Computer Security

Search:Vulnerability:29.10.2007
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



IBM Tivoli Storage Manager Client crossite scripting
Published:29.10.2007
Source:BUGTRAQ
SecurityVulns ID:8298
Type:remote
Level:5/10
Description:CAD Service log files crossite scripting.
Affected:IBM : Tivoli Storage Manager Client 5.3
 IBM : Tivoli Storage Manager Client 5.4
CVE:CVE-2007-4348
Original documentdocumentSECUNIA, Secunia Research: IBM Tivoli Storage Manager Client CAD Service Script Insertion (29.10.2007)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.10.2007
Source:BUGTRAQ
SecurityVulns ID:8299
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TIKIWIKI : tikiwiki 1.9
 TEATRO : teatro 1.6
 WORDPRESS : WordPress 2.3
 AGTC : AGTC-Membership 1.1
 SAXON : SAXON 5.4
CVE:CVE-2007-4863
 CVE-2007-4862
 CVE-2007-4861
Original documentdocumentHackers Center Security Group, Omnistar Live Software Cross-Site Scripting Vulrnability (29.10.2007)
 documentsecurityresearch_(at)_netvigilance.com, SAXON version 5.4 Multiple Path Disclosure Vulnerabilities (29.10.2007)
 documentsecurityresearch_(at)_netvigilance.com, SAXON version 5.4 SQL Injection Vulnerability (29.10.2007)
 documentsecurityresearch_(at)_netvigilance.com, SAXON version 5.4 XSS Attack Vulnerability (29.10.2007)
 documentGuns_(at)_0x90.com.ar, AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit (29.10.2007)
 documentJanek Vind, [waraxe-2007-SA#059] - XSS in WordPress 2.3 (29.10.2007)
 documentAlkomandoz Hacker, teatro 1.6 ( basePath ) Remote File Include Vulnerability (29.10.2007)
 documentStefan Esser, [Full-disclosure] Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability (29.10.2007)
Discuss:Read or add your comments to this news (0 comments)

Sun Java JRE / JDK multiple security vulnerabilities
updated since 29.10.2007
Published:30.10.2007
Source:CVE
SecurityVulns ID:8300
Type:library
Level:6/10
Description:Multiple sandbox restriction bypass vulnerabilities.
Affected:SUN : JDK 1.4
 SUN : JRE 1.4
 SUN : JRE 5.0
 SUN : JDK 5.0
CVE:CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.)
 CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.)
 CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.)
 CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.)
 CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities.")
 CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.)
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Memory overwrites in JVM via malformed TrueType font (30.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Untrusted Java applet can connect to localhost (30.10.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru