O SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:
DragonSoft Vulnerability and Threat Knowledge Base:
Contents:
* 7 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2007/10/19
Name: Oracle Multiple Vulnerabilities-Oct 2007
Risk: High
CVSS Base Score: 6.4
Description:
Oracle Database Server and HTTP Server are exist multiple vulnerabilities, Which allow remote attacker and local attacker to exploit. include CVE-2007-5504,CVE-2007-5505,CVE-2007-5506,CVE-2007-5507, CVE-2007-5508,CVE-2007-5509,CVE-2007-5510,CVE-2007-5511, CVE-2007-5512,CVE-2007-5513,CVE-2007-5514,CVE-2007-5515, CVE-2007-5516,CVE-2007-5517,CVE-2007-5518
Category: Oracle
Affect OS: Windows NT4, 2000, XP, 2003UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3101
Date Reported: 2007/10/13
Name: OpenSSL DTLS Off-by-One Buffer Overflow Vulnerability
Risk: High
CVSS Base Score: 6.8
Description:
OpenSSL 0.9.7 and 0.9.8 before 0.9.8f are exist buffer overflow vulnerability. caused by a off-by-one error in the DTLS implementation. A remote attacker could send a overly long list of ciphers to server, which would cause buffer overflow and execute arbitrary code on the system or cause the server to crash.
Category: Web Servers
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3099
Date Reported: 2007/10/12
Name: MS IE7 URI Protocol Handling Remote Code Execution Vulnerability-2003
Risk: High
CVSS Base Score: 9.3
Description:
Microsoft Internet Explorer 7 are exist a remote code execution vulnerability. Caused by the URL protocol handling error. A remote attacker could send a invalid "%" sequences in a mailto: or other URI handler and trick the victim to open. Successfully exploited this vulnerability, remote attacker could execute arbitrary commands with victim's privileges.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=3096
Date Reported: 2007/10/12
Name: MS IE7 URI Protocol Handling Remote Code Execution Vulnerability-XP
Risk: High
CVSS Base Score: 9.3
Description:
Microsoft Internet Explorer 7 are exist a remote code execution vulnerability. Caused by the URL protocol handling error. A remote attacker could send a invalid "%" sequences in a mailto: or other URI handler and trick the victim to open. Successfully exploited this vulnerability, remote attacker could execute arbitrary commands with victim's privileges.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=3095
Date Reported: 2007/10/12
Name: ISC BIND 8 Remote Cache Poisoning Vulnerability
Risk: Medium
CVSS Base Score: 4.3
Description:
ISC BIND 8 before 8.4.7-P1 are exist remote cache poisoning vulnerability, caused by the DNS query ID generation code. A remote attacker could exploit this vulnerability to guess the next query ID and perform DNS Cache Poisoning.
Category: DNS Services
Affect OS: UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3097
Date Reported: 2007/10/12
Name: phpMyAdmin Setup.PHP Cross-Site Scripting Vulnerability
Risk: Medium
CVSS Base Score: 4.3
Description:
phpMyAdmin version 2.11.1 are exist cross-site scripting vulnerability. A remote attacker could using the comment form field to inject malicious script into a web page, which would allow remote attackers to inject arbitrary HTML or web script.
Category: CGI Scripts
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3098
Date Reported: 2007/10/12
Name: MySQL Rename Table Function Access Validation Vulnerability
Risk: Low
CVSS Base Score: 4.9
Description:
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 are exist a access validation vulnerability, caused by the The RENAME TABLE statement does not require DROP privileges. An authenticated user could exploit this vulnerability to rename arbitrary tables.
Category: MySQL
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3100
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent of the DragonSoft Security Associates. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft vdb_adm@dragonsoft.com of DragonSoft Security Associates, Inc.
About DragonSoft Security Associates:
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associates, Inc. http://www.dragonsoft.com/
Taipei: 4F-8, No 351, Sec.2, Chun-Sun Road, Chun-Ho City, Taiwan 235 R.O.C
Tel. +886-2-8221-5408 Fax. +886-2-8221-5476
Hsinchu: 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300 R.O.C
Tel. +886-3-5630989 Fax. +886-3-5797758
http://www.dragonsoft.com/english/epaper/
DragonSoft Vulnerability and Threat Knowledge Base:
Contents:
* 7 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2007/10/19
Name: Oracle Multiple Vulnerabilities-Oct 2007
Risk: High
CVSS Base Score: 6.4
Description:
Oracle Database Server and HTTP Server are exist multiple vulnerabilities, Which allow remote attacker and local attacker to exploit. include CVE-2007-5504,CVE-2007-5505,CVE-2007-5506,CVE-2007-5507, CVE-2007-5508,CVE-2007-5509,CVE-2007-5510,CVE-2007-5511, CVE-2007-5512,CVE-2007-5513,CVE-2007-5514,CVE-2007-5515, CVE-2007-5516,CVE-2007-5517,CVE-2007-5518
Category: Oracle
Affect OS: Windows NT4, 2000, XP, 2003UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3101
Date Reported: 2007/10/13
Name: OpenSSL DTLS Off-by-One Buffer Overflow Vulnerability
Risk: High
CVSS Base Score: 6.8
Description:
OpenSSL 0.9.7 and 0.9.8 before 0.9.8f are exist buffer overflow vulnerability. caused by a off-by-one error in the DTLS implementation. A remote attacker could send a overly long list of ciphers to server, which would cause buffer overflow and execute arbitrary code on the system or cause the server to crash.
Category: Web Servers
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3099
Date Reported: 2007/10/12
Name: MS IE7 URI Protocol Handling Remote Code Execution Vulnerability-2003
Risk: High
CVSS Base Score: 9.3
Description:
Microsoft Internet Explorer 7 are exist a remote code execution vulnerability. Caused by the URL protocol handling error. A remote attacker could send a invalid "%" sequences in a mailto: or other URI handler and trick the victim to open. Successfully exploited this vulnerability, remote attacker could execute arbitrary commands with victim's privileges.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=3096
Date Reported: 2007/10/12
Name: MS IE7 URI Protocol Handling Remote Code Execution Vulnerability-XP
Risk: High
CVSS Base Score: 9.3
Description:
Microsoft Internet Explorer 7 are exist a remote code execution vulnerability. Caused by the URL protocol handling error. A remote attacker could send a invalid "%" sequences in a mailto: or other URI handler and trick the victim to open. Successfully exploited this vulnerability, remote attacker could execute arbitrary commands with victim's privileges.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=3095
Date Reported: 2007/10/12
Name: ISC BIND 8 Remote Cache Poisoning Vulnerability
Risk: Medium
CVSS Base Score: 4.3
Description:
ISC BIND 8 before 8.4.7-P1 are exist remote cache poisoning vulnerability, caused by the DNS query ID generation code. A remote attacker could exploit this vulnerability to guess the next query ID and perform DNS Cache Poisoning.
Category: DNS Services
Affect OS: UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3097
Date Reported: 2007/10/12
Name: phpMyAdmin Setup.PHP Cross-Site Scripting Vulnerability
Risk: Medium
CVSS Base Score: 4.3
Description:
phpMyAdmin version 2.11.1 are exist cross-site scripting vulnerability. A remote attacker could using the comment form field to inject malicious script into a web page, which would allow remote attackers to inject arbitrary HTML or web script.
Category: CGI Scripts
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3098
Date Reported: 2007/10/12
Name: MySQL Rename Table Function Access Validation Vulnerability
Risk: Low
CVSS Base Score: 4.9
Description:
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 are exist a access validation vulnerability, caused by the The RENAME TABLE statement does not require DROP privileges. An authenticated user could exploit this vulnerability to rename arbitrary tables.
Category: MySQL
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3100
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent of the DragonSoft Security Associates. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft vdb_adm@dragonsoft.com of DragonSoft Security Associates, Inc.
About DragonSoft Security Associates:
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associates, Inc. http://www.dragonsoft.com/
Taipei: 4F-8, No 351, Sec.2, Chun-Sun Road, Chun-Ho City, Taiwan 235 R.O.C
Tel. +886-2-8221-5408 Fax. +886-2-8221-5476
Hsinchu: 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300 R.O.C
Tel. +886-3-5630989 Fax. +886-3-5797758
全站熱搜
留言列表
