Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.04.2007
Source:
SecurityVulns ID:7642
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BROTHERSOFT : Shop-Script 2.0
 NUCLEUSCMS : nucleus 3.22
 PHPMYTGP : phpMYTGP 1.4
 SUNSHOP : sunshop 4
 CAFELOG : B2 Weblog and News Publishing 0.6
 COMUS : comus 2.0
 BUILT2GO : PHP Link Portal 1.79
 BLOGSYSTEM : blogsystem 1.4
 DOWNLOADENGINE : download engine 1.4
 VIRTUANEWS : VirtuaNews Pro 1.0
 MODBUILD : modbuild 4.1
 SINECMS : SineCMS 2.3
 BURAKYILMAZ : Burak Yilmaz Blog 1.0
Original documentdocumentDj_ReMix_20_(at)_hotmail.com, Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability (28.04.2007)
 documentnexus_(at)_playhack.net, SineCMS (28.04.2007)
 documents433d_only_linux_(at)_yahoo.de, modbuild >> 4.1 Remote File Inclusion (28.04.2007)
 documentalijsb_(at)_yahoo.com, :doruk100net >> RFI (28.04.2007)
 documents433d_only_linux_(at)_yahoo.de, VirtuaNews.Pro.v1.0.3.Retail.+All.Plugins Remote file Include (28.04.2007)
 documents433d_only_linux_(at)_yahoo.de, Remote File Inclusion (28.04.2007)
 documentalijsb_(at)_yahoo.com, download engine V1.4.1 >> RFI (local) (28.04.2007)
 documentalijsb_(at)_yahoo.com, nucleus 3.22 >> RFI (28.04.2007)
 documentinfo_(at)_hackerz.ir, blogsystem 1.4 >> local & remote = -rfi & lfi & -xss (28.04.2007)
 documentalijsb_(at)_yahoo.com, Built2Go_PHP_Link_Portal_v1.79 >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, Searchactivity >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, comus 2.0 Final >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, B2 Weblog and News Publishing Tool v0.6.1 >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, adrevenue script (CyKuH.com)>> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, sunshop v4 >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, Shop-Script v 2.0 >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, phpMYTGP v v1.4b >> RFI (28.04.2007)

Multiple browsers digest authentication request splitting
Published:28.04.2007
Source:
SecurityVulns ID:7643
Type:client
Threat Level:
5/10
Description:It's possible to inject new line characters to HTTP request headers thorugh username.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
Original documentdocumentStefano Di Paola, IE 7 and Firefox Browsers Digest Authentication Request Splitting (28.04.2007)

AFFLIB library multiple security vulnerabilities
Published:28.04.2007
Source:
SecurityVulns ID:7644
Type:library
Threat Level:
6/10
Description:Shell characters injections, buffer overflows, format string vulnerabilities, race conditions, etc.
Affected:AFFLIB : AFFLIB 2.2
CVE:CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.)
 CVE-2007-2056 (** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable.")
 CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.)
 CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.)
 CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.)
Original documentdocumentVSR Advisories, AFFLIB(TM): Time-of-Check-Time-of-Use File Race (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Buffer Overflows (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Format String Injections (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Shell Metacharacter Injections (28.04.2007)

Symantec Norton Ghost multiple security vulnerabilities
Published:28.04.2007
Source:
SecurityVulns ID:7645
Type:local
Threat Level:
5/10
Description:Service Manager buffer oveflow, weak encryption.
CVE:CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.)
 CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.)
 CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability (28.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability (28.04.2007)

MyDNS buffer overflow
Published:28.04.2007
Source:
SecurityVulns ID:7646
Type:remote
Threat Level:
5/10
Description:Heap buffer overflow on dynamic DNS update request parsing.
Affected:MYDNS : mydns 1.1
CVE:CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.)
Original documentdocumentmu-b, [Full-disclosure] mydns-1.1.0 remote heap overflow (28.04.2007)
Files:mydns remote exploit PoC (x86-lnx)
 mydns update buffer overflow patch

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod