 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 27.06.2007 | | Source: |  | | | SecurityVulns ID: |  | 7855 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | QUICKTICKET : QuickTicket 1.2 | | | | QUICKTALK : QuickTalk guestbook 1.2 | | | | RAINWORX : rwAuction Pro 5.0 | | | | XYTHOS : Xythos Enterprise Document Manager 5.0 | | | | XYTHOS : Xythos Enterprise Document Manager 6.0 | | | | XYTHOS : Xythos Digital Locker 6.0 | | | | XYTHOS : Xythos Digital Locker 5.0 | | CVE: |  | CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution.) | | | | CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server.) | | | | CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server.) |
| RealPlayer / HelixPlayer buffer overflow | | Published: | | 27.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7856 | | Type: | | client | | Level: | | 7/10 | | Description: | | Buffer overflow on SMIL2 format time parsing. |
| Affected: | | REAL : RealPlayer 10.5 | | | | REAL : HelixPlayer 10.5 | | CVE: | | CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer and HelixPlayer 10.5-GOLD allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.) |
MIT Kerberos multiple security vulnerabilities
updated since 26.06.2007 | | Published: | | 27.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7854 | | Type: | | remote | | Level: | | 6/10 | | Description: | | kadmind stack-based buffer overflow, buffer overflow and uninitialized pointer free() in RPC library. |
| Affected: | | MIT : krb5 1.6 | | CVE: | | CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.) | | | | CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.) | | | | CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.) |
| Checkpoint firewall products crossite scripting | | Published: | | 27.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7857 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting within administration interface. |
| Avax Vector ActiveX unauthorized access | | Published: | | 27.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7858 | | Type: | | client | | Level: | | 5/10 | | Description: | | WriteMovie method allows write access to the disk. |
PHP safe mode protection bypass with htaccess
updated since 27.06.2007 | | Published: | | 26.11.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7859 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to manipulate function ini_set() and session_save_path() with htaccess settings. |
| Affected: | | PHP : PHP 4.4 | | | | PHP : PHP 5.2 | | CVE: | | CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands via php_value directives in .htaccess.) |
|
|
|
|
|
|
|
|
