Computer Security
[EN] securityvulns.ru no-pyccku


Trend Micro OfficeScan directory traversal
Published:06.10.2008
Source:
SecurityVulns ID:9333
Type:remote
Threat Level:
5/10
Description:Directory traversal in update agent server part.
CVE:CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.)
Original documentdocumentSECUNIA, Secunia Research: Trend Micro OfficeScan Directory Traversal Vulnerability (06.10.2008)

VMWare privilege escalation
Published:06.10.2008
Source:
SecurityVulns ID:9335
Type:local
Threat Level:
5/10
Description:64-bit platforms guest system privilege escalation.
Affected:VMWARE : VMware Workstation 5.5
 VMWARE : VMware Player 1.0
 VMWARE : VMware Server 1.0
 VMWARE : VMware ACE 1.0
 VMWARE : VMWare Workstation 6.0
 VMWARE : VMware Player 2.0
 VMWARE : VMWare ACE 2.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESXi 3.5
 VMWARE : VirtualCenter 2.5
 VMWARE : VMware ESX 3.5
CVE:CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.)
 CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.)
Original documentdocumentVMWARE, VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues (06.10.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.10.2008
Source:
SecurityVulns ID:9332
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MONO : Mono 2.0
 PHPWEBEXPLORER : PHPWebExplorer 0.99
 IFOTO : iFoto 1.0
 CMME : CMME 1.19
 HAMMERSOFTWARE : MetaGauge 1.0
CVE:CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL.)
 CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.)
Original documentdocumentBrad Antoniewicz, PHPWebExplorer <= 0.09b: Local File Inclusion Vulnerability (06.10.2008)
 documentBrad Antoniewicz, MetaGauge 1.0.0.17 Directory Traversal (06.10.2008)
 documentadmin_(at)_bugreport.ir, CMME Multiple Information disclosure vulnerabilities (06.10.2008)
 documentPepelux, iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability (06.10.2008)
 documentGhost hacker, Website Directory - XSS Exploit (06.10.2008)
Files:Website Directory - XSS Exploit

pam_krb5 privilege escalation
Published:06.10.2008
Source:
SecurityVulns ID:9334
Type:local
Threat Level:
6/10
Description:Privilege escalation is possible if existing_ticket credentials caching option is used.
Affected:PAMKRB5 : pam_krb5 2.2
CVE:CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:209 ] pam_krb5 (06.10.2008)

lighthttpd multiple security vulnerabilities
Published:06.10.2008
Source:
SecurityVulns ID:9336
Type:remote
Threat Level:
6/10
Description:DoS conditions, information leakage.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.)
 CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.)
 CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-1645-1] New lighttpd packages fix various problems (06.10.2008)

Mac OS X Mail.App insecure data storage
Published:06.10.2008
Source:
SecurityVulns ID:9337
Type:local
Threat Level:
4/10
Description:Encrypted messages are stored in cleartext.
Affected:APPLE : MacOS X 10.4
Original documentdocumentpublists_(at)_enablesecurity.com, [ENABLESECURITY] Apple's Mail.app stores your S/MIME encrypted emails in clear text (06.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod