Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Secure ACS DoS
Published:07.09.2008
Source:
SecurityVulns ID:9266
Type:remote
Threat Level:
6/10
Description:Crash on EAP authentication parsing.
Affected:CISCO : Secure ACS 3.3
 CISCO : Secure ACS 4.1
 CISCO : Secure ACS 4.2
CVE:CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.)
Original documentdocumentLaurent Butti, Cisco Secure ACS EAP Parsing Vulnerability (07.09.2008)
 documentCISCO, Cisco Secure ACS Denial Of Service Vulnerability (07.09.2008)

Atheros wireless drivers buffer overflow
Published:07.09.2008
Source:
SecurityVulns ID:9271
Type:remote
Threat Level:
6/10
Description:Buffer overflow on oversized information element.
Affected:CISCO : Linksys WRT350N
 ATHEROS : Atheros AR5416-AC1E
CVE:CVE-2007-5474
Original documentdocumentLaurent Butti, Atheros Vendor Specific Information Element Overflow (07.09.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:07.09.2008
Source:
SecurityVulns ID:9265
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
Affected:MYPHPNUKE : myPHPNuke 1.8
 DJANGO : django 0.95
 ZENCART : Zen Cart
 ASPWEBALBUM : aspWebAlbum 3.2
CVE:CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.)
Original documentdocumentFabian Fingerle, Multiple Cross Site Scripting (XSS) and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 (07.09.2008)
 documentMANDRIVA, [ MDVSA-2008:185 ] python-django (07.09.2008)
 documentAlemin_Krali Krali, aspWebAlbum 3.2 (Upload/SQL/XSS) Multiple Remote Vulnerabilities (07.09.2008)
 documentJeiAr, Zen Cart <= 1.3.8a SQL Injection (07.09.2008)
 documentMustLive, SQL Injection vulnerabilities in myPHPNuke (07.09.2008)

courier-autlib authentication library SQL injection
Published:07.09.2008
Source:
SecurityVulns ID:9268
Type:library
Threat Level:
6/10
Affected:COURIER : courier-authlib 0.60
CVE:CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.)
 CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.)
Original documentdocumentGENTOO, [ GLSA 200809-05 ] Courier Authentication Library: SQL injection vulnerability (07.09.2008)

Marvell wireless drivers multiple security vulnerabilities
Published:07.09.2008
Source:
SecurityVulns ID:9270
Type:remote
Threat Level:
6/10
Description:DoS, buffer overflow.
Affected:NETGEAR : Netgear WN802T
 Marvell : MARVELL 88W8361P-BEM1
CVE:CVE-2008-1197
 CVE-2008-1144
Original documentdocumentLaurent Butti, Marvell Driver Null SSID Association Request Vulnerability (07.09.2008)
 documentLaurent Butti, Marvell Driver EAPoL-Key Length Overflow (07.09.2008)

dnsmasq multiple security vulnerabilities
Published:07.09.2008
Source:
SecurityVulns ID:9272
Type:remote
Threat Level:
5/10
Description:DNS records spoofing, DoS.
Affected:DNSMASQ : dnsmasq 2.4
CVE:CVE-2008-3350 (dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.)
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.")
Original documentdocumentGENTOO, [ GLSA 200809-02 ] dnsmasq: Denial of Service and DNS spoofing (07.09.2008)

HP OpenView Select Identity Connectors information leak
Published:07.09.2008
Source:
SecurityVulns ID:9269
Type:local
Threat Level:
5/10
Original documentdocumentHP, [security bulletin] HPSBMA02361 SSRT080119 rev.1 - HP OpenView Select Identity Connectors running on Windows, Local Information Disclosure (07.09.2008)

FreeBSD multiple security vulnerabilities
updated since 07.09.2008
Published:03.07.2009
Source:
SecurityVulns ID:9267
Type:remote
Threat Level:
7/10
Description:mount / nmount syscall implementcation buffer overflow. amd64 CPU registers privilege escalation. DoS через ICMPv6.
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 6.3
 FREEBSD : FreeBSD 7.1
 FREEBSD : FreeBSD 6.4
CVE:CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.)
 CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions.")
 CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:08.nmount (07.09.2008)
Files:Privilege escalation exploit for the FreeBSD-SA-08:08.nmount

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod