Computer Security
[EN] securityvulns.ru no-pyccku


Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007
Published:28.02.2007
Source:
SecurityVulns ID:7297
Type:client
Threat Level:
6/10
Description:Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 1.5
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
 OPERA : Opera 9.20
CVE:CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.)
 CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.)
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.)
 CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.)
 CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.)
Original documentdocumentperpetualmotionuk, RE: MSIE7 browser entrapment vulnerability (probably Firefox, too) (28.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-08 (27.02.2007)
 documentSECUNIA, Secunia Research: Internet Explorer 7 "onunload" Event Spoofing Vulnerability (23.02.2007)
 documentMichal Zalewski, Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) (23.02.2007)
 documentMichal Zalewski, MSIE7 browser entrapment vulnerability (probably Firefox, too) (23.02.2007)
 documentMichal Zalewski, Firefox: onUnload tailgating (MSIE7 entrapment bug variant) (23.02.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.02.2007
Source:
SecurityVulns ID:7310
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WordPress 2.1
 ADMINPHORUM : Admin Phorum 3.3
 WICLEAR : Wiclear 0.11
CVE:CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.)
 CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.)
 CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.)
 CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.)
Original documentdocumentGolD_M, Admin Phorum 3.3.1.a (del.php include_path)File Include Vulnerability (28.02.2007)
 documentSaMuschie, [email protected] (28.02.2007)

Nullsoft Shoutcast Server crossite scripting
Published:28.02.2007
Source:
SecurityVulns ID:7311
Type:remote
Threat Level:
5/10
Description:Crossite scripting with web administration log.
Affected:NULLSOFT : Shoutcast Server 1.9
CVE:CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.)
Original documentdocumentSaMuschie, Nullsoft ShoutcastServer Persistant XSS - 0day (28.02.2007)

Computer Associates eTrust IDS DoS
Published:28.02.2007
Source:
SecurityVulns ID:7312
Type:remote
Threat Level:
5/10
Description:DoS through administrations interface TCP/9191.
Affected:CA : eTrust Intrusion Detection 3.0
CVE:CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).)
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.27.07: Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability (28.02.2007)

McAfee Virex Virus Scan for Mac OS X symbolic links problem and protection bypass
Published:28.02.2007
Source:
SecurityVulns ID:7313
Type:local
Threat Level:
6/10
Description:Weak permissions and symbolic links problem on /Library/Application/Sypport/Virex/VShieldExecute.txt file creation.
Affected:MCAFEE : Virex 7.7
CVE:CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.)
 CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.)
Original documentdocumentNetragard Security Advisories, [NETRAGARD-20070220 SECURITY ADVISORY] [McAfee VirusScan for Mac (Virex) Local root exploit and Scan Bypass] (28.02.2007)
Files:McAfee VirusScan for Mac (Virex) Local root exploit

Quicksilver Social Bookmark information leak
Published:28.02.2007
Source:
SecurityVulns ID:7315
Type:local
Threat Level:
5/10
Description:User login and pasword are logged to Console.log file.
Affected:QuickSilver : Social Bookmark 8
CVE:CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.)
Original documentdocumentmax perience, [Full-disclosure] Quicksilver Social Bookmark plugin v.8F: password in clear text (28.02.2007)

Cisco Catalist MPLS vulnerability
Published:28.02.2007
Source:
SecurityVulns ID:7316
Type:remote
Threat Level:
5/10
Affected:CISCO : IOS 12.1
 CISCO : IOS 12.2
CVE:CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Catalyst 6000, 6500 and Cisco 7600 Series MPLS Packet Vulnerability (28.02.2007)

Cisco Catalist Network Analysis Module unauthorized SNMP access
Published:28.02.2007
Source:
SecurityVulns ID:7317
Type:remote
Threat Level:
6/10
Description:It's possible to get full access to device via spoofed SNMP packets.
Affected:CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : CatOS 7.6
 CISCO : CatOS 8.5
CVE:CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability (28.02.2007)

Norman SandBox Analyzer detection
Published:28.02.2007
Source:
SecurityVulns ID:7318
Type:local
Threat Level:
2/10
Description:Malware code can detect sandbox presence and change it's behaviour.
CVE:CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.)
Original documentdocumentArne Vidstrom, Evading the Norman SandBox Analyzer (28.02.2007)

plan9 internal kernel structures overwrite
Published:28.02.2007
Source:
SecurityVulns ID:7319
Type:local
Threat Level:
5/10
Description:OTRUNC/pwrite resource allows to overwrite internal kernel structures.
Affected:BELL : Plan 9 4.0
CVE:CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.)
Files:plan 9 identity theft

NetProxy protection bypass
Published:28.02.2007
Source:
SecurityVulns ID:7320
Type:remote
Threat Level:
5/10
Description:If URL in proxy request is used withouth http:// prefix, URL access restrictions are not applied and access is not logged.
Affected:NETPROXY : NetProxy 4.03
CVE:CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.)
 CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).)
Files:NetProxy <= 4.03 Web Filter Evasion / Bypass Logging Exploit

Microsoft XBox privilege escalation and code execution
updated since 28.02.2007
Published:01.03.2007
Source:
SecurityVulns ID:7314
Type:local
Threat Level:
5/10
Description:It's possible to execute unsigned code in hypervisor mode because of syscall handling problem. It opens possibility for any actions, including changing of operation system.
Affected:MICROSOFT : Xbox 360
CVE:CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.)
 CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.)
Original documentdocumentAnonymous Hacker, Re: Xbox 360 Hypervisor Privilege Escalation Vulnerability (01.03.2007)
 documentAnonymous Hacker, Xbox 360 Hypervisor Privilege Escalation Vulnerability (28.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod