 |
|
|
|
| Computer Associates eTrust IDS DoS | | Published: |  | 28.02.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7312 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | DoS through administrations interface TCP/9191. |
| Affected: |  | CA : eTrust Intrusion Detection 3.0 | | CVE: |  | CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).) |
| Cisco Catalist MPLS vulnerability | | Published: | | 28.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7316 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | CISCO : IOS 12.1 | | | | CISCO : IOS 12.2 | | CVE: | | CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 28.02.2007 | | Source: | | | | SecurityVulns ID: | | 7310 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | WORDPRESS : WordPress 2.1 | | | | ADMINPHORUM : Admin Phorum 3.3 | | | | WICLEAR : Wiclear 0.11 | | CVE: | | CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.) | | | | CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.) | | | | CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.) | | | | CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained from third party information.) |
| McAfee Virex Virus Scan for Mac OS X symbolic links problem and protection bypass | | Published: | | 28.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7313 | | Type: | | local | | Level: | | 6/10 | | Description: | | Weak permissions and symbolic links problem on /Library/Application/Sypport/Virex/VShieldExecute.txt file creation. |
| Affected: | | MCAFEE : Virex 7.7 | | CVE: | | CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.) | | | | CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.) |
| plan9 internal kernel structures overwrite | | Published: | | 28.02.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 7319 | | Type: | | local | | Level: | | 5/10 | | Description: | | OTRUNC/pwrite resource allows to overwrite internal kernel structures. |
| Affected: | | BELL : Plan 9 4.0 | | CVE: | | CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.) |
| NetProxy protection bypass | | Published: | | 28.02.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 7320 | | Type: | | remote | | Level: | | 5/10 | | Description: | | If URL in proxy request is used withouth http:// prefix, URL access restrictions are not applied and access is not logged. |
| Affected: | | NETPROXY : NetProxy 4.03 | | CVE: | | CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.) | | | | CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).) |
| Nullsoft Shoutcast Server crossite scripting | | Published: | | 28.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7311 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting with web administration log. |
| Affected: | | NULLSOFT : Shoutcast Server 1.9 | | CVE: | | CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.) |
| Quicksilver Social Bookmark information leak | | Published: | | 28.02.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7315 | | Type: | | local | | Level: | | 5/10 | | Description: | | User login and pasword are logged to Console.log file. |
| Affected: | | QuickSilver : Social Bookmark 8 | | CVE: | | CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.) |
| Cisco Catalist Network Analysis Module unauthorized SNMP access | | Published: | | 28.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7317 | | Type: | | remote | | Level: | | 6/10 | | Description: | | It's possible to get full access to device via spoofed SNMP packets. |
| Norman SandBox Analyzer detection | | Published: | | 28.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7318 | | Type: | | local | | Level: | | 2/10 | | Description: | | Malware code can detect sandbox presence and change it's behaviour. |
| CVE: | | CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.) |
Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007 | | Published: | | 28.02.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7297 | | Type: | | client | | Level: | | 6/10 | | Description: | | Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MOZILLA : Firefox 1.5 | | | | MOZILLA : Firefox 2.0 | | | | MICROSOFT : Windows Vista | | | | OPERA : Opera 9.20 | | CVE: | | CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.) | | | | CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.) | | | | CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.) | | | | CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.) | | | | CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.) |
Microsoft XBox privilege escalation and code execution
updated since 28.02.2007 | | Published: | | 01.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7314 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to execute unsigned code in hypervisor mode because of syscall handling problem. It opens possibility for any actions, including changing of operation system. |
| Affected: | | MICROSOFT : Xbox 360 | | CVE: | | CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.) | | | | CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.) |
|
|
|
|
|
|
|
|
