Computer Security
[EN] securityvulns.ru no-pyccku


XFree86 / X.Org / NX multiple security vulnerabilities
updated since 20.01.2008
Published:08.04.2008
Source:
SecurityVulns ID:8583
Type:local
Threat Level:
7/10
Description:XInput and TOG-CUP extensions memory corruption, EVI and MIT-SHM extensions integer overflows, multiple extensions array index overflows. libxfont PCF fonts parsing buffer overflow.
Affected:NX : nx 3.1
CVE:CVE-2008-0006
 CVE-2007-6429
 CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.)
 CVE-2007-6427
 CVE-2007-5958
 CVE-2007-5760
Original documentdocumentGENTOO, [ GLSA 200804-05 ] NX: User-assisted execution of arbitrary code (08.04.2008)
 documentUBUNTU, [USN-571-1] X.org vulnerabilities (20.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability (20.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities (20.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability (20.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities (20.01.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.04.2008
Source:
SecurityVulns ID:8871
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WIKEPAGE : Opus 13 2007.2
 SWIKI : Swiki 1.5
 WOLTLAB : WoltLab Community Framework 1.0
 PHPTOURNOIS : phpTournois G4
Original documentdocumentCharles "real" F., phpTournois <= G4 Remote File Upload/Code Execution Exploit (08.04.2008)
 documentJessica Hope, WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability (08.04.2008)
 documentBrad Antoniewicz, Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities (08.04.2008)
 documentJeff Williams, Attack Technique: File Download Injection (08.04.2008)
 documentvirangar_nml_(at)_yahoo.com, Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility (08.04.2008)
Files:phpTournois <= G4 Remote File Upload/Code Execution Exploit

openMosix API library buffer overflow
Published:08.04.2008
Source:
SecurityVulns ID:8872
Type:library
Threat Level:
5/10
Description:Buffer overflow in msx_readnode().
Original documentdocumentjose_(at)_eyeos.org, openMosix userspace library stack-based buffer overflow (08.04.2008)

Tumbleweed SecureTransport FileTransfer ActiveX buffer overflow
Published:08.04.2008
Source:
SecurityVulns ID:8873
Type:client
Threat Level:
6/10
Description:Buffer overflow in TransferFile method.
Affected:Tumbleweed : SecureTransport Server 4.6
Original documentdocumentPatrick Webster, Tumbleweed SecureTransport FileTransfer ActiveX Control Buffer Overflow (08.04.2008)
Files:Exploits Tumbleweed SecureTransport FileTransfer ActiveX Control Buffer Overflow

CDNetworks Nefficient Download ActiveX unauthorized access
Published:08.04.2008
Source:
SecurityVulns ID:8874
Type:client
Threat Level:
5/10
Description:It's possible to download file to any location.
Affected:CDNETWORKS : NeffyLauncher 1.0
Original documentdocumentSimon Ryeo, CDNetworks Nefficient Download(NeffyLauncher.dll) Vulnerabilities (08.04.2008)

HP OpenView Network Node Manager multiple security vulnerabilities
updated since 08.04.2008
Published:08.04.2008
Source:
SecurityVulns ID:8875
Type:remote
Threat Level:
6/10
Description:Buffer overflows, format string vulnerabilities, DoS conditions on TCP/2953, TCP/2954 traffic parsing.
Affected:HP : OpenView Network Node Manager 7.53
Original documentdocumentLuigi Auriemma, Re: Multiple vulnerabilities in HP OpenView NNM 7.53 (09.04.2008)
 documentLuigi Auriemma, Multiple vulnerabilities in HP OpenView NNM 7.53 (08.04.2008)
Files:Exploits HP OpenView Network Node Manager <= 7.53 memory corruption

Microsoft Visio multiple security vulnerabilities
Published:08.04.2008
Source:
SecurityVulns ID:8877
Type:client
Threat Level:
6/10
Description:Memory corruption and code execution on files parsing.
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2008-1090
 CVE-2008-1089
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-019 – Important Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032) (08.04.2008)
Files:Microsoft Security Bulletin MS08-019 – Important Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)

Microsoft Windows GDI multiple security vulnerabilities
updated since 08.04.2008
Published:09.04.2008
Source:
SecurityVulns ID:8878
Type:library
Threat Level:
9/10
Description:Multiple buffer overflows on EMF and WMF files parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-1087
 CVE-2008-1083 (Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability (09.04.2008)
 documentIDEFENSE, iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Heap Buffer Overflow Vulnerability (09.04.2008)
 documentZDI, ZDI-08-020: Microsoft GDI WMF Parsing Heap Overflow Vulnerability (09.04.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590) (08.04.2008)
Files:Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod