TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:
http://www.dragonsoft.com/english/epaper/
DragonSoft Vulnerability and Threat Knowledge Base:
http://vdb.dragonsoft.com/
Contents:
* 22 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2007/09/30
Name: OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
Risk: High
CVSS Base Score: 7.5
Category: Web Servers
Affect OS: Windows, UNIX
Description: http://vdb.dragonsoft.com/detail.php?id=3061
Date Reported: 2007/10/10
Name: MS07-058:Windows RPC NTLMSSP Authentication DoS Vulnerability-2003
Risk: High
CVSS Base Score: 7.8
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3088
Date Reported: 2007/10/10
Name: MS07-058:Windows RPC NTLMSSP Authentication DoS Vulnerability-XP
Risk: High
CVSS Base Score: 7.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3087
Date Reported: 2007/10/10
Name: MS07-058:Windows RPC NTLMSSP Authentication DoS Vulnerability-2000
Risk: High
CVSS Base Score: 7.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3086
Date Reported: 2007/10/10
Name: MS07-056:Outlook Express NNTP Memory Corruption Vulnerability-2003
Risk: High
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3079
Date Reported: 2007/10/10
Name: MS07-056:Outlook Express NNTP Memory Corruption Vulnerability-XP
Risk: High
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3078
Date Reported: 2007/10/10
Name: MS07-056:Outlook Express NNTP Memory Corruption Vulnerability-2000
Risk: High
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3077
Date Reported: 2007/10/10
Name: MS07-055:Windows Kodak Image Viewer Remote Code Execution Vulnerability-2000
Risk: High
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3076
Date Reported: 2007/10/10
Name: MS07-057:MS IE Script Error Handling Memory Corruption Vulnerability-2003
Risk: Medium
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3094
Date Reported: 2007/10/10
Name: MS07-057:MS IE Script Error Handling Memory Corruption Vulnerability-XP
Risk: Medium
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3093
Date Reported: 2007/10/10
Name: MS07-057:MS IE Script Error Handling Memory Corruption Vulnerability-2000
Risk: Medium
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3092
Date Reported: 2007/10/10
Name: MS07-057:MS IE Address Bar Spoofing Vulnerability-2003
Risk: Medium
CVSS Base Score: 7.5
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3091
Date Reported: 2007/10/10
Name: MS07-057:MS IE Address Bar Spoofing Vulnerability-XP
Risk: Medium
CVSS Base Score: 7.5
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3090
Date Reported: 2007/10/10
Name: MS07-057:MS IE Address Bar Spoofing Vulnerability-2000
Risk: Medium
CVSS Base Score: 7.5
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3089
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnBeforeUnload Javascript URL Spoofing Vulnerability-2003
Risk: Medium
CVSS Base Score: 9.3
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3085
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnBeforeUnload Javascript URL Spoofing Vulnerability-XP
Risk: Medium
CVSS Base Score: 9.3
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3084
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnBeforeUnload Javascript URL Spoofing Vulnerability-2000
Risk: Medium
CVSS Base Score: 9.3
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3083
Date Reported: 2007/09/30
Name: PHP-Nuke admin.php Cross-Site Scripting Vulnerability
Risk: Medium
CVSS Base Score: 5.1
Category: CGI Scripts
Affect OS: Windows, UNIX
Description: http://vdb.dragonsoft.com/detail.php?id=3062
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnUnload Javascript URL Spoofing Vulnerability-2003
Risk: Low
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3082
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnUnload Javascript URL Spoofing Vulnerability-XP
Risk: Low
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3081
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnUnload Javascript URL Spoofing Vulnerability-2000
Risk: Low
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3080
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent of the DragonSoft Security Associates.
If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please
email alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft vdb_adm@dragonsoft.com of DragonSoft Security Associates, Inc.
About DragonSoft Security Associates:
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associates, Inc.
http://www.dragonsoft.com/
Taipei: 4F-8, No 351, Sec.2, Chun-Sun Road, Chun-Ho City, Taiwan 235 R.O.C
Tel. +886-2-8221-5408
Fax. +886-2-8221-5476
Hsinchu: 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300 R.O.C
Tel. +886-3-5630989
Fax. +886-3-5797758
http://www.dragonsoft.com/english/epaper/
DragonSoft Vulnerability and Threat Knowledge Base:
http://vdb.dragonsoft.com/
Contents:
* 22 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2007/09/30
Name: OpenSSL SSL_Get_Shared_Ciphers Off-by-One Buffer Overflow Vulnerability
Risk: High
CVSS Base Score: 7.5
Category: Web Servers
Affect OS: Windows, UNIX
Description: http://vdb.dragonsoft.com/detail.php?id=3061
Date Reported: 2007/10/10
Name: MS07-058:Windows RPC NTLMSSP Authentication DoS Vulnerability-2003
Risk: High
CVSS Base Score: 7.8
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3088
Date Reported: 2007/10/10
Name: MS07-058:Windows RPC NTLMSSP Authentication DoS Vulnerability-XP
Risk: High
CVSS Base Score: 7.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3087
Date Reported: 2007/10/10
Name: MS07-058:Windows RPC NTLMSSP Authentication DoS Vulnerability-2000
Risk: High
CVSS Base Score: 7.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3086
Date Reported: 2007/10/10
Name: MS07-056:Outlook Express NNTP Memory Corruption Vulnerability-2003
Risk: High
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3079
Date Reported: 2007/10/10
Name: MS07-056:Outlook Express NNTP Memory Corruption Vulnerability-XP
Risk: High
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3078
Date Reported: 2007/10/10
Name: MS07-056:Outlook Express NNTP Memory Corruption Vulnerability-2000
Risk: High
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3077
Date Reported: 2007/10/10
Name: MS07-055:Windows Kodak Image Viewer Remote Code Execution Vulnerability-2000
Risk: High
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3076
Date Reported: 2007/10/10
Name: MS07-057:MS IE Script Error Handling Memory Corruption Vulnerability-2003
Risk: Medium
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3094
Date Reported: 2007/10/10
Name: MS07-057:MS IE Script Error Handling Memory Corruption Vulnerability-XP
Risk: Medium
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3093
Date Reported: 2007/10/10
Name: MS07-057:MS IE Script Error Handling Memory Corruption Vulnerability-2000
Risk: Medium
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3092
Date Reported: 2007/10/10
Name: MS07-057:MS IE Address Bar Spoofing Vulnerability-2003
Risk: Medium
CVSS Base Score: 7.5
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3091
Date Reported: 2007/10/10
Name: MS07-057:MS IE Address Bar Spoofing Vulnerability-XP
Risk: Medium
CVSS Base Score: 7.5
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3090
Date Reported: 2007/10/10
Name: MS07-057:MS IE Address Bar Spoofing Vulnerability-2000
Risk: Medium
CVSS Base Score: 7.5
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3089
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnBeforeUnload Javascript URL Spoofing Vulnerability-2003
Risk: Medium
CVSS Base Score: 9.3
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3085
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnBeforeUnload Javascript URL Spoofing Vulnerability-XP
Risk: Medium
CVSS Base Score: 9.3
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3084
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnBeforeUnload Javascript URL Spoofing Vulnerability-2000
Risk: Medium
CVSS Base Score: 9.3
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3083
Date Reported: 2007/09/30
Name: PHP-Nuke admin.php Cross-Site Scripting Vulnerability
Risk: Medium
CVSS Base Score: 5.1
Category: CGI Scripts
Affect OS: Windows, UNIX
Description: http://vdb.dragonsoft.com/detail.php?id=3062
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnUnload Javascript URL Spoofing Vulnerability-2003
Risk: Low
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=3082
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnUnload Javascript URL Spoofing Vulnerability-XP
Risk: Low
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=3081
Date Reported: 2007/10/10
Name: MS07-057:MS IE OnUnload Javascript URL Spoofing Vulnerability-2000
Risk: Low
CVSS Base Score: 6.8
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=3080
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent of the DragonSoft Security Associates.
If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please
email alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft vdb_adm@dragonsoft.com of DragonSoft Security Associates, Inc.
About DragonSoft Security Associates:
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associates, Inc.
http://www.dragonsoft.com/
Taipei: 4F-8, No 351, Sec.2, Chun-Sun Road, Chun-Ho City, Taiwan 235 R.O.C
Tel. +886-2-8221-5408
Fax. +886-2-8221-5476
Hsinchu: 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300 R.O.C
Tel. +886-3-5630989
Fax. +886-3-5797758
全站熱搜
留言列表
