 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 04.08.2008 | | Source: |  | | | SecurityVulns ID: |  | 9196 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Smeego: automation protection bypass, crossite scripting. |
| Apple Mac OS X multiple security vulnerabilities | | Published: | | 04.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9197 | | Type: | | library | | Level: | | 7/10 | | Description: | | Integer overflows and buffer overflows in graphics API and fonts API. |
| Affected: |  | APPLE : MacOS X 10.4 | | CVE: |  | CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.) |
| America's army game server DoS | | Published: | | 04.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9199 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Invalid assert() on network traffic parsing. |
| OpenSC smart cards unauthrorized access | | Published: | | 04.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9200 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to change smrtcard PIN code. |
Ingres database server multiple security vulnerabilities
updated since 04.08.2008 | | Published: | | 07.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9198 | | Type: | | local | | Level: | | 5/10 | | Description: | | Weak file permissions, insecure shared library loading, buffer overflow in different utilities. |
| Affected: | | INGRES : Ingres Database 2006 | | CVE: | | CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.) | | | | CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability.") | | | | CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.) |
|
|
|
|
|
|
|
|
