 |
|
|
|
| Trend Micro OfficeScan directory traversal | | Published: |  | 06.10.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9333 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Directory traversal in update agent server part. |
| CVE: |  | CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.) |
| VMWare privilege escalation | | Published: | | 06.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9335 | | Type: | | local | | Level: | | 5/10 | | Description: | | 64-bit platforms guest system privilege escalation. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 06.10.2008 | | Source: | | | | SecurityVulns ID: | | 9332 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| pam_krb5 privilege escalation | | Published: | | 06.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9334 | | Type: | | local | | Level: | | 6/10 | | Description: | | Privilege escalation is possible if existing_ticket credentials caching option is used. |
| Affected: |  | PAMKRB5 : pam_krb5 2.2 | | CVE: | | CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.) |
| lighthttpd multiple security vulnerabilities | | Published: | | 06.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9336 | | Type: | | remote | | Level: | | 6/10 | | Description: | | DoS conditions, information leakage. |
| Affected: | | LIGHTHTTPD : lighttpd 1.4 | | CVE: | | CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.) | | | | CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.) | | | | CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.) |
| Mac OS X Mail.App insecure data storage | | Published: | | 06.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9337 | | Type: | | local | | Level: | | 4/10 | | Description: | | Encrypted messages are stored in cleartext. |
|
|
|
|
|
|
|
|
