 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 28.03.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7479 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | VIEWVC : ViewVC 1.0 | | | | FLEXBB : FlexBB 1.0 | | | | REALINK : C-Arbre 0.6 | | | | VIEWCVS : ViewCVS 1.0 | | | | ICEBB : IceBB 1.0 | | | | PHPNUKE : Addressbook 1.2 module for PHP-Nuke | | | | CICOANDCICO : CcMail 1.0 | | CVE: |  | CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php.) | | | | CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.) | | | | CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.) | | | | CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.) | | | | CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.) | | | | CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.) | | | | CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.) | | | | CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages.) |
| Opera / Firefox anti-phishing protection bypass | | Published: | | 28.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7482 | | Type: | | client | | Level: | | 4/10 | | Description: | | Phishing sites embedded into IFRAME are not detected. |
| Affected: | | MOZILLA : Firefox 2.0 | | | | OPERA : Opera 9.10 | | CVE: | | CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.) | | | | CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.) |
| Lotus Domino multiple security vulnerabilities | | Published: | | 28.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7484 | | Type: | | remote | | Level: | | 6/10 | | Description: | | LDAP Server heap overflow, Web access crossite scripting. Buffer overflow in IMAP CRAM-MD5 authentication. |
| Affected: | | IBM : Lotus Domino 6.5 | | | | IBM : Lotus Domino 7.0 | | | | IBM : Lotus Domino Web Access 7.0 | | | | IBM : Lotus Domino Web Access 6.5 | | CVE: | | CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.) | | | | CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.) | | | | CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.) |
| Truecrypt privilege escalation | | Published: | | 28.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7486 | | Type: | | local | | Level: | | 5/10 | | Description: | | In suid mode it's possible for user to mount crypted filesystem to any directory. |
| Affected: | | TRUECRYPT : TrueCrypt 4.3 | | CVE: | | CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.) | | | | CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.) |
| hpaftpd multiple buffer overflows | | Published: | | 28.03.2007 | | Source: | | SECURITEAM | | SecurityVulns ID: | | 7487 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflows in multiple FTP commands. |
| Affected: | | HPAFTPD : hpaftpd 1.01 | | CVE: | | CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command.) |
| Yahoo Messenger information leak | | Published: | | 28.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7480 | | Type: | | local | | Level: | | 2/10 | | Description: | | Web mail authentication response reply with session identifier is saved in browser cache. |
| Corel WordPerfect buffer overflow | | Published: | | 28.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7483 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on .PRS file processing. |
| Affected: | | COREL : Wordperfect X3 | | CVE: | | CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.) |
| HP OpvenView Network Node Manager uauthroized access | | Published: | | 28.03.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7488 | | Type: | | remote | | Level: | | 5/10 |
| Cisco Unified CallManager / Unified Presence Server multiple security vulnerabilities | | Published: | | 28.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7485 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Denial of service with Skinny / SCCP protocol (TCP/2000, TCP/2443), ICMP echo requiests flood, IPSec (UDP/8500) parsing. |
| Affected: | | CISCO : Unified CallManager 3.3 | | | | CISCO : Unified CallManager 4.1 | | | | CISCO : Unified CallManager 4.2 | | | | CISCO : Unified CallManager 5.0 | | | | CISCO : Unified Presence Server 1.0 | | CVE: | | CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.) | | | | CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port.) | | | | CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949.) |
HP JetDirect and HP printers buffer overflow
updated since 19.12.2006 | | Published: | | 28.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6955 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow in LIST, NLIST and RETR command of built-in FTP server. |
| Affected: | | HP : J4169A 610n | | | | HP : J6057A 615n | | CVE: | | CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname.) | | | | CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.) |
NaviCopa HTTP Server buffer overflow
updated since 28.03.2007 | | Published: | | 05.02.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7481 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Stack buffer overflow (stack overrun) on oversized request to cgi-bin directory. Script content leak with "." added to path. |
|
|
|
|
|
|
|
|
