Ravens PHP Scripts: Security



Search on This Topic:   
[ Go to Home | Select a New Topic ]
 

 

Attackers hit new IE vulnerability More about

Posted on Monday, September 25, 2006 @ 17:40:59 CDT in Security
by Raven

Secunia Advisory: SA21989
Release Date: 2006-09-19
Last Update: 2006-09-25

Critical: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched

OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

CVE reference: CVE-2006-4868 (Secunia mirror)

Description: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the Microsoft Vector Graphics Rendering(VML) library (vgx.dll) when processing certain content in Vector Markup Language (VML) documents. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a malicious VML document containing an overly long "fill" method inside a "rect" tag with the Internet Explorer browser. Successful exploitation allows execution of arbitrary code with the privileges of the application using the vulnerable functionality in the library. The vulnerability is confirmed on a fully patched Microsoft Windows XP SP2 system. Other versions may also be affected.

NOTE: The vulnerability is currently being actively exploited.

Solution: Un-register Vgx.dll (see the vendor's security advisory for details). Sunbelt recommended that disabling JavaScript may also help to mitigate the attacks.

NOTE: This affects the functionality of applications rendering VML.

Provided and/or discovered by: Discovered as a 0-day.

Sample exploit provided by Sunbelt Software.

Changelog:
2006-09-19: Updated advisory with additional information.
2006-09-20: Added CVE reference.
2006-09-25: Updated "Solution" section.

Original Advisory: Microsoft: http://www.microsoft.com/technet/security/advisory/925568.mspx

Other References: US-CERT VU#416092: http://www.kb.cert.org/vuls/id/416092


 

 

Advanced-Clan-Script *content* File Inclusion Vulnerability More about

Posted on Monday, September 25, 2006 @ 17:19:58 CDT in Security
by Raven

TITLE: Advanced-Clan-Script *content* File Inclusion Vulnerability

SECUNIA ADVISORY ID: SA22070

VERIFY ADVISORY: http://secunia.com/advisories/22070/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: Advanced-Clan-Script 3.x - http://secunia.com/product/12106/

DESCRIPTION: xdh has discovered a vulnerability in Advanced-Clan-Script, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "content" parameter in mcf.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability has been confirmed in version 3.4. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY: xdh


 

 

Plesk filemanager.php Information Disclosure More about

Posted on Monday, September 25, 2006 @ 17:15:11 CDT in Security
by Raven

TITLE: Plesk filemanager.php Information Disclosure

SECUNIA ADVISORY ID: SA22058

VERIFY ADVISORY: http://secunia.com/advisories/22058/

CRITICAL: Less critical

IMPACT: Exposure of system information

WHERE: >From remote

SOFTWARE: Plesk 7.x - http://secunia.com/product/3833/

DESCRIPTION: GuanYu has reported a vulnerability in Plesk, which potentially can be exploited by malicious users to disclose certain information.

Input passed to the "file" parameter in filemanager/filemanager.php is not properly verified before being used. This can be exploited to disclose the contents of certain directories via directory traversal attacks. The vulnerability is reported in version 7.6 for Windows. Other versions may also be affected.

SOLUTION: Grant only trusted users access to the affected application.

PROVIDED AND/OR DISCOVERED BY: GuanYu


 

 

WS_FTP LE *PASV* Response Buffer Overflow Vulnerability More about

Posted on Monday, September 25, 2006 @ 17:11:42 CDT in Security
by Raven

TITLE: WS_FTP LE *PASV* Response Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA22032

VERIFY ADVISORY: http://secunia.com/advisories/22032/

CRITICAL: Moderately critical

IMPACT: DoS, System access

WHERE: >From remote

SOFTWARE: WS_FTP LE 5.x - http://secunia.com/product/12062/

DESCRIPTION: h07 has discovered a vulnerability in WS_FTP LE, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the handling of responses to the "PASV" command. This can be exploited to cause a buffer overflow by e.g. tricking a user into connecting to a malicious FTP server. Successful exploitation allows execution of arbitrary code. The vulnerability has been confirmed in version 5.08. Other versions may also be affected.

SOLUTION: Connect to trusted FTP servers only. Use another product.

PROVIDED AND/OR DISCOVERED BY: h07


 

 

PHP-Fusion *maincore.php* SQL Injection Vulnerability More about

Posted on Friday, September 08, 2006 @ 12:32:35 CDT in Security
by Raven

TITLE: PHP-Fusion "maincore.php" SQL Injection Vulnerability

SECUNIA ADVISORY ID: SA21830

VERIFY ADVISORY: http://secunia.com/advisories/21830/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: PHP-Fusion 6.x - http://secunia.com/product/5291/

DESCRIPTION: A vulnerability has been reported in PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to an error within the super globals extraction in maincore.php, which can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "register_globals" and "magic_quotes_gpc" is disabled.

SOLUTION: Update to version 6.01.5. - http://www.php-fusion.co.uk/downloads.php

PROVIDED AND/OR DISCOVERED BY: rgod


 

 

Extremely Critical! Microsoft Word 2000 Unspecified Code Execution Vulnerability More about

Posted on Tuesday, September 05, 2006 @ 07:21:01 CDT in Security
by Raven

TITLE: Microsoft Word 2000 Unspecified Code Execution Vulnerability

SECUNIA ADVISORY ID: SA21735

VERIFY ADVISORY: http://secunia.com/advisories/21735/

CRITICAL: Extremely critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
Microsoft Word 2000 - http://secunia.com/product/2149/
Microsoft Office 2000 - http://secunia.com/product/24/
DESCRIPTION: A vulnerability has been reported in Microsoft Word 2000, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when processing Word documents. This can be exploited to execute arbitrary code when a malicious document is opened. The vulnerability is reported in Microsoft Word 2000 running on Windows 2000. Other versions may also be affected.

NOTE: The vulnerability is being actively exploited.


SOLUTION: Do not open untrusted Office documents.

PROVIDED AND/OR DISCOVERED BY: Discovered in the wild as a 0-day.

OTHER REFERENCES: Symantec: - http://www.symantec.com/enterprise/security_response/weblog/2006/09/new_tricks_with_old_software.html


 



Page 75 of 102 (608 total stories) [ << | < | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | > | >> ]  

News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 513,872,162
  • Today: 106,455
Server InfoServer Info
  • Apr 28, 2025
  • 08:54 pm CDT
 
 

Site Navigation