Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Unified Communications Disaster Recovery Framework code execution
Published:05.04.2008
Source:
SecurityVulns ID:8864
Type:remote
Threat Level:
5/10
Description:Command execution thorugh backup management service.
CVE:CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability (05.04.2008)

Symantec Internet Security activeX code execution
Published:05.04.2008
Source:
SecurityVulns ID:8865
Type:client
Threat Level:
7/10
Description:It's possible to execute code by using crossite scripting in symantec.com domain. Buffer overflow.
Affected:SYMANTEC : Norton Internet Security 2008
 SYMANTEC : Internet Security 2008
CVE:CVE-2008-0313
Original documentdocumentIDEFENSE, iDefense Security Advisory 04.02.08: Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability (05.04.2008)
 documentIDEFENSE, iDefense Security Advisory 04.02.08: Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability (05.04.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.04.2008
Source:
SecurityVulns ID:8867
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. MODx CMS: index.php crossite scripting through email parameter.
Affected:ALKACON : OpenCms 7.0
 BLOGATOR : Blogator-script 0.95
Original documentdocumenthsx_(at)_hotmail.fr, Alkacon OpenCms sessions.jsp searchfilter XSS (05.04.2008)
 documenthsx_(at)_hotmail.fr, Blogator-script 0.95 Change User Password Vulnerbility (05.04.2008)
 documenthsx_(at)_hotmail.fr, KwsPHP Module ConcoursPhoto XSS (05.04.2008)
 documentMustLive, Vulnerability in MODx CMS (05.04.2008)

OrbitDownloader buffer overflow
Published:05.04.2008
Source:
SecurityVulns ID:8868
Type:client
Threat Level:
6/10
Description:Buffer overflow on Unicode URL parsing.
Affected:ORBITDOWNLOADER : Orbit downloader 2.6
CVE:CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0314 - Orbit Downloader "Download failed" buffer overflow (05.04.2008)

SCO Unixware pkgadd directory traversal
Published:05.04.2008
Source:
SecurityVulns ID:8869
Type:local
Threat Level:
6/10
Description:It's possible to access any system files.
Affected:SCO : UnixWare 7.1
CVE:CVE-2008-0310
Original documentdocumentIDEFENSE, iDefense Security Advisory 04.03.08: SCO UnixWare pkgadd Directory Traversal Vulnerability (05.04.2008)
Files:UnixWare pkgadd Local Root Exploit

F5 BIG-IP privilege escalation
Published:05.04.2008
Source:
SecurityVulns ID:8870
Type:local
Threat Level:
4/10
Description:Resource Manager group member can execute shell commands thorugh perl injection vulnerability.
Affected:F5 : BIG-IP 9.4
Original documentdocumentnnposter_(at)_disclosed.not, F5 BIG-IP Management Interface Perl Injection (05.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod