IBM AIX utilities multiple security vulnerabilities
Published:		27.07.2007
Source:		BUGTRAQ
SecurityVulns ID:		7983
Type:		remote
Level:		6/10
Description:		Multiple suid root ftp client buffer overflow, dynamic library loading via -R command line argument in pioout, buffer overflow with terminal control sequences in capture.

Affected:		IBM : AIX 5.3
CVE:		CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.)
		CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.)
		CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.)

Original document		IDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities (27.07.2007)
		IDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability (27.07.2007)
		IDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability (27.07.2007)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		27.07.2007
Source:
SecurityVulns ID:		7985
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		SBLOG : sBlog 0.7
		PHPSYSINFO : PHPSysInfo 2.5
		DEPENDENTFORUMS : Dependent Forums 1.02
		WORDPRESS : wp-feedstats 2.4
		METYUS : Metyus Forum Portal 1.0

Original document		crazy_king_(at)_eno7.org, Metyus Forum Portal v1.0 (27.07.2007)
		David Kierznowski, [Full-disclosure] WordPress wp-feedstats persistent XSS (27.07.2007)
		Guns_(at)_0x90.com.ar, sBlog 0.7.3 Beta XSS Vulnerabilitie (27.07.2007)
		Hackers Center Security Group, PHPSysInfo Index.php Cross Site Scripting (27.07.2007)
		s4m3k_(at)_ganteng.la, SolpotCrew Advisory #14 (S4M3K) - PhpHostBot (login_form) Remote File Inclusion (27.07.2007)
		Advisory_(at)_Aria-Security.net, Dependet Forums (Username Field) Remote SQL Injection (27.07.2007)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Encase vulnerabilities
Published:		27.07.2007
Source:		BUGTRAQ
SecurityVulns ID:		7986
Type:		local
Level:		5/10
Description:		Memory corruptions on processing of corrupted files and filesystems.

Affected:

GUIDANCESOFTWARE : Encase 5.0

Original document		larry.gill_(at)_guidancesoftware.com, Guidance Software response to iSEC report on EnCase (27.07.2007)
		announce_(at)_breakpointsecurity.net, Breakpoint Security: Encase Pre-Advisory (27.07.2007)

Discuss:

Read or add your comments to this news (0 comments)

libvorbis library multiple memory corruptions
Published:		27.07.2007
Source:		BUGTRAQ
SecurityVulns ID:		7984
Type:		library
Level:		6/10

Affected:		LIBVORBIS : libvorbis 1.1
CVE:		CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.)
		CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.)

Original document

David Thiel, libvorbis 1.1.2 - Multiple memory corruption flaws (27.07.2007)

Discuss:

Read or add your comments to this news (0 comments)

PHP win32service extension protection bypass
Published:		27.07.2007
Source:		BUGTRAQ
SecurityVulns ID:		7987
Type:		local
Level:		5/10
Description:		Service management functions ara available from safe mode.

Affected:

PHP : PHP 5.2

Original document

nima_501_(at)_yahoo.com, PHP Safe_mode bypass exploit (win32service) (27.07.2007)

Files:		PHP Safe_mode bypass exploit (win32service)
Discuss:		Read or add your comments to this news (0 comments)