Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.01.2007
Source:
SecurityVulns ID:7108
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SITEMAN : Siteman 1.1
 EZDATABASE : ezDatabase 2.1
 CALACODE : @Mail 4.51
 UNIFORUM : uniForum 4
 ASPEDGE : ASP EDGE 1.2
 COMMUNITYSERVER : Community Server 2.1
 WORDPRESS : WordPress 2.1
 XERO : Xero Portal 1.2
 MAKEIT : makit news/blog poster 3
 AZTEK : Aztek Forum 4.1
 SITEMAN : Siteman 2.0
 GUOX : GPS 1.2
 SHOPPINGBASKET : Shopping Basket Professional 7.50
 DRUPAL : Drupal Project Module 4.7
 DRUPAL : Drupal Project issue tracking Module 4.7
 CGERESCUE : CGI Rescue WebFORM 4.3
CVE:CVE-2007-0861 (** DISPUTED ** PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached.)
 CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.)
 CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays.)
 CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.)
 CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays.)
 CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.)
 CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.)
 CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.)
 CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).)
 CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.)
 CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.)
 CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.)
 CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.)
 CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0541 (WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.)
 CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.)
 CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.)
 CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.)
 CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking.")
 CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.)
 CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.)
 CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).)
Original documentdocumentNetragard Security Advisories, [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery] (25.01.2007)
 documentSECUNIA, [SA23913] CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection (25.01.2007)
 documentSECUNIA, [SA23887] Drupal Project Issue Tracking Module Multiple Vulnerabilities (25.01.2007)
 documentSECUNIA, [SA23908] Drupal Project Module Script Insertion Vulnerability (25.01.2007)
 documentSECUNIA, [SA23909] Shopping Basket Professional Command Injection (25.01.2007)
 documentCorryL, [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability (25.01.2007)
 documentme you, phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability (25.01.2007)
 documentajannhwt_(at)_hotmail.com, ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability (25.01.2007)
 documentHackers Center Security Group, EzDatabase Multiple Cross-Site Scripting Vulnerability (25.01.2007)
 documentajannhwt_(at)_hotmail.com, uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, Weaknesses in Pingback Design (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, Multiple Remote Vulnerabilities in Wordpress (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, DoS against Telligent Community Server (25.01.2007)
Files:Exploits Xero Portal v1.2 (phpbb_root_path) Local File Include Vulnerablity
 Aztek Forum 4.1 Multiple Vulnerabilities Exploit

Citrix Metaframe Presentation Server / Javvin DiskAccess printer provider buffer overflow
Published:25.01.2007
Source:
SecurityVulns ID:7109
Type:remote
Threat Level:
7/10
Description:Buffer overflow in cpprov.dll EnumPrintersW() and OpenPrinter() functions.
Affected:CITRIX : MetaFrame Presentation Server 3.0
 CITRIX : Metaframe Presentation Server 4.0
 CITRIX : MetaFrame XP 1.0
 JAVVIN : DiskAccess 0.6
CVE:CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.)
 CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.)
 CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.)
Original documentdocumentZDI, ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability (25.01.2007)
Files:Universal exploit for vulnerable printer providers (spooler service)
 Proof of concept exploit for ZDI - Citrix Metaframe spooler service vulnerability

CA personal firewall multiple privilege escalations
Published:25.01.2007
Source:
SecurityVulns ID:7110
Type:local
Threat Level:
6/10
Description:Multiple vulnerabilities in HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys)drivers.
Affected:CA : CA Personal Firewall 2007
 CA : CA Internet Security Suite 2007
CVE:CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.)
Original documentdocumentCA, [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities (25.01.2007)

gtk library DoS
Published:25.01.2007
Source:
SecurityVulns ID:7111
Type:library
Threat Level:
5/10
Description:Crash on GIF files parsing.
CVE:CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.)
Original documentdocumentRPATH, rPSA-2007-0019-1 gtk (25.01.2007)

Earthlink TotalAccess AtciveX protection bypass
Published:25.01.2007
Source:
SecurityVulns ID:7112
Type:client
Threat Level:
2/10
Description:It's possible to manage sender and domain whitelists.
CVE:CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.)
Original documentdocumentEthan Hunt, [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability (25.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod