Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 06.06.2008
Published:06.06.2008
Source:
SecurityVulns ID:9060
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SCHOOLCENTER : SchoolCenter 8.0
 WEBALBUM : WEBAlbum 2.0
Original documentdocumenttan_prathan_(at)_hotmail.com, WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability (06.06.2008)
 documentHackers Center Security Group, SchoolCenter URL Handling Cross Site Scripting Vulnerability (06.06.2008)

F5 Firepass crossite scripting
Published:06.06.2008
Source:
SecurityVulns ID:9061
Type:remote
Threat Level:
5/10
Description:Crossite scripting via crossite scripting protection management page.
Affected:F5 : FirePass 6.0
Original documentdocumentnnposter_(at)_disclosed.not, F5 FirePass Content Inspection Management XSS (06.06.2008)

VMWare multiple security vulnerabilities
updated since 05.06.2008
Published:06.06.2008
Source:
SecurityVulns ID:9055
Type:local
Threat Level:
5/10
Description:Multiple privilege escalation in guest OS.
Affected:VMWARE : VMware Workstation 5.5
 VMWARE : VMware Player 1.0
 VMWARE : VMware Server 1.0
 VMWARE : VMware ACE 1.0
 VMWARE : VMWare Workstation 6.0
 VMWARE : VMware Player 2.0
 VMWARE : VMWare ACE 2.0
 VMWARE : VMware Fusion 1.1
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESXi 3.0
 VMWARE : VMware ESXi 2.5
CVE:CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length.")
 CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build 91891 on Linux, and VMware ESXi 3.5 and VMware ESX 2.5.4 through 3.5, allows local users to gain privileges via a library path option in a configuration file.)
 CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.)
Original documentdocumentVMWARE, iDefense Security Advisory 06.04.08: VMware Multiple Products vmware-authd Untrusted Library Loading Vulnerability (05.06.2008)
 documentIDEFENSE, iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability (05.06.2008)
 documentVMWARE, VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (05.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod