Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Newsrover / Newsbin / Newsreactor / Grabbit / News Files Grabber (multiple bugs)
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7289
Тип:клиент
Уровень опасности:
5/10
Описание:Уязвимости при разборе файлов различных XML форматов.
Затронутые продукты:NEWSBINPRO : News Bin Pro 5.33
 NEWSROVER : News Rover 12.1
 SHEMES : Grabit 1.5
 NEWSFILEGRABBER : News File Grabber 4.1
 NEWSREACTOR : NewsReactor 20070220
 GLUESOFTWARE : NewsGlue 1.3
CVE:CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.)
 CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.)
 CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.)
 CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.)
 CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Файлы:News Rover 12.1 Rev 1 Remote Stack Overflow exploit
 NewsReactor 20070220 Article Grabbing Remote Buffer Overflow Exploit 1
 News Bin Pro 4.32 Article Grabbing Remote Unicode Buffer Overflow
 News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit
 News Bin Pro 5.33 .NBI File Buffer Overflow exploit
 NewsReactor 20070220 Article Grabbing Remote Buffer Overflow

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород