Search:Vulnerability:01.09.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Mita Scanner File Utility multiple security vulnerabilities
Published: 01.09.2008
Source: BUGTRAQ
SecurityVulns ID: 9248
Type: remote
Level: 5/10
Description: Directory traversal, unauthorized access.

Affected: KYOCERA : Mita Scanner File Utility 3.3

Original document Seth Fogie, White Wolf Labs #080826-1: Kyocera Mita Scanner File Utility (Multiple) (01.09.2008)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 01.09.2008
Source:
SecurityVulns ID: 9249
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FeedBurner FeedSmith: crossite scripting, information leak. myPHPNuke: crossite scripting, SQL injection.

Affected: MYPHPNUKE : myPHPNuke 1.8
INVISION : Invision Power Board 2.3
FEEDBURNER : FeedBurner FeedSmith 2.3
PHPCART : PHPCart 4.6
PHPCART : PHPCart 3.4

Original document vaibhav aher, XSS and Data Manipulation attacks found in CMS PHPCart. (01.09.2008)

gmdarkfig_(at)_gmail.com, [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities (01.09.2008)

gmdarkfig_(at)_gmail.com, [Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass (01.09.2008)

document MustLive, Vulnerabilities in FeedBurner FeedSmith for WordPress (01.09.2008)

MustLive, XSS and SQL Injection vulnerabilities in myPHPNuke (01.09.2008)

Files: [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities
Discuss: Read or add your comments to this news (0 comments)

ipsec-tools / racoon IPSec DoS
Published: 01.09.2008
Source: BUGTRAQ
SecurityVulns ID: 9251
Type: remote
Level: 7/10
Description: DoS attack with memory exhaustion.

CVE: CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).)
CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.)

Original document MANDRIVA, bugtraq@securityfocus.com (01.09.2008)

Discuss: Read or add your comments to this news (0 comments)

libpurple / Pidgin buffer overflow
updated since 01.09.2008
Published: 09.06.2009
Source: BUGTRAQ
SecurityVulns ID: 9250
Type: library
Level: 6/10
Description: Buffer overflow on MSN SLP messages parsing.

Affected: PIDGIN : Pidgin 2.4
CVE: CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.)
CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.)

Original document ZDI, ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (09.06.2009)

ZDI, ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (01.09.2008)

Discuss: Read or add your comments to this news (0 comments)

test server