 | | Type: | | remote | | Level: | | 10/10 | | Description: | | ICMP, UDP or TCP packets with some IP options set can cause device reload and potentially code execution. |
| Affected: | | CISCO : IOS 12.0 | | | | CISCO : IOS 12.1 | | | | CISCO : IOS 12.2 | | | | CISCO : IOS 12.3 | | | | CISCO : IOS XR 3.2 | | | | CISCO : IOS XR 3.4 | | CVE: | | CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.) |
| Original document | | CISCO, [Full-disclosure] Cisco Security Advisory: Crafted IP Option Vulnerability (24.01.2007) |
| pam unauthorized access | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7104 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Any password is accepted if password hash contains some set of characters. |
| Affected: | | PAM : pam 0.99 | | CVE: | | CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.) |
| Original document | | SECUNIA, [SA23858] Linux-PAM Login Bypass Security Vulnerability (24.01.2007) |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.01.2007 | | Published: | | 24.01.2007 | | Source: | | | | SecurityVulns ID: | | 7090 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | PHPADSNEW : phpAdsNew 2.0 | | | | PHPOPENADS : phpPgAds 2.0 | | | | PHPNUKE : PHP-Nuke 7.9 | | | | WEBSITEBAKER : Website Baker 2.6 | | | | BITWEAVER : bitweaver 1.3 | | | | FREEFORUM : FreeForum 0.9 | | | | CMSIMPLE : cmsimple 2.7 | | | | PHPLINKDIRECTORY : PHP Link Directory 3.0 | | | | OPENREALTY : Open-Realty 2.3 | | | | UPLOADSCRIPT : UploadScript 1.02 | | | | UPLOADSERVICE : Upload Service 1.0 | | | | ADVANCEDGUESTBOO : Advanced Guestbook 2.4 | | | | SCRIPTSEZ : Random PHP Quote 1.0 | | | | YANAFRAMEWORK : Yana Framework 2.8 | | | | INDISGUISE : Enthusiast 3.1 | | | | PHPXD : phpxd 0.3 | | | | BBCLONE : bbclone 0.31 | | | | RPW : RPW 1.0 | | | | ASPEDGE : ASP EDGE 1.2 | | | | ASPNEWS : ASP NEWS 3 | | | | VOTEPRO : Vote-Pro 4.0 | | | | FREEWEBSHOP : FreeWebshop.org Script 2.2 | | | | DRUPAL : Drupal Acidfree Module 4.6 | | | | OPENADS : Openads 2.0 | | | | WEBGUI : WebGUI 7.3 | | | | DJANGO : django 0.95 | | | | ZIXFORUM : ZixForum 1.14 | | | | MAXTRICITY : Maxtricity Tagger 0.1 | | CVE: | | CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.) | | | | CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.) | | | | CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.) | | | | CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.) | | | | CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.) | | | | CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.) | | | | CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.) | | | | CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.) | | | | CVE-2007-054 | | | | CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.) | | | | CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.) | | | | CVE-2007-0530 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use.) | | | | CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.) | | | | CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.) | | | | CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.) | | | | CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.) | | | | CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.) | | | | CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.) | | | | CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.) | | | | CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.) | | | | CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.) | | | | CVE-2007-0487 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used.) | | | | CVE-2007-0486 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions.) | | | | CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.) | | | | CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.) | | | | CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.) | | | | CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.) | | | | CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.) | | | | CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.) |
| Original document | | beks, Maxtricity Tagger Password Disclosure Vulnerability (24.01.2007) |
| | | me you, ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability (24.01.2007) |
| | | Matteo Beccati, [Full-disclosure] [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed (24.01.2007) |
| | | beks, Toxiclab Shoutbox Password Disclosure Vulnerability (24.01.2007) |
| | | SECUNIA, [SA23826] Django Two Vulnerabilities (24.01.2007) |
| | | SECUNIA, [SA23754] WebGUI User Name Script Insertion Vulnerability (24.01.2007) |
| | | SECUNIA, [SA23720] Openads / Openads for PostgreSQL Cross-Site Scripting Vulnerability (24.01.2007) |
| | | PHPNUKE, [SA23748] PHP-Nuke "cat" Old Articles Block SQL Injection (24.01.2007) |
| | | SECUNIA, [SA23895] Drupal Acidfree Module "node titles" SQL Injection Vulnerability (24.01.2007) |
| | | SECUNIA, [SA23898] FreeWebShop.org "lang_file" File Inclusion Vulnerability (24.01.2007) |
| | | Advisory_(at)_Aria-Security.net, [Aria-Security Team] MyBB Cross-Site Scripting (24.01.2007) |
| | | ajannhwt_(at)_hotmail.com, ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability (24.01.2007) |
| | | ajannhwt_(at)_hotmail.com, ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability (24.01.2007) |
| | | Dr Max Virus, phpXD <= 0.3 (path) Remote File Inclusion Vulnerability (24.01.2007) |
| | | Dr Max Virus, BBClone 0.31 (selectlang.php) Remote File Inclusion Vulnerability (24.01.2007) |
| | | Dr Max Virus, RPW 1.0.2 (config.php sql_language) Remote File Inclusion Vulnerability: (24.01.2007) |
| | | SECUNIA, [SA23865] Enthusiast Cross-Site Scripting and SQL Injection (24.01.2007) |
| | | SECUNIA, [SA23855] Yana Framework Guestbook Profile Security Bypass (24.01.2007) |
| | | the.tiger100_(at)_gmail.com, subscribe (pwd.txt) Remote Password Disclosur (24.01.2007) |
| | | the.tiger100_(at)_gmail.com, RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur (24.01.2007) |
| | | C0r3 1mp4ct, AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability (24.01.2007) |
| | | me you, Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability (24.01.2007) |
| | | y3dips_(at)_gmail.com, [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion (24.01.2007) |
| | | Rolf Huisman, SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before (24.01.2007) |
| | | me you, Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability (24.01.2007) |
| | | me you, UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability (24.01.2007) |
| | | CorryL, [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit (24.01.2007) |
| | | xx_hack_xx_2004_(at)_hotmail.com, Full Path Disclosure in Open-Realty ( v2.3.4 ) (24.01.2007) |
| | | jussi.vuokko_(at)_smilehouse.com, PHP Link Directory XSS Vulnerability version <= 3.0.6 (24.01.2007) |
| | | mr alkomandoz, phpAdsNew 2.0.7 Remote File Include (24.01.2007) |
| | | mr alkomandoz, cmsimple 2.7 Remote File Include (24.01.2007) |
| | | xx_hack_xx_2004_(at)_hotmail.com, SQL Injection in Unique Ads ( UDS ) (24.01.2007) |
| | | xx_hack_xx_2004_(at)_hotmail.com, XSS in Guestbook ( v.4.00 beta ) (24.01.2007) |
| | | Advisory_(at)_Aria-Security.net, XMB "U2U Instant Messenger" Cross-Site Scripting (24.01.2007) |
| | | me you, FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability (24.01.2007) |
| | | laurent gaffié, FishCart [injection sql] (24.01.2007) |
| Apple Safari / Konqueror SCRIPT tag filtering bypass | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7091 | | Type: | | client | | Level: | | 3/10 | | Description: | | Brower follows <script> tags within HTML comment. It violates HTML standard. |
| Affected: | | KDE : KDE 3.5 | | | | APPLE : MacOS X 10.4 | | | | KDE : Konqueror 3.5 | | CVE: | | CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.) | | | | CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.) |
| Original document | | Jose Avila III, Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability (24.01.2007) |
| OpenLDAP installation symbolic links vulnerability | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7094 | | Type: | | remote | | Level: | | 4/10 | | Description: | | gencert.sh installation script insecure tempoary files creation. |
| Affected: | | OPENLDAP : OpenLDAP 2.2 | | | | OPENLDAP : OpenLDAP 2.1 | | | | OPENLDAP : OpenLDAP 2.3 | | CVE: | | CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.) |
| Original document | | GENTOO, [ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation (24.01.2007) |
| Multiple IP Phones unauthorized access | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7095 | | Type: | | remote | | Level: | | 5/10 | | Description: | | After administrative login it's possible to access administration interface from any IP without password validation. |
| Affected: | | ATCOM : ATCOM AT-320ED | | | | ATCOM : ATCOM AT-323 | | | | IPLINK : JR168_100B | | | | IPLINK : JR168_100W | | | | IPLINK : JR168_200 | | | | NETWEBGROUP : Netweb 401 | | | | NETWEBGROUP : Netweb 402 | | | | WUCHAN : Wuchuan HOP-1001 | | | | WUCHAN : Wuchuan HOP-1002 | | | | WUCHAN : Wuchuan HOP-1003 | | | | GIPTEL : Giptel G100 | | | | SIPTRONIC : Siptronic ST-100 | | | | SIPTRONIC : Siptronic ST-150 | | | | MERITLINE : KE1020 Netphone | | | | MERITLINE : Meritline ML210 | | | | INTEGRATEDNETWOR : Integrated Networks IN-1002 | | | | ARTDIO : ArtDio IPF-2000 | | | | ARTDIO : ArtDio IPF-2002L | | | | PERFECTONE : Perfectone IP300 | | CVE: | | CVE-2007-0528 (The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).) |
| Original document | | research_(at)_procheckup.com, PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability (24.01.2007) |
| Microsoft Visual Studio buffer overflow | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7096 | | Type: | | local | | Level: | | 3/10 | | Description: | | Buffer overflows on oversized filename in different paramters. |
| Affected: | | MICROSOFT : Visual Studio 6.0 | | CVE: | | CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.) |
| Original document | | porkythepig_(at)_anspi.pl, Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability (24.01.2007) |
| Sienzo Digital Music Mentor ActiveX buffer overflow | | Published: | | 24.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7098 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow in NCTAudioFile2.AudioFile SetFormatLikeSample() method. |
| Affected: | | SIENZO : Sienzo Digital Music Mentor 2.6 | | CVE: | | CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD B) |
| Original document | | SECUNIA, [Full-disclosure] Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow (24.01.2007) |
NCTsoft multiple applications ActiveX buffer overflow
updated since 24.01.2007 | | Published: | | 11.05.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7099 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow in NCTAudioFile2.AudioFile SetFormatLikeSample() method. |
| Affected: | | NCTSOFT : NCTAudioStudio 2.7 | | | | NCTSOFT : NCTAudioEditor 2.7 | | | | NCTSOFT : NCTDialogicVoice 2.7 | | | | BEARSHARE : BearShare 6.0 | | CVE: | | CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD B) |
| |
|
| |
