Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.12.2007
Published:26.12.2007
Source:
SecurityVulns ID:8492
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PRO-search: crossite scripting and DoS.
Affected:PROSEARCH : PRO-search 0.17
 RUNCMS : RunCMS 1.6
Original documentdocumentJose Luis Góngora Fernández, SimpleForum <= 4.6.2 - Cross-Site Scripting Vulnerability (26.12.2007)
 documentDigital Security Research Group, Multiple vulnerabilities in RUNCMS 1.6 by DSecRG (26.12.2007)
 documentMustLive, Vulnerabilities in PRO-search (26.12.2007)

Apache Tomcat weak default permissions
Published:26.12.2007
Source:
SecurityVulns ID:8493
Type:local
Threat Level:
5/10
Description:JULI logging component allow arbitrary files overwriting.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.)
Original documentdocumentAPACHE, [CVE-2007-5342] Apache Tomcat's default security policy is too open (26.12.2007)

Ada Image server directory traversal
Published:26.12.2007
Source:
SecurityVulns ID:8495
Type:remote
Threat Level:
5/10
Description:Multiple directory traversal variants.
Affected:ADAIMGSVR : Ada Image server 0.6
Original documentdocumentLuigi Auriemma, Double directory traversal in ImgSvr 0.6.21 (26.12.2007)

ZoomPlayer media player buffer overflow
Published:26.12.2007
Source:
SecurityVulns ID:8496
Type:remote
Threat Level:
5/10
Description:Buffer overflow on ZPL file parsing.
Affected:INMATRIX : Zoom Player 6.00
Original documentdocumentLuigi Auriemma, Unicode buffer-overflow in Zoom Player 6.00b2 (26.12.2007)

Total Player media player buffer overflow
Published:26.12.2007
Source:
SecurityVulns ID:8497
Type:client
Threat Level:
4/10
Description:Buffer overflow on .m3u file parsing.
Affected:TOTALPLAYER : TotalPlayer 3.0
Original documentdocumentdavid130490_(at)_hotmail.com, TotalPlayer 3.0 .m3u crash (26.12.2007)

ZyXEL P-330W routers crossite scripting
Published:26.12.2007
Source:
SecurityVulns ID:8498
Type:remote
Threat Level:
4/10
Description:Crossite scripting in Web administration interface.
Affected:ZYXEL : ZyXEL P-330W
Original documentdocumentSanta Clause, [Full-disclosure] Ho Ho H0-Day - ZyXEL P-330W multiple XSS and XSRF vulnerabilities (26.12.2007)

AOL AIM YGP Picture Editor ActiveX control buffer overflow
Published:26.12.2007
Source:
SecurityVulns ID:8499
Type:client
Threat Level:
6/10
Description:Buffer overflows in different properties.
Original documentdocumentElazar Broad, [Full-disclosure] AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows (26.12.2007)

Live for Speed game buffer overflow
updated since 15.10.2007
Published:26.12.2007
Source:
SecurityVulns ID:8256
Type:client
Threat Level:
6/10
Description:Buffer overflow on skin file parsing.
Affected:LIVEFORSPEED : Live for Speed 0.5
Original documentdocumentLuigi Auriemma, Update: Clients buffer-overflow in Live for Speed 0.5X10 (26.12.2007)
 documentLuigi Auriemma, Clients buffer-overflow in Live for Speed 0.5X10 (15.10.2007)
Files:Exploits Live for Speed demo/S1/S2 <= 0.5X10 clients buffer-overflow

Macrovision InstallShield ActiveX code execution
updated since 02.11.2007
Published:26.12.2007
Source:
SecurityVulns ID:8308
Type:client
Threat Level:
8/10
Description:Unsafe Update Service ActiveX method allows code execution.
Affected:MACROVISION : InstallShield Update Service 5.01
 MACROVISION : InstallShield Update Service 6.0
CVE:CVE-2007-5660
Original documentdocumentElazar Broad, [Full-disclosure] Installshield Update Service isusweb.dll Buffer Overflow (26.12.2007)
 documentIDEFENSE, iDefense Security Advisory 10.31.07: Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability (02.11.2007)
Files:Macrovision Installshield isusweb.dll SEH Overwrite Exploit

Persists Software XUpload ActiveX control buffer overflow
updated since 26.12.2007
Published:29.12.2007
Source:
SecurityVulns ID:8500
Type:client
Threat Level:
5/10
Description:Buffer overflow in AddFolder() method.
Original documentdocumentElazar Broad, [Full-disclosure] Persits Software XUpload Control AddFolder() Buffer Overflow Exploit (29.12.2007)
 documentElazar Broad, [Full-disclosure] Persits Software XUpload Control Buffer Overflow Exploit (29.12.2007)
 documentElazar Broad, [Full-disclosure] Persits Software XUpload.ocx Buffer Overflow (26.12.2007)
Files:Persits Software XUpload Control AddFolder() Buffer Overflow Exploit

VideoLAN VLC media player multiple security vulnerabilities
updated since 26.12.2007
Published:17.03.2008
Source:
SecurityVulns ID:8494
Type:remote
Threat Level:
6/10
Description:Buffer overflow on subtitles parsing, format string vulnerability in Web interface TCP/8080.
Affected:VLC : VLC 0.8
Original documentdocumentLuigi Auriemma, VLC highlander bug (17.03.2008)
 documentLuigi Auriemma, Buffer-overflow and format string in VideoLAN VLC 0.8.6d (26.12.2007)
Files:Exploits Buffer-overflow and format string in VideoLAN VLC 0.8.6d

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod