Computer Security
[EN] securityvulns.ru no-pyccku


Cisco CallManager crossite scripting and SQL injection
updated since 25.05.2007
Published:31.08.2007
Source:
SecurityVulns ID:7740
Type:remote
Threat Level:
5/10
Description:Crossite scripting via /CCMAdmin/serverlist.asp. SQL injection with /CCMUser/logon.asp.
Affected:CISCO : CallManager 4.1
Original documentdocumentElliot Kendall, SQL Injection in Cisco CallManager (31.08.2007)
 documentCISCO, Cisco Security Advisory: XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page (29.08.2007)
 documentStefan Friedli, Cisco CallManager 4.1 Input Validation Vulnerability (25.05.2007)

VMWare multiple security vulnerabilities
updated since 27.08.2007
Published:31.08.2007
Source:
SecurityVulns ID:8097
Type:local
Threat Level:
5/10
Description:Multiple vulnerabilities allow unprivileged user of host system to control guest systems.
Affected:VMWARE : VMWare Workstation 6.0
 VMWARE : VMWare Player 2.0
Original documentdocumentVMWARE, VMware poor guest isolation design (31.08.2007)
 documentM. Burnett, VMWare poor guest isolation design (27.08.2007)
 documentM. Burnett, More on VMWare poor guest isolation design (27.08.2007)
 documentseppi_(at)_seppig.de, security vulnerability in VMware (27.08.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.08.2007
Source:
SecurityVulns ID:8106
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:RAGNAROK : Ragnarok Online Control Panel 4.3
 JOOMLA : Joomla! 1.0
 XIGLA : Absolute Poll Manager XE 4.1
Original documentdocumentdp14_(at)_hotmail.com, Ragnarok Online Control Panel Authentication Bypass Vulnerability [new method] (31.08.2007)
 documentProCheckUp Research, PR07-23: Non-persistent Cross-site Scripting (XSS) on Absolute Poll Manager XE admin page (31.08.2007)
 documentMustLive, Vulnerability in Joomla! (31.08.2007)

postfix-policyd buffer overflow
Published:31.08.2007
Source:
SecurityVulns ID:8107
Type:remote
Threat Level:
7/10
Description:Buffer overflow on SMTP commands parsing.
Affected:POSTFIX : postfix policyd 1.80
CVE:CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1361-1] New postfix-policyd packages fix arbitrary code execution (31.08.2007)

Doomsday game multiple security vulnerabilities
Published:31.08.2007
Source:
SecurityVulns ID:8108
Type:remote
Threat Level:
5/10
Description:Multiple buffer overflows and format string vulnerabilities.
Affected:DOOMSDAY : Doomsday 1,9
Original documentdocumentLuigi Auriemma, Multiple vulnerabilities in Doomsday 1.9.0-beta5.1 (31.08.2007)
Files:Exploits Doomsday <= 1.9.0-beta5.1 multiple vulnerabilities

Ubuntu linux tcpwrappers protection bypass
Published:31.08.2007
Source:
SecurityVulns ID:8109
Type:library
Threat Level:
5/10
Description:It's possible to connect to services configured to block connections.
Affected:UBUNTU : Ubuntu 7.04
Original documentdocumentUBUNTU, [USN-507-1] tcp-wrappers vulnerability (31.08.2007)

Yahoo Messenger ActiveX buffer overflow
Published:31.08.2007
Source:
SecurityVulns ID:8110
Type:client
Threat Level:
7/10
Description:Buffer overflows in fvCom() and info() methods of YVerInfo.GetInfo.1.
Affected:YAHOO : Yahoo! Messenger 8.1
CVE:CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 08.30.07: Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities (31.08.2007)

Cisco CSS ssh DoS
Published:31.08.2007
Source:
SecurityVulns ID:8111
Type:remote
Threat Level:
5/10
Description:More than 5 concurent ssh conenctions cause ssh service to crash.
Affected:CISCO : Cisco CSS 11000
Original documentdocumentNetExpress, Cisco CSS WebNS ssh crash (31.08.2007)

Norman multiple antiviral products privilege escalation
Published:31.08.2007
Source:
SecurityVulns ID:8112
Type:local
Threat Level:
5/10
Description:Nvcoaft51 driver creates NvcOa device with out ACL with multiple vulnerabilities on IOCTLs processing.
Affected:NORMAN : Norman Virus Control 5.82
Original documentdocumentvulndev 48bits, [48bits] Advisory : Multiple vulnerabilities in Norman NVC 5.82 driver (31.08.2007)
Files:Norman Virus Control nvcoaft51.sys ioctl BF672028 exploit

E-scan antiviral products weak permissions
Published:31.08.2007
Source:
SecurityVulns ID:8113
Type:local
Threat Level:
5/10
Description:Weak installation folder permissions.
Affected:MWTI : eScan Virus Control 9.0
 MWTI : eScan Anti-Virus 9.0
 MWTI : eScan Internet Security 9.0
Original documentdocumentedi.strosar_(at)_varnostne-novice.com, [Full-disclosure] Multiple eScan products insecure file permissions (31.08.2007)

Wireshark sniffer DoS
Published:31.08.2007
Source:
SecurityVulns ID:8114
Type:remote
Threat Level:
5/10
Description:Infinite loop on DNP3 protocol parsing.
Affected:WIRESHARK : wireshark 0.99
Original documentdocumentSECURITEAM, [NEWS] Wireshark DNP3 Dissector Infinite Loop Vulnerability (31.08.2007)
Files:Exploits Wireshark DNP3 Dissector Infinite Loop Vulnerability

Linux aacraid driver IOCTL privilege escalation
Published:31.08.2007
Source:
SecurityVulns ID:8115
Type:local
Threat Level:
5/10
Description:Insufficient user's permissions check leads to denial of service conditions or privilege escalation.
Affected:LINUX : kernel 2.6
CVE:CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod