 |
|
|
|
| ImageMagic multiple security vulnerabilities | | Published: |  | 24.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8178 | | Type: |  | library | | Level: |  | 6/10 | | Description: |  | Multiple vulnerabilities on BMP, DCM and another graphics formats parsing. |
| Affected: |  | IMAGEMAGIC : ImageMagic 6.3 | | CVE: |  | CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.) | | | | CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.) | | | | CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.) | | | | CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.) |
| Original document |  | IDEFENSE, iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Integer Overflow Vulnerabilities (24.09.2007) |
| | | IDEFENSE, iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Off-By-One Vulnerability (24.09.2007) |
| | | IDEFENSE, iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Multiple Denial of Service Vulnerabilities (24.09.2007) |
| | | IDEFENSE, iDefense Security Advisory 09.19.07: Multiple Vendor ImageMagick Sign Extension Vulnerability (24.09.2007) |
| CA ARCServe Backup multiple security vulnerabilities | | Published: | | 24.09.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8179 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Authentication bypass, multiple buffer overflows TCP/1900. |
| Affected: | | CA : ARCserve Backup 11.1 | | | | CA : ARCserve Backup 11.5 | | | | CA : ARCServe Backup 4.0 | | | | CA : CA Desktop Management Suite 11.2 | | | | CA : CA Protection Suites 2 | | CVE: | | CVE-2007-5006 | | | | CVE-2007-5005 | | | | CVE-2007-5004 | | | | CVE-2007-5003 | | | | CVE-2007-3216 (Multiple unspecified vulnerabilities in the server component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via unknown attack vectors. NOTE: this information is based upon a vague pre-advisory. It is possible that this will be SPLIT when more details are released.) |
| Original document | | CA, [Full-disclosure] [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities (24.09.2007) |
| | | EEYE, EEYE: Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops (24.09.2007) |
| | | IDEFENSE, iDefense Security Advisory 09.20.07: CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities (24.09.2007) |
| | | IDEFENSE, iDefense Security Advisory 09.20.07: CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability (24.09.2007) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 24.09.2007 | | Source: | | | | SecurityVulns ID: | | 8183 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| |
|
| |
