Monthly Archive: January 2007

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via...

Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors. Date published : 2007-01-23 http://www.securityfocus.com/bid/22190 http://osvdb.org/31616

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute...

Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB...

Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors. Date published : 2007-01-23 http://osvdb.org/38322 http://www.novell.com/linux/security/advisories/2007_01_sr.html

Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." Date published : 2007-01-23 http://www.securityfocus.com/bid/22139 http://security.gentoo.org/glsa/glsa-200703-17.xml

Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and...

Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related...

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors. Date published : 2007-01-23 http://www.securityfocus.com/archive/1/456623/100/100/threaded http://www.securityfocus.com/archive/1/456623/100/100/threaded

The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user’s home directory,...

Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL. Date published : 2007-01-23 http://www.securityfocus.com/bid/22145 https://www.exploit-db.com/exploits/3160

pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters. Date published : 2007-01-23 http://www.securityfocus.com/bid/22204 http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01271.html

Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2007-01-22 http://www.securityfocus.com/bid/21128 http://archives.neohapsis.com/archives/bugtraq/2006-11/0274.html

Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument. Date published : 2007-01-22 http://www.securityfocus.com/bid/21174...