Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.03.2007
Source:
SecurityVulns ID:7479
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VIEWVC : ViewVC 1.0
 FLEXBB : FlexBB 1.0
 REALINK : C-Arbre 0.6
 VIEWCVS : ViewCVS 1.0
 ICEBB : IceBB 1.0
 PHPNUKE : Addressbook 1.2 module for PHP-Nuke
 CICOANDCICO : CcMail 1.0
CVE:CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php.)
 CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.)
 CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.)
 CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.)
 CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.)
 CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.)
 CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.)
 CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages.)
Original documentdocumentMoritz Naumann, Update: ViewCVS and ViewVC 'checkout view' content type fixation issue (28.03.2007)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_78$2007] C-Arbre <= 0.6PR7 (root_path) Remote File Inclusion Vulnerability (28.03.2007)
 documentalireza hassani, [KAPDA::#64] - Flexbb Sql Injection (28.03.2007)
Files:PHP-Nuke Module Addressbook 1.2 Local File Inclusion Exploit
 IceBB 1.0-rc5 Remote Create Admin Exploit
 IceBB 1.0-rc5 Remote Code Execution Exploit
 CcMail 1.0 Remote File Inclusion Exploit

Opera / Firefox anti-phishing protection bypass
Published:28.03.2007
Source:
SecurityVulns ID:7482
Type:client
Threat Level:
4/10
Description:Phishing sites embedded into IFRAME are not detected.
Affected:MOZILLA : Firefox 2.0
 OPERA : Opera 9.10
CVE:CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.)
 CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.)
Original documentdocumentzonafirefox_(at)_gmail.com, Bypass phishing protection in Firefox / Opera (28.03.2007)

Lotus Domino multiple security vulnerabilities
Published:28.03.2007
Source:
SecurityVulns ID:7484
Type:remote
Threat Level:
6/10
Description:LDAP Server heap overflow, Web access crossite scripting. Buffer overflow in IMAP CRAM-MD5 authentication.
Affected:IBM : Lotus Domino 6.5
 IBM : Lotus Domino 7.0
 IBM : Lotus Domino Web Access 7.0
 IBM : Lotus Domino Web Access 6.5
CVE:CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.)
 CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.)
 CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.)
Original documentdocumentZDI, ZDI-07-011: IBM Lotus Domino IMAP Server CRAM-MD5 Authentication Buffer Overflow Vulnerability (28.03.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 03.28.07: IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability (28.03.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 03.28.07: IBM Lotus Domino Web Access Cross Site Scripting Vulnerability (28.03.2007)
Files:Remote DOS exploit code for IBM Lotus Domino Server 6.5 IMAP CRAM-MD5 auth

Truecrypt privilege escalation
Published:28.03.2007
Source:
SecurityVulns ID:7486
Type:local
Threat Level:
5/10
Description:In suid mode it's possible for user to mount crypted filesystem to any directory.
Affected:TRUECRYPT : TrueCrypt 4.3
CVE:CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.)
 CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.)
Original documentdocumentTim Rees, Denial of Service Vulnerabilities in TrueCrypt 4.3 Linux (re. bid 23180) (28.03.2007)
Files:raptor_truecrypt - setuid truecrypt privilege escalation

hpaftpd multiple buffer overflows
Published:28.03.2007
Source:
SecurityVulns ID:7487
Type:remote
Threat Level:
5/10
Description:Buffer overflows in multiple FTP commands.
Affected:HPAFTPD : hpaftpd 1.01
CVE:CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command.)
Original documentdocumentSECURITEAM, [NEWS] hpaftpd Multiple Buffer Overflows (28.03.2007)

Yahoo Messenger information leak
Published:28.03.2007
Source:
SecurityVulns ID:7480
Type:local
Threat Level:
2/10
Description:Web mail authentication response reply with session identifier is saved in browser cache.
Original documentdocumentkishor.tech_(at)_gmail.com, Yahoo! Messenger Auth Bypass Vulnerability (28.03.2007)

Corel WordPerfect buffer overflow
Published:28.03.2007
Source:
SecurityVulns ID:7483
Type:client
Threat Level:
5/10
Description:Buffer overflow on .PRS file processing.
Affected:COREL : Wordperfect X3
CVE:CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.)
Original documentdocumentjonny_(at)_nop-art.net, Corel Wordperfect Office X3 Stack Overflow (28.03.2007)
Files:Wordperfect X3 remote exploit

HP OpvenView Network Node Manager uauthroized access
Published:28.03.2007
Source:
SecurityVulns ID:7488
Type:remote
Threat Level:
5/10
Affected:HP : OpenView Network Node Manager 7.50
 HP : OpenView Network Node Manager 7.51
CVE:CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.)

Cisco Unified CallManager / Unified Presence Server multiple security vulnerabilities
Published:28.03.2007
Source:
SecurityVulns ID:7485
Type:remote
Threat Level:
6/10
Description:Denial of service with Skinny / SCCP protocol (TCP/2000, TCP/2443), ICMP echo requiests flood, IPSec (UDP/8500) parsing.
Affected:CISCO : Unified CallManager 3.3
 CISCO : Unified CallManager 4.1
 CISCO : Unified CallManager 4.2
 CISCO : Unified CallManager 5.0
 CISCO : Unified Presence Server 1.0
CVE:CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.)
 CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port.)
 CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949.)
Original documentdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Multiple Cisco Unified CallManager and Presence Server Denial of Service Vulnerabilities (28.03.2007)

HP JetDirect and HP printers buffer overflow
updated since 19.12.2006
Published:28.03.2007
Source:
SecurityVulns ID:6955
Type:remote
Threat Level:
6/10
Description:Buffer overflow in LIST, NLIST and RETR command of built-in FTP server.
Affected:HP : J4169A 610n
 HP : J6057A 615n
CVE:CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname.)
 CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.)
Original documentdocumenthandrix_(at)_gmail.com, [Full-disclosure] Remote DOS HP JetDirect Print Servers (28.03.2007)
 documentHP, [security bulletin] HPSBPI02185 SSRT071290 rev.1 - HP Jetdirect Running ftp, Remote Denial of Service (DoS) (20.01.2007)
 documentJose Antonio, HP Printers FTP Server Denial Of Service (19.12.2006)
Files:Hewlett-Packard FTP Print Server Version 2.4 Buffer Overflow (POC)
 Hewlett-Packard FTP Print Server Version 2.4.5 Buffer Overflow (POC)

NaviCopa HTTP Server buffer overflow
updated since 28.03.2007
Published:05.02.2009
Source:
SecurityVulns ID:7481
Type:remote
Threat Level:
6/10
Description:Stack buffer overflow (stack overrun) on oversized request to cgi-bin directory. Script content leak with "." added to path.
Affected:INTERVATIONS : NaviCopa 2.01
 INTERVATIONS : NaviCopa 3.01
CVE:CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.)
Original documentdocumentew1zz_(at)_hotmail.com, NaviCopa webserver 3.01 Multiple Vulnerabilities (05.02.2009)
 documentskillTube.com, Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01 (28.03.2007)
Files:Exploits Buffer Overflow in NaviCopa HTTP server 2.01 (cgi-bin)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod