Computer Security

Search:Vulnerability:24.12.2007
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.12.2007
Published:24.12.2007
Source:BUGTRAQ
SecurityVulns ID:8482
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress <= 2.0.9: crossite scripting.
Affected:WBB : Woltlab Burning Board Lite 1.0
 CUREPHP : CuteNews 1.4
 TIKIWIKI : tikiwiki 1.9
 WORDPRESS : WordPress 2.0
 JUPITERPORTAL : Jupiter Cms 1.1
 ISUPPORT : iSupport 1.8
 ABI : ABI 3.7
 PHPICALENDAR : PHP iCalendar 2.24
 DOKEOS : Dokeos 1.8
Original documentdocumentmalibu.r_(at)_hotmail.com, Logaholic Web Analytics Software (24.12.2007)
 documentadmin_(at)_bugreport.ir, Jupiter Cms Multiple Vulnerabilities (24.12.2007)
 documentJanek Vind, [waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5 (24.12.2007)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack (24.12.2007)
 documentmesut_(at)_h-labs.org, Tikiwiki 1.9.8.3 tiki-special_chars.php XSS Vulnerability (24.12.2007)
 documentbeenudel1986_(at)_gmail.com, My Blog Rfi (24.12.2007)
 documentHackers Center Security Group, [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities (24.12.2007)
 documentMustLive, Cross-Site Scripting vulnerabilities in WordPress (24.12.2007)
 documentroot_(at)_hanicker.it, Moodle SQL Injection (21.12.2007)
 documentnbbn_(at)_gmx.net, Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability (21.12.2007)
 documentJose Luis Góngora Fernández, PHP iCalendar <= 2.24 - Cross-Site Scripting Vulnerability (21.12.2007)
 documentlolo lolo, SiteScape Forum TCL injection (21.12.2007)
 documentThe-0utl4w-noreply_(at)_aria-security.net, [Aria-Security.net] ABI Version 3.7.9.17 Remote SQL Injection (21.12.2007)
 documentahcrew_(at)_gmail.com, iSupport v1.8 Local file include vulnerability (21.12.2007)
Discuss:Read or add your comments to this news (0 comments)

WinUAE Amiga emulator buffer overflow
Published:24.12.2007
Source:BUGTRAQ
SecurityVulns ID:8489
Type:local
Level:4/10
Description:Buffer overflow on gzip'ed floppy disk image parsing.
Affected:WINUAE : WinUAE 1.4
Original documentdocumentLuigi Auriemma, Buffer-overflow in WinUAE 1.4.4 (24.12.2007)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows Message Queuing buffer overflow
updated since 12.12.2007
Published:24.12.2007
Source:MICROSOFT
SecurityVulns ID:8435
Type:remote
Level:7/10
Description:Buffer overflow in RPC interface (TCP/2103).
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
CVE:CVE-2007-3039
 CVE-2007-3039
Original documentdocumentSECURITEAM, [EXPL] Microsoft Windows Message Queuing Service Stack Overflow Vulnerability (MS07-065, Exploit) (24.12.2007)
 documentZDI, ZDI-07-076: Microsoft Windows Message Queuing Service Stack Overflow Vulnerability (12.12.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-065 – Important Vulnerability in Message Queuing Could Allow Remote Code Execution (937894) (12.12.2007)
Files:Microsoft Message Queue POC exploit ( MS07-065 )
 Microsoft Security Bulletin MS07-065 – Important Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
Discuss:Read or add your comments to this news (0 comments)

AOL Instant messenger code execution
updated since 26.09.2007
Published:24.12.2007
Source:BUGTRAQ
SecurityVulns ID:8192
Type:remote
Level:9/10
Description:Microsoft Internet Explorer control is used for HTML content rendering without limiting zone access.
Affected:AOL : Instant Messenger 6.1
 AOL : Instant Messenger 6.2
CVE:CVE-2007-4901 (Unspecified vulnerability in AOL Instant Messenger (AIM) 6.1.41.2 allows remote attackers to write arbitrary HTML to a notification window via unspecified vectors in circumstances "when the window of origin is not the main focus.")
Original documentdocumentevanchik_(at)_gmail.com, America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution (24.12.2007)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software (26.09.2007)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Office Publisher /Word DoS
Published:24.12.2007
Source:BUGTRAQ
SecurityVulns ID:8490
Type:remote
Level:5/10
Description:Crash on malformed .pub file with WordArt object parsing.
Original documentdocumentjplopezy_(at)_gmail.com, Word 2003 denial of service (24.12.2007)
 documentjplopezy_(at)_gmail.com, Microsoft Office Publisher (24.12.2007)
Discuss:Read or add your comments to this news (0 comments)

Adobe Flash Player sandbox protection bypass
updated since 10.08.2007
Published:24.12.2007
Source:BUGTRAQ
SecurityVulns ID:8028
Type:client
Level:5/10
Description:SecurityErrorEvent can be used for client ports scanning.
Affected:ADOBE : Flash Player 9.0
CVE:CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0 allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not.)
Original documentdocumentSECURITEAM, [EXPL] Socket Connection Timing Can Reveal Information About Network Configuration (Exploit) (24.12.2007)
 documentfukami, Design flaw in AS3 socket handling allows port probing (10.08.2007)
Files:Flash 9 AS3 TCP-Portprober
Discuss:Read or add your comments to this news (0 comments)

Ingres database / CA security products multiple security vulnerabilities
updated since 22.06.2007
Published:24.12.2007
Source:BUGTRAQ
SecurityVulns ID:7841
Type:remote
Level:6/10
Description:Multiple heap buffers overflows on TCP/10916 and TCP/10923 requests parsing. Local unauthorized files access with 'wakeup'. Buffer overflow in uuid_from_char() SQL function, privilege escalation.
Affected:INGRES : Ingres Database 3.0
 INGRES : Ingres 2006
 INGRES : Ingres 2.6
 INGRES : Ingres 2.5
CVE:CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.)
 CVE-2007-3338 (Multiple buffer stack-based overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows attackers allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.)
 CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.)
 CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.)
 CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentCA, [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability (24.12.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres Unauthenticated Pointer Overwrite 1 (26.06.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres wakeup setuid(ingres) file truncation (26.06.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres stack overflow in uuid_from_char function (26.06.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres verifydb local stack overflow (26.06.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Ingres Unauthenticated Pointer Overwrite 2 (26.06.2007)
 documentCA, [Full-disclosure] [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities (22.06.2007)
 documentIDEFENSE, iDefense Security Advisory 06.21.07: Ingres Database Multiple Heap Corruption Vulnerabilities (22.06.2007)
Discuss:Read or add your comments to this news (0 comments)

pdflib buffer overflow
Published:24.12.2007
Source:BUGTRAQ
SecurityVulns ID:8491
Type:remote
Level:5/10
Description:Buffer overflow during PDF generation on oversized PDF file.
Original documentdocumentpoplix_(at)_papuasia.org, pdflib long filename multiple bufferoverflows (24.12.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Πειςθνγ@Mail.ru