Computer Security
[EN] securityvulns.ru no-pyccku


AOL software DoS
Published:30.03.2007
Source:
SecurityVulns ID:7509
Type:remote
Threat Level:
5/10
Affected:AOL : AOL 9.0
CVE:CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors.)
Original documentdocumentJustin Seitz, AOL 9.0 Deskbar.dll/Toolbar.dll DoS Vulnerability (30.03.2007)

IBM Lotus Sametime code execution
Published:30.03.2007
Source:
SecurityVulns ID:7510
Type:remote
Threat Level:
5/10
Description:LoadLibrary function is available through ActiveX element.
Affected:IBM : Lotus Sametime 3.1
CVE:CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability (30.03.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:30.03.2007
Source:
SecurityVulns ID:7511
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SOFTERRA : Time-Assistant 6.2
CVE:CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.)
 CVE-2007-1963 (SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.)
 CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS.")
 CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS.")
 CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS.")
 CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter.)
Original documentdocumenterdc_(at)_echo.or.id, [ECHO_ADV_80$2007] Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vulnerability (30.03.2007)
 documentHACKERS PAL, DrakeCMS multiple vulerabilities (30.03.2007)
 documentHACKERS PAL, Mybb Change Password Vulnerability (30.03.2007)

AIX lsmcode privilege escalation
updated since 30.05.2006
Published:30.03.2007
Source:
SecurityVulns ID:6201
Type:local
Threat Level:
5/10
Description:User's environment variable is used to launch external application.
Affected:IBM : AIX 5.1
 IBM : AIX 5.2
 IBM : AIX 5.3
Original documentdocumentpr1nce_empire_(at)_yahoo.com, AIX 4.3 lsmcode local root command execution (30.03.2007)
 documentSECUNIA, [SA20325] AIX lsmcode Unspecified Privilege Escalation Vulnerability (30.05.2006)

Microsoft Windows animated cursors buffer overflow
updated since 30.03.2007
Published:04.04.2007
Source:
SecurityVulns ID:7508
Type:client
Threat Level:
10/10
Description:Stack buffer overflow (stack overrun) is actively used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.)
 CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.)
 CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA07-093A -- Microsoft Update for Windows Animated Cursor Vulnerability (04.04.2007)
 documentjamikazu_(at)_gmail.com, Windows XP/Vista (.ANI) Remote Exploit (bypass eeye patch) (03.04.2007)
 documentGadi Evron, More information on ZERT patch for ANI 0day (03.04.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-089A -- Microsoft Windows ANI header stack buffer overflow (31.03.2007)
 documentMICROSOFT, Microsoft Security Advisory (935423) Vulnerability in Windows Animated Cursor Handling (30.03.2007)
 documentEEYE, [Full-disclosure] ANI Zeroday, Third Party Patch (30.03.2007)
 documentAlexander Sotirov, 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) (30.03.2007)
Files:Exploits Windows .ANI LoadAniIcon Stack Overflow
 Exploits Windows .ANI LoadAniIcon Stack Overflow
 Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)
 Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
 Windows Animated Cursor Handling Exploit (0day) (Version3)
 Microsoft ANI Buffer Overflow Exploit Web Download Code Execution Exploit
 Microsoft Windows multiple GDI vulnerabilities
 Microsoft Security Advisory (935423) Vulnerability in Windows Animated Cursor Handling

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod