Computer Security

Search:Vulnerability:09.01.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Windows TCP/IP stack multiple security vulnerabilities
Published:09.01.2008
Source:MICROSOFT
SecurityVulns ID:8545
Type:remote
Level:10/10
Description:Memory corruption on IGMP/MLD processing, DoS on fragmented ICMP router discovery.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-0069
 CVE-2007-0066
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-001 – Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644) (09.01.2008)
Files:Microsoft Security Bulletin MS08-001 – Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows LSASS LPC requests privilege escalation
Published:09.01.2008
Source:MICROSOFT
SecurityVulns ID:8546
Type:local
Level:6/10
Description:It's possible to execute code with LocalSystem privileges.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-5352
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-002 – Important Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) (09.01.2008)
Files:Microsoft Security Bulletin MS08-002 – Important Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
Discuss:Read or add your comments to this news (0 comments)

McAfee E-Business Server buffer overflow
Published:09.01.2008
Source:BUGTRAQ
SecurityVulns ID:8548
Type:remote
Level:6/10
Description:TCP/1718 administration interface buffer overflow.
Affected:MCAFEE : McAfee E-Business Server 8.5
Original documentdocumentinfocus, [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS (09.01.2008)
Files:McAfee(R) E-Business Server(TM) 8.5.2 Remote preauth crash (PoC)
Discuss:Read or add your comments to this news (0 comments)

unp shell characters security vulnerability
Published:09.01.2008
Source:BUGTRAQ
SecurityVulns ID:8549
Type:local
Level:4/10
Description:shell characters vulnerability thorugh filenames.
Affected:UNP : unp 1.0
CVE:CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200801-01 ] unp: Arbitrary command execution (09.01.2008)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.01.2008
Source:
SecurityVulns ID:8547
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla 1.0
 OMEGASOFT : Insel 7
 LAYTON : HelpBox 3.7
Original documentdocumentSECUNIA, [SA27699] Layton HelpBox Multiple Vulnerabilities (09.01.2008)
 documentMC Iglo, Privileg escalation in Omegasoft Insel 7 (09.01.2008)
 documentDigital Security Research Group [DSecRG], LFI in Tuned Studios Templates (09.01.2008)
 documentJ. Carlos Nieto, Joomla 1.0.13 CSRF (09.01.2008)
Discuss:Read or add your comments to this news (0 comments)

Gateway WebLauncher ActiveX code execution
Published:09.01.2008
Source:BUGTRAQ
SecurityVulns ID:8550
Type:client
Level:5/10
Description:Insecure methods and buffer overflows.
Original documentdocumentElazar Broad, Re: [Full-disclosure] Gateway WebLaunch ActiveX Control Insecure Method (09.01.2008)
 documentElazar Broad, [Full-disclosure] Gateway WebLaunch ActiveX Control Insecure Method (09.01.2008)
Files:Gateway Weblaunch ActiveX Control Insecure Method Exploit
Discuss:Read or add your comments to this news (0 comments)

SAP MaxDB shell characters security vulnerability
Published:09.01.2008
Source:BUGTRAQ
SecurityVulns ID:8551
Type:remote
Level:8/10
Description:Shell characters vulnerability on executing pre-authentication exec_sdbinfo command.
Affected:SAP : MaxDB 7.6
Original documentdocumentLuigi Auriemma, Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 (09.01.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server