Computer Security
[EN] securityvulns.ru no-pyccku


IBM AIX utilities multiple security vulnerabilities
Published:27.07.2007
Source:
SecurityVulns ID:7983
Type:remote
Threat Level:
6/10
Description:Multiple suid root ftp client buffer overflow, dynamic library loading via -R command line argument in pioout, buffer overflow with terminal control sequences in capture.
Affected:IBM : AIX 5.3
CVE:CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.)
 CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.)
 CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX ftp gets() Multiple Buffer Overflow Vulnerabilities (27.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability (27.07.2007)
 documentIDEFENSE, iDefense Security Advisory 07.26.07: IBM AIX pioout Arbitrary Library Loading Vulnerability (27.07.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.07.2007
Source:
SecurityVulns ID:7985
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SBLOG : sBlog 0.7
 PHPSYSINFO : PHPSysInfo 2.5
 DEPENDENTFORUMS : Dependent Forums 1.02
 WORDPRESS : wp-feedstats 2.4
 METYUS : Metyus Forum Portal 1.0
Original documentdocumentcrazy_king_(at)_eno7.org, Metyus Forum Portal v1.0 (27.07.2007)
 documentDavid Kierznowski, [Full-disclosure] WordPress wp-feedstats persistent XSS (27.07.2007)
 documentGuns_(at)_0x90.com.ar, sBlog 0.7.3 Beta XSS Vulnerabilitie (27.07.2007)
 documentHackers Center Security Group, PHPSysInfo Index.php Cross Site Scripting (27.07.2007)
 documents4m3k_(at)_ganteng.la, SolpotCrew Advisory #14 (S4M3K) - PhpHostBot (login_form) Remote File Inclusion (27.07.2007)
 documentAdvisory_(at)_Aria-Security.net, Dependet Forums (Username Field) Remote SQL Injection (27.07.2007)

Multiple Encase vulnerabilities
Published:27.07.2007
Source:
SecurityVulns ID:7986
Type:local
Threat Level:
5/10
Description:Memory corruptions on processing of corrupted files and filesystems.
Affected:GUIDANCESOFTWARE : Encase 5.0
Original documentdocumentlarry.gill_(at)_guidancesoftware.com, Guidance Software response to iSEC report on EnCase (27.07.2007)
 documentannounce_(at)_breakpointsecurity.net, Breakpoint Security: Encase Pre-Advisory (27.07.2007)

libvorbis library multiple memory corruptions
Published:27.07.2007
Source:
SecurityVulns ID:7984
Type:library
Threat Level:
6/10
Affected:LIBVORBIS : libvorbis 1.1
CVE:CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.)
 CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c. NOTE: this issue has been RECAST so that CVE-2007-4029 handles additional vectors.)
Original documentdocumentDavid Thiel, libvorbis 1.1.2 - Multiple memory corruption flaws (27.07.2007)

PHP win32service extension protection bypass
Published:27.07.2007
Source:
SecurityVulns ID:7987
Type:local
Threat Level:
5/10
Description:Service management functions ara available from safe mode.
Affected:PHP : PHP 5.2
Original documentdocumentnima_501_(at)_yahoo.com, PHP Safe_mode bypass exploit (win32service) (27.07.2007)
Files:PHP Safe_mode bypass exploit (win32service)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod