 |
|
|
|
| HP StorageWorks Storage Mirroring buffer overflow | | Published: |  | 05.06.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9049 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | TCP/1100, TCP/1106, UDP/1105 authentication buffer overflow. |
| CA ETrust Secure Content Manager Gateway multiple security vulnerabilities | | Published: | | 05.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9052 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow on FTP PASV and LIST commands. |
| CVE: |  | CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.) |
| Kaspersky Antivirus IOCTL privilege escalation | | Published: | | 05.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9054 | | Type: | | local | | Level: | | 6/10 | | Description: | | IOCTL 0x800520e8 buffer overflow. |
| Cisco PIX / ASA multiple security vulnerabilities | | Published: | | 05.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9057 | | Type: | | remote | | Level: | | 8/10 | | Description: | | TCP ACKs DoS, TLS DoS, instant messenger DoS, HTTPs request parsing DoS, Control-plane ACLs feature bypass. |
| Linksys WRH54G wireless router DoS | | Published: | | 05.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9059 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Web-interface crash on invalid HTTP request. |
| Sun Java System Active Server Pages multiple security vulnerabilities | | Published: | | 05.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9051 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Information leaks, commands injection, directory traversals, buffer overflows, authentication bypass. |
| Affected: |  | SUN : Java System Active Server Pages 4.0 | | CVE: | | CVE-2008-2406 (The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.) | | | | CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.) | | | | CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.) | | | | CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method.) | | | | CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents.) | | | | CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.) |
| Skype protection bypass | | Published: | | 05.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9053 | | Type: | | client | | Level: | | 4/10 | | Description: | | Dangerous file protection dialog bypass. |
| HP ActiveX code execution | | Published: | | 05.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9056 | | Type: | | client | | Level: | | 6/10 | | Description: | | HPISDataManager.dll code execution. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 05.06.2008 | | Source: | | | | SecurityVulns ID: | | 9058 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
Akamai Download Manager ActiveX code execution
updated since 01.05.2008 | | Published: | | 05.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8962 | | Type: | | client | | Level: | | 6/10 | | Description: | | Undocumented properties allow code download and execute. |
| Affected: | | AKAMAI : Akamai Download Manager 2.2 | | CVE: | | CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.) |
VMWare multiple security vulnerabilities
updated since 05.06.2008 | | Published: | | 06.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9055 | | Type: | | local | | Level: | | 5/10 | | Description: | | Multiple privilege escalation in guest OS. |
| Original document |  | VMWARE, iDefense Security Advisory 06.04.08: VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability (05.06.2008) |
| | | IDEFENSE, iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability (05.06.2008) |
| | | VMWARE, VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (05.06.2008) |
Asterisk voice server DoS
updated since 05.06.2008 | | Published: | | 07.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9050 | | Type: | | remote | | Level: | | 5/10 | | Description: | | SIP protocol parsing NULL pointer dereference in pedantic mode. Uninitialized memory reference on in ooh323 channel driver. |
| Affected: | | ASTERISK : Asterisk 1.2 | | | | ASTERISK : Asterisk s800i | | | | ASTERISK : AsteriskNOW 1.0 | | CVE: | | CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.) | | | | CVE-2008-2119 |
|
|
|
|
|
|
|
|
