Timbuktu multiple security vulnerabilities Published: 29.08.2007 Source: BUGTRAQ SecurityVulns ID: 8100 Type: remote Level: 7/10 Description: Multiple buffer overflows and directory traversal. Affected: MOTOROLA : Timbuktu Pro 8.6 CVE: CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name.) CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services.) Original document IDEFENSE , iDefense Security Advisory 08.27.07: Motorola Timbuktu Multiple Buffer Overflow Vulnerabilities (29.08.2007 )
HP-UX get_system_info privilege escalation Published: 29.08.2007 Source: BUGTRAQ SecurityVulns ID: 8101 Type: local Level: 5/10 Description: It's possible to change system configuration with get_system_info if Ignite-UX or the DynRootDisk (DRD) are installed. Affected: HP : HP-UX 11.11 HP : HP-UX 11.23 HP : HP-UX 11.31 Original document HP , HPSBUX02249 SSRT071442 rev.1 HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change (29.08.2007 )
StarCraft memory corruption Published: 29.08.2007 Source: BUGTRAQ SecurityVulns ID: 8102 Type: client Level: 3/10 Description: Memory corruption on map preview received from server. Affected: BLIZZARD : StarCraft Brood War 1.15 BLIZZARD : StarCraft 1.15 Original document Gynvael Coldwind , [HISPASEC] Blizzard StarCraft Brood War 1.15.1 Remote DoS (29.08.2007 )
EnterpriseDB code execution Published: 29.08.2007 Source: BUGTRAQ SecurityVulns ID: 8103 Type: remote Level: 5/10 Description: Uninitialized function pointer call if any debugging function is called before pldbg_create_listener(). Affected: ENTERPRISEDB : EnterpriseDB Advanced Server 8.2 Original document Jose Antonio , EnterpriseDB Advanced Server 8.2 Unitialized Pointer (29.08.2007 )
IPSwitch WS_FTP crossite scripting Published: 29.08.2007 Source: BUGTRAQ SecurityVulns ID: 8104 Type: remote Level: 5/10 Description: Crossite scripting with log file entries in Web interface.
Original document Jared DeMott , [Full-disclosure] Ipswitch FTP XSS leads to FTP server compromise (29.08.2007 )
Helix DNA Server RTSP server memory corruption Published: 29.08.2007 Source: FULL-DISCLOSURE SecurityVulns ID: 8105 Type: remote Level: 6/10 Description: Memory corruption on multiple RTSP (Real Time Streaming Protocol) "Require" headers. Affected: REAL : Helix DNA Server 11.1 Original document noreply_(at)_musecurity.com , [Full-disclosure] [MU-200708-01] Helix DNA Server Heap Corruption Vulnerability (29.08.2007 )
HP OpenView Operations OVTrace buffer overflow Published: 29.08.2007 Source: BUGTRAQ SecurityVulns ID: 8029 Type: remote Level: 6/10 Description: Multiple buffer overflows on request parsing. Affected: HP : OpenView Network Node Manager 7.50 HP : OpenView Network Node Manager 7.01 HP : OpenView Network Node Manager 6.41 HP : OpenView Performance Insight 5.0 HP : OpenView Performance Insight 5.1 HP : OpenView Performance Insight 5.2 HP : OpenView Dashboard 2.01 HP : OpenView Business Process Insight 1.0 HP : OpenView Business Process Insight 1.1 HP : OpenView Business Process Insight 2.0 HP : OpenView Business Process Insight 2.10 HP : OpenView Cross Platform Component 3.10 HP : OpenView Service Quality Manager 1.2 HP : OpenView Service Quality Manager 1.3 HP : OpenView Service Quality Manager 1.40 HP : OpenView Operations Manager 7.5 HP : OpenView Operations Agent 3.10 HP : OpenView Reporter 3.7 HP : OpenView Performance Agent 4.5 HP : OpenView Performance Agent 4.6 HP : OpenView Internet Service 6.0 HP : OpenView Internet Service 6.10 HP : OpenView Internet Service 6.11 HP : OpenView Internet Service 6.20 CVE: CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.) CVE-2007-1676 Original document HP , HPSBMA02236 SSRT061260 rev.1 - HP OpenView Performance Manager (OVPM) Running Shared Trace Service on HP-UX, Solaris, and Windows, Remote Arbitrary Code Execution (29.08.2007 ) HP , HPSBMA02240 SSRT061260 rev.1 - HP OpenView Operations Manager for Windows (OVOW) with the OpenView Operations Add On Module for OpenView Operations-Business Availability Center Integration Running Shared Trace Service, Remote Arbitrary Code E (16.08.2007 ) 3COM , TPTI-07-14: HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities (15.08.2007 ) HP , [security bulletin] HPSBMA02239 SSRT061260 rev.1 - HP OpenView Operations (OVO) Agents Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007 ) HP , [security bulletin] HPSBMA02237 SSRT061260 rev.1 - HP OpenView Performance Agent (OVPA) Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007 ) HP , [security bulletin] HPSBMA02238 SSRT061260 rev.1 - HP OpenView Reporter Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007 ) HP , [security bulletin] HPSBMA02241 SSRT061260 rev.1 - HP OpenView Service Quality Manager (OV SQM) Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007 ) HP , [security bulletin] HPSBMA02242 SSRT061260 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007 ) HP , [security bulletin] HPSBMA02245 SSRT061260 rev.1 - HP OpenView Dashboard Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007 ) HP , [security bulletin] HPSBMA02246 SSRT061260 rev.1 - HP OpenView Performance Insight (OVPI) Running Shared Trace Service, Remote Arbitrary Code Execution -------- (14.08.2007 ) HP , [security bulletin] HPSBMA02235 SSRT061260 rev.1 - HP OpenView Internet Service (OVIS) Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007 ) HP , [security bulletin] HPSBMA02244 SSRT061260 rev.1 - HP OpenView Business Process Insight and Related Products Running Shared Trace Service, Remote Arbitrary Code Execution (14.08.2007 ) IDEFENSE , iDefense Security Advisory 08.09.07: Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities (10.08.2007 )
