Computer Security
[EN] securityvulns.ru no-pyccku


Novell iPrint client multiple security vulnerabilities
updated since 26.08.2008
Published:04.09.2008
Source:
SecurityVulns ID:9246
Type:client
Threat Level:
5/10
Description:Information leak, multiple buffer overflow.
Affected:NOVELL : iPrint Client 4.36
 NOVELL : iPrint Client 5.04
Original documentdocumentSECUNIA, Secunia Research: Novell iPrint Client nipplib.dll "IppCreateServerRef()" Buffer Overflow (04.09.2008)
 documentSECUNIA, Secunia Research: Novell iPrint Client ActiveX Control Multiple Buffer Overflows (26.08.2008)
 documentSECUNIA, Secunia Research: Novell iPrint Client ActiveX Control "GetFileList()" Information Disclosure (26.08.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.09.2008
Source:
SecurityVulns ID:9261
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
Affected:MYPHPNUKE : myPHPNuke 1.8
 CSCART : CS-Cart 1.3
 IDEVSPOT : BizDirectory 2.04
 TRANSLUCID : transLucid 1.75
Original documentdocumentadmin_(at)_bugreport.ir, TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload (04.09.2008)
 documentAdmin_(at)_irist.ir, BizDirectory <== 2.04 Cross-Site Scripting Vulnerabilities (04.09.2008)
 documentJeiAr, CS-Cart <= 1.3.5 SQL Injection (04.09.2008)
 documentMustLive, SQL Injection vulnerability in myPHPNuke (04.09.2008)

libtiff memory corruption
Published:04.09.2008
Source:
SecurityVulns ID:9262
Type:library
Threat Level:
6/10
Description:Memory corruption on LZW decoding.
Affected:LIBTIFF : libtiff 3.8
CVE:CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:184 ] libtiff (04.09.2008)

Cisco PIX and Cisco ASA multiple security vulnerabilities
Published:04.09.2008
Source:
SecurityVulns ID:9263
Type:remote
Threat Level:
6/10
Description:Multiple DoS conditions on SIP parsing and VPN authentication, memory leaks, information leak.
Affected:CISCO : PIX 7.0
 CISCO : PIX 7.1
 CISCO : PIX 8.0
 CISCO : PIX 8.1
CVE:CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0(3)15, 8.0(3)16, 8.1(1)4, and 8.1(1)5, when configured as a clientless SSL VPN endpoint, allows remote attackers to obtain usernames and passwords via unknown vectors, aka Bug ID CSCsq45636.)
 CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 devices 8.0 before 8.0(3)15 and 8.1 before 8.1(1)5, when configured as a clientless SSL VPN endpoint, does not properly process URIs, which allows remote attackers to cause a denial of service (device reload) via a URI in a crafted SSL or HTTP packet, aka Bug ID CSCsq19369.)
 CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a clientless SSL VPN endpoint, allows remote attackers to cause a denial of service (memory consumption and VPN hang) via a crafted SSL or HTTP packet, aka Bug ID CSCso66472.)
 CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942.)
 CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315.)
Original documentdocumentCISCO, Cisco Security Advisory: Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA (04.09.2008)

Google Chrome browser multiple security vulnerabilities
updated since 04.09.2008
Published:13.09.2008
Source:
SecurityVulns ID:9260
Type:client
Threat Level:
5/10
Description:Automatic file download, DoS, buffer overflows.
Affected:GOOGLE : Chrome 0.2
Original documentdocumentMustLive, New DoS vulnerability in Google Chrome (13.09.2008)
 documentMustLive, New Automatic File Download vulnerabilities in Google Chrome (12.09.2008)
 documentMustLive, Automatic File Download vulnerabilities in Google Chrome (10.09.2008)
 documentMustLive, New Automatic File Download vulnerability in Google Chrome (09.09.2008)
 documentHACKERS PAL, Google Chrome Auto download exploit .. (07.09.2008)
 documentMustLive, New DoS vulnerability in Google Chrome (DoS on MouseOver) (07.09.2008)
 documentMustLive, New Automatic File Download vulnerability in Google Chrome (07.09.2008)
 documentMustLive, New DoS vulnerability in Google Chrome (06.09.2008)
 documentMustLive, DoS vulnerability in Google Chrome (06.09.2008)
 documentjplopezy_(at)_gmail.com, other google chrome crash (06.09.2008)
 documentquakerdoomer_(at)_fmguy.com, Risky Chrome (The perfect cleartext password offering ) (06.09.2008)
 documentSecurity Vulnerability Research Team, Google Chrome 0.2.149.27 'SaveAs' Function Buffer Overflow Vulnerability (06.09.2008)
 documentMustLive, New Automatic File Download vulnerability in Google Chrome (04.09.2008)
 documentMustLive, Automatic File Download vulnerability in Google Chrome (04.09.2008)
 documentpsy.echo_(at)_gmail.com, Google Chrome Browser (ver.0.2.149.27) Vulnerability (04.09.2008)
 documentnerex_(at)_live.com, Google Chrome Automatic File Download (04.09.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod