 |
|
|
|
| freetype integer overflow | | Published: |  | 25.05.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7734 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Integer overflow on TTF fonts parsing leads to heap bufffer overflow. |
| Affected: |  | FREETYPE : Freetype 2.3 | | CVE: |  | CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.) |
| Original document |  | RPATH, rPSA-2007-0108-1 freetype (25.05.2007) |
| Cisco routers SSL DoS | | Published: | | 25.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7735 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple vulnerabilities on SSL packets parsing. |
| Affected: | | CISCO : IOS 12.0 | | | | CISCO : IOS 12.1 | | | | CISCO : IOS 12.2 | | | | CISCO : IOS 12.3 | | | | CISCO : IOS 12.4 |
| Original document | | CISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets (25.05.2007) |
| Microsoft IIS unauthorized files access | | Published: | | 25.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7736 | | Type: | | remote | | Level: | | 5/10 | | Description: | | It's possible to bypass authentication with null.htw template. |
| Affected: | | MICROSOFT : Windows 2000 Server |
| Original document | | ISecAuditors Security Advisories, [ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass (25.05.2007) |
| MicroWorld eScan multiple content filtering products buffer overflow | | Published: | | 25.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7739 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow in TCP/2222 agent management interface. |
| Affected: | | MWTI : eScan 9.0 |
| Original document | | SECUNIA, Secunia Research: eScan Products Agent Service Command Decryption Buffer Overflow (25.05.2007) |
| Credant Mobile Guardian Shield information leak | | Published: | | 25.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7745 | | Type: | | local | | Level: | | 4/10 | | Description: | | Sensitive information is stored in memory in crear-text form and may be stored in paging file. |
| Affected: | | CREDANT : Credant Mobile Guardian Shield for Windows 5.2 |
| Original document | | myucebox_(at)_yahoo.com, Vulnerability in Credant Mobile Guardian Shield for Windows (25.05.2007) |
| MySQl database server DoS | | Published: | | 25.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7741 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Division by zero and NULL-pointer dereference on malcrafted IF condition. |
| Affected: | | MYSQL : MySQL 5.0 | | CVE: | | CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.) |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.05.2007 | | Published: | | 25.05.2007 | | Source: | | | | SecurityVulns ID: | | 7737 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | BOASTMACHINE : BoastMachine 3.0 | | | | CUBECART : CubeCart 3.0 | | | | JETBOX : Jetbox CMS 2.1 | | | | WORDPRESS : WordPress 2.1 | | | | PSYCHOSTATS : PsychoStats 3.0 | | | | HLSTATS : HLstats 1.35 | | | | CLONUSWIKI : ClonusWiki 0.5 | | | | GMTT : GMTT Music Distro 1.2 | | | | PHPPGADMIN : phpPgAdmin 4.1 | | | | ABC : ABC Excel Parser 4.0 | | | | 2ZPROJECT : 2z project 0.9 | | | | WIYS : WIYS 1.0 | | | | GFORGE : gforge-plugin-scmcvs 4.5 | | CVE: | | CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.) |
| Original document | | DEBIAN, [SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution (25.05.2007) |
| | | vagrant Pest, WIYS v1.0 Cross-Site Scripting Vulnerability - (05.24.2007) (NEW) (25.05.2007) |
| | | Janek Vind, [waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5 (25.05.2007) |
| | | the_3dit0r_(at)_yahoo.com, ABC Excel Parser Pro v4.0 Remote File Include Exploit (25.05.2007) |
| | | vagrant Pest, BoastMachine v3.0 platinum - Session Ýd Hacking (25.05.2007) |
| | | john_(at)_martinelli.com, RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability (25.05.2007) |
| | | Cornelius Riemenschneider, SQL-Injection in IP-TRACKING Mod for phpBB2.0.x (25.05.2007) |
| | | the_3dit0r_(at)_yahoo.com, phpPgAdmin-4.1.1 Remote File Include & Url Redirecting Vulnerabilitiy (25.05.2007) |
| | | john_(at)_martinelli.com, RedLevel Advisory #020 - HLstats v1.35 Cross-Site Scripting Vulnerability #3 (25.05.2007) |
| | | john_(at)_martinelli.com, RedLevel Advisory #018 - RM EasyMail Plus - Cross-Site Scripting Vulnerability #2 (25.05.2007) |
| | | CorryL, GMTT Music Distro 1.2 XSS Exploit (25.05.2007) |
| | | john_(at)_martinelli.com, RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities (25.05.2007) |
| | | Janek Vind, [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3 (25.05.2007) |
| | | securityresearch_(at)_netvigilance.com, Jetbox CMS version 2.1 XSS Attack Vulnerability (25.05.2007) |
| | | john_(at)_martinelli.com, RedLevel Advisory #022 - ClonusWiki .5 Cross-Site Scripting Vulnerability (25.05.2007) |
| Cisco multiple devices DoS | | Published: | | 25.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7738 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Denial of service on ASN.1 parsing due to vulnerability in cryptographics library. |
| |
|
| |
