Heartbeat claster software multiple DoS conditions Published: 31.07.2007 Source: FULL-DISCLOSURE SecurityVulns ID: 6421 Type: remote Level: 5/10 Description: shmget shared memory section call weak permissions. remote DoS on heartbeat network messages parsing. Affected: HEARTBEAT : Heartbeat 1.2 HEARTBEAT : Heartbeat 2.0 BLUECATNETWORKS : Adonis 5.0 CVE: CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.) CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.) Original document anonymous.c7ffa4057a_(at)_anonymousspeech.com , TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability (31.07.2007 ) Nash Leon , [Full-disclosure] Heartbeat Shared Memory - Local Denial of Service Exploit (28.07.2006 )
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Published: 31.07.2007 Source: SecurityVulns ID: 7993 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Affected: DRUPAL : Drupal 4.7 JOOMLA : Joomla 1.0 VBULLETIN : vBulletin 3.6 FRIENDSCRIPT : Friend Script 2.5 ITCMS : itcms 0.2 DRUPAL : drupal 5.2 PHPWEBFILEMANAGE : phpWebFileManager 0.5 MADOAPOLL : Madoa Poll 1.1 PHORUM : Phorm 3.0 PHPVOTER : phpVoter 0.6 DORAELMAK : Dora Emlak 1.0 Original document ilkerKandemir_(at)_mynet.com , BellaBook Admin Bypass/Remote Code Execution (31.07.2007 ) ilkerKandemir_(at)_mynet.com , BellaBiblio Admin Login Bypass (31.07.2007 ) RaeD Hasadya , RFI ====> vBulletin v3.6.5 (31.07.2007 ) ilkerKandemir_(at)_mynet.com , Dora Emlak Script v1.0 (tr) Admin Login ByPass (31.07.2007 ) ilkerKandemir_(at)_mynet.com , phpVoter v0.6 Remote File Include Vulnerability (31.07.2007 ) ilkerKandemir_(at)_mynet.com , Phorm v3.0 Remote File Upload Vulnerability (31.07.2007 ) ilkerKandemir_(at)_mynet.com , Madoa Poll v1.1 Remote File Include Vulnerabilities (31.07.2007 ) ilkerKandemir_(at)_mynet.com , phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability (31.07.2007 ) ilkerKandemir_(at)_mynet.com , RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability (31.07.2007 ) DRUPAL , [DRUPAL-SA-2007-017] Drupal 5.2 fixes multiple CSRF vulnerabilities (31.07.2007 ) DRUPAL , [DRUPAL-SA-2007-018] Drupal 4.7.7 and 5.2 fix multiple cross site scripting vulnerabilities (31.07.2007 ) k1tk4t_(at)_newhack.org , wolioCMS SQL Injection (31.07.2007 ) HACKERS PAL , Joomla multiple vulerabilities (31.07.2007 ) h4ck3riran_(at)_yahoo.com , [Aria-security] community Cross-site Scripting (XSS) (31.07.2007 ) Advisory_(at)_Aria-Security.net , E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL (31.07.2007 ) h4ck3riran_(at)_yahoo.com , [Aria-security] itcms 0.2 Cross-site Scripting (XSS) (31.07.2007 ) yollubunlar_(at)_yollubunlar.org , Friend Script 2.5 - 2.4 Remote File İnclude (31.07.2007 )
BlueSkyChat ActiveX buffer overflow Published: 31.07.2007 Source: BUGTRAQ SecurityVulns ID: 7994 Type: client Level: 5/10 Description: ConnecttoServer() hep memory buffer overflow.
