Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.01.2008
Source:
SecurityVulns ID:8536
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Geeklog: crossite scripting thorugh different form fields.
Affected:ETICKET : eTicket 1.5
 NETRISK : netrisk 1.9
 SNITZ : Snitz Forum 3.4
 INSANEVISIONS : OneCMS 2.4
 MILLIONDOLLARSCR : Million Dollar Script 2.0
Original documentdocumentp4imi0, sysHotel On Line Remote File Disclosure Vulnerability. (08.01.2008)
 documentp4imi0, Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. (08.01.2008)
 documentmorin.josh_(at)_gmail.com, SocialURL Login Page Cross-Site Scripting (08.01.2008)
 documentadmin_(at)_bugreport.ir, OneCMS Vulnerabilities (08.01.2008)
 documentL4teral, eTicket 1.5.5.2 Multiple Vulnerabilities (08.01.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) (08.01.2008)
 documentHackers Center Security Group, [HSC] Snitz Forums Multiple Vulnerabilities (08.01.2008)
 documentMustLive, Cross-Site Scripting vulnerabilities in Geeklog (08.01.2008)

Microsoft Windows Vista / XP / 2000 audio drivers privilege escalation
Published:08.01.2008
Source:
SecurityVulns ID:8537
Type:local
Threat Level:
6/10
Description:Ensoniq PCI 1371 WDM audio driver privilege escalation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
Original documentdocumentReversemode, [Reversemode Paper] Exploiting WDM Audio Drivers (08.01.2008)
Files:Exploits Microsoft Windows Vista and earlier KSDISPATCH_TABLE Privilege Escalation
 Exploiting WDM Audio Drivers

SynCE shell characters vulnerability
Published:08.01.2008
Source:
SecurityVulns ID:8538
Type:remote
Threat Level:
6/10
Description:Shell characters vulnerability on external application execution.
Affected:SYNCE : Synce-dccm 0.92
 SYNCE : Synce-dccm 0.10
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2007-1106: SynCE Remote Command Injection (08.01.2008)

PostgreSQL database server multiple security vulnerabilities
Published:08.01.2008
Source:
SecurityVulns ID:8539
Type:local
Threat Level:
5/10
Description:Privilege escalation with indexing functions, privilege escalation with DBLink, DoS with regular expressions.
Affected:POSTGRESQL : PostgreSQL 7.3
 POSTGRES : PostgreSQL 7.4
 POSTGRES : PostgreSQL 8.0
 POSTGRES : PostgreSQL 8.1
 POSTGRES : PostgreSQL 8.2
CVE:CVE-2007-6601
 CVE-2007-6600
 CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.)
 CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.)
 CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.)
Original documentdocumentPOSTGRESQL, PostgreSQL 2007-01-07 Cumulative Security Release (08.01.2008)

Linksys WRT54GL wireless router unauthorized access
Published:08.01.2008
Source:
SecurityVulns ID:8540
Type:remote
Threat Level:
7/10
Description:Some administrative functions, including firewall rules changing, may be performed without authentication.
Affected:CISCO : Linksys WRT54GL
Original documentdocumenttomaz.bratusa_(at)_teamintell.com, Linksys WRT54 GL - Session riding (CSRF) (08.01.2008)

Motorola netOctopus agent privileg eescalation
Published:08.01.2008
Source:
SecurityVulns ID:8541
Type:local
Threat Level:
5/10
Description:\\.\NantSys system device allows processor registers modification.
Affected:MOTOROLA : netOctopus 5.1
CVE:CVE-2007-5761
Original documentdocumentIDEFENSE, iDefense Security Advisory 01.07.08: Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability (08.01.2008)

OpenPegasus buffer overflow
Published:08.01.2008
Source:
SecurityVulns ID:8542
Type:remote
Threat Level:
6/10
Description:PAM authentication byffer overflow.
Affected:OPENPEGASUS : OpenPegasus 2.5
CVE:CVE-2007-5360
Original documentdocumentVMWARE, VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (08.01.2008)

Level One WBR-3460A wireless ADSL router unauthorized access
Published:08.01.2008
Source:
SecurityVulns ID:8543
Type:remote
Threat Level:
5/10
Description:Username/password is not required for telnet configuration access.
Affected:LEVELONE : WBR-3460A
Original documentdocumentanastasiosm_(at)_gmail.com, Level-One WBR-3460A Grants Root Access (08.01.2008)

SUN Java Runtime Environment DoS
Published:08.01.2008
Source:
SecurityVulns ID:8544
Type:client
Threat Level:
5/10
Description:NULL pointer dereference on HTML-embedded RFC 2397 encoded applets.
Affected:SUN : JRE 5.0
 ORACLE : Jre 6.0
CVE:CVE-2007-0012
Original documentdocumentadvisories, Corsaire Security Advisory: Sun J2RE DoS issue (08.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod