Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Operations OVTrace buffer overflow
updated since 10.08.2007
Published:29.08.2007
Source:
SecurityVulns ID:8029
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows on request parsing.
Affected:HP : OpenView Network Node Manager 7.50
 HP : OpenView Network Node Manager 7.01
 HP : OpenView Network Node Manager 6.41
 HP : OpenView Performance Insight 5.0
 HP : OpenView Performance Insight 5.1
 HP : OpenView Performance Insight 5.2
 HP : OpenView Dashboard 2.01
 HP : OpenView Business Process Insight 1.0
 HP : OpenView Business Process Insight 1.1
 HP : OpenView Business Process Insight 2.0
 HP : OpenView Business Process Insight 2.10
 HP : OpenView Cross Platform Component 3.10
 HP : OpenView Service Quality Manager 1.2
 HP : OpenView Service Quality Manager 1.3
 HP : OpenView Service Quality Manager 1.40
 HP : OpenView Operations Manager 7.5
 HP : OpenView Operations Agent 3.10
 HP : OpenView Reporter 3.7
 HP : OpenView Performance Agent 4.5
 HP : OpenView Performance Agent 4.6
 HP : OpenView Internet Service 6.0
 HP : OpenView Internet Service 6.10
 HP : OpenView Internet Service 6.11
 HP : OpenView Internet Service 6.20
CVE:CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.)
 CVE-2007-1676
Original documentdocumentHP, HPSBMA02236 SSRT061260 rev.1 - HP OpenView Performance Manager (OVPM) Running Shared Trace Service on HP-UX, Solaris, and Windows, Remote Arbitrary Code Execution (29.08.2007)
 documentHP, HPSBMA02240 SSRT061260 rev.1 - HP OpenView Operations Manager for Windows (OVOW) with the OpenView Operations Add On Module for OpenView Operations-Business Availability Center Integration Running Shared Trace Service, Remote Arbitrary Code E (16.08.2007)
 document3COM, TPTI-07-14: HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities (15.08.2007)
 documentHP, [security bulletin] HPSBMA02239 SSRT061260 rev.1 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007)
 documentHP, [security bulletin] HPSBMA02237 SSRT061260 rev.1 - HP OpenView Performance Agent (OVPA) Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007)
 documentHP, [security bulletin] HPSBMA02238 SSRT061260 rev.1 - HP OpenView Reporter Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007)
 documentHP, [security bulletin] HPSBMA02241 SSRT061260 rev.1 - HP OpenView Service Quality Manager (OV SQM) Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007)
 documentHP, [security bulletin] HPSBMA02242 SSRT061260 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007)
 documentHP, [security bulletin] HPSBMA02245 SSRT061260 rev.1 - HP OpenView Dashboard Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007)
 documentHP, [security bulletin] HPSBMA02246 SSRT061260 rev.1 - HP OpenView Performance Insight (OVPI) Running Shared Trace Service, Remote Arbitrary Code Execution -------- (14.08.2007)
 documentHP, [security bulletin] HPSBMA02235 SSRT061260 rev.1 - HP OpenView Internet Service (OVIS) Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007)
 documentHP, [security bulletin] HPSBMA02244 SSRT061260 rev.1 - HP OpenView Business Process Insight and Related Products Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007)
 documentIDEFENSE, iDefense Security Advisory 08.09.07: Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities (10.08.2007)

Timbuktu multiple security vulnerabilities
Published:29.08.2007
Source:
SecurityVulns ID:8100
Type:remote
Threat Level:
7/10
Description:Multiple buffer overflows and directory traversal.
Affected:MOTOROLA : Timbuktu Pro 8.6
CVE:CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name.)
 CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 08.27.07: Motorola Timbuktu Multiple Buffer Overflow Vulnerabilities (29.08.2007)

HP-UX get_system_info privilege escalation
Published:29.08.2007
Source:
SecurityVulns ID:8101
Type:local
Threat Level:
5/10
Description:It's possible to change system configuration with get_system_info if Ignite-UX or the DynRootDisk (DRD) are installed.
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
Original documentdocumentHP, HPSBUX02249 SSRT071442 rev.1 HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change (29.08.2007)

StarCraft memory corruption
Published:29.08.2007
Source:
SecurityVulns ID:8102
Type:client
Threat Level:
3/10
Description:Memory corruption on map preview received from server.
Affected:BLIZZARD : StarCraft Brood War 1.15
 BLIZZARD : StarCraft 1.15
Original documentdocumentGynvael Coldwind, [HISPASEC] Blizzard StarCraft Brood War 1.15.1 Remote DoS (29.08.2007)

EnterpriseDB code execution
Published:29.08.2007
Source:
SecurityVulns ID:8103
Type:remote
Threat Level:
5/10
Description:Uninitialized function pointer call if any debugging function is called before pldbg_create_listener().
Affected:ENTERPRISEDB : EnterpriseDB Advanced Server 8.2
Original documentdocumentJose Antonio, EnterpriseDB Advanced Server 8.2 Unitialized Pointer (29.08.2007)

IPSwitch WS_FTP crossite scripting
Published:29.08.2007
Source:
SecurityVulns ID:8104
Type:remote
Threat Level:
5/10
Description:Crossite scripting with log file entries in Web interface.
Original documentdocumentJared DeMott, [Full-disclosure] Ipswitch FTP XSS leads to FTP server compromise (29.08.2007)

Helix DNA Server RTSP server memory corruption
Published:29.08.2007
Source:
SecurityVulns ID:8105
Type:remote
Threat Level:
6/10
Description:Memory corruption on multiple RTSP (Real Time Streaming Protocol) "Require" headers.
Affected:REAL : Helix DNA Server 11.1
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200708-01] Helix DNA Server Heap Corruption Vulnerability (29.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod