TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:
http://www.dragonsoft.com/en/epaper/
Contents:
* 10 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2008/01/12
Name: Apple QuickTime RTSP Content-Type Header Remote Buffer Overflow Vulnerability
Risk: High
CVSS Base Score: 9.3
Description:
Apple QuickTime Player 7.3 are exist a buffer overflow vulnerability, caused by improper bounds checking of the RTSP Content-Type header, A remote attacker could persuading a victim to connect to a specially-crafted RTSP stream to cause the application to crash or execute arbitrary code with victim privileges.
Category: Others
Affect OS: Windows NT4, 2000, XP, 2003
Link: http://vdb.dragonsoft.com/detail.php?id=3161
Date Reported: 2008/01/12
Name: Apple QuickTime RTSP Reason-Phrase Remote Buffer Overflow Vulnerability
Risk: High
CVSS Base Score: 6.8
Description:
Apple QuickTime Player 7.3.1.70 are exist a buffer overflow vulnerability, caused by improper bounds checking of the RTSP Reason-Phrase, A remote attacker could create a error message response and persuading a victim to connect to a specially-crafted RTSP stream to cause the application to crash or execute arbitrary code with victim privileges.
Category: Others
Affect OS: Windows NT4, 2000, XP, 2003
Link: http://vdb.dragonsoft.com/detail.php?id=3162
Date Reported: 2008/01/28
Name: PHP glob Function Security Bypass Vulnerability
Risk: Medium
CVSS Base Score: 7.5
Description:
PHP before version 4.4.8 are exist security bypass vulnerability in the glob() function, when the open_basedir is enabled, A remote attacker could exploit this vulnerability to bypass open_basedir restrictions and gain unauthorized access to the system.
Category: Web Servers
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3168
Date Reported: 2008/01/27
Name: PHP cURL Library Security Bypass Vulnerability
Risk: Medium
CVSS Base Score: 5
Description:
PHP version 5.2.4 and 5.2.5 are exist security bypass vulnerability in the cURL library (libcurl), caused by improper validation of user-supplied input by the curl_init() function, A remote attacker could send a file:// request containing a \x00 sequence to bypass safe_mode and open_basedir restrictions and read arbitrary files.
Category: Web Servers
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3164
Date Reported: 2008/01/28
Name: Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability 2
Risk: Medium
CVSS Base Score: 4.3
Description:
Apache v1.3.2-v1.3.9 and v2.0.35-v2.0.61, v2.2.0-v2.2.6 are exist cross-site scripting vulnerability in the mod_status module, when the server-status is enabled, A remote attacker could inject arbitrary web script or HTML, which could allow attacker to execute script in a victim's Web browser and steal the victim's cookie-based authentication credentials.
Category: Web Servers
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3167
Date Reported: 2008/01/27
Name: Apache mod_proxy_balancer Multiple Cross-Site Scripting Vulnerabilities
Risk: Medium
CVSS Base Score: 4.3
Description:
The mod_proxy_balancer module in the Apache HTTP Server 2.2.0-2.2.6 are exist cross-site scripting vulnerability, A remote attacker could exploit the vulnerability to execute script in a victim's Web browser and steal the victim's cookie-based authentication credentials. (CVE-2007-6420, CVE-2007-6421, CVE-2007-6422, CVE-2007-6423)
Category: Web Servers
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3166
Date Reported: 2008/01/27
Name: Apache mod_proxy_ftp UTF-7 Cross-Site Scripting Vulnerability
Risk: Medium
CVSS Base Score: 4.3
Description:
The mod_proxy_ftp module in the Apache HTTP Server 1.3.0-1.3.39 and 2.0.0-2.0.61, and 2.2.0-2.2.6 are exist cross-site scripting vulnerability, caused by improper validation of user-supplied input. A remote attacker could sending specially-crafted UTF-7 encoding to inject malicious script into a Web page, and execute script in a victim's Web browser and steal the victim's cookie-based authentication credentials.
Category: Web Servers
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3165
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent of the DragonSoft Security Associates. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associates, Inc. http://www.dragonsoft.com/
Taipei: 4F-8, No 351, Sec.2, Chun-Sun Road, Chun-Ho City, Taiwan 235 R.O.C
Tel. +886-2-8221-5408 Fax. +886-2-8221-5476
Hsinchu: 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300 R.O.C
Tel. +886-3-5630989 Fax. +886-3-5797758
留言列表