Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.06.2008
Source:
SecurityVulns ID:9064
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PIXELPOST : Pixelpost 1.7
 NEXTGENGALLERY : Nextgen gallery 0.96
Original documentdocumentEduardo Jorge, XSS - NEXTGEN GALLERY 0.96 WORDPRESS PLUGIN (09.06.2008)
 documentAlex Eden, webTA by kronos - XSS (09.06.2008)
 documentCharles "real" F., PixelPost 1.7.1 File Disclosure (09.06.2008)

Linux kernel multiple security vulnerabilities
Published:09.06.2008
Source:
SecurityVulns ID:9065
Type:remote
Threat Level:
8/10
Description:Buffer overflow in CIFS and SNMP ASN.1 parsing code. Buffer overflow in DCCP.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.)
 CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1592-1] New Linux 2.6.18 packages fix overflow conditions (09.06.2008)

Network General Enterprise Administrator privilege escalation
Published:09.06.2008
Source:
SecurityVulns ID:9066
Type:local
Threat Level:
5/10
Description:Administrative access doesn't require authentication.
Affected:NETWORKGENERAL : Visualizer V2100
 NETWORKGENERAL : Infinistream i1730
Original documentdocumentjgrove_2000_(at)_yahoo.com, Vulnerability in Network General/Net Scout product (09.06.2008)

Akamai Red Swoosh crossite scripting
Published:09.06.2008
Source:
SecurityVulns ID:9067
Type:client
Threat Level:
6/10
Description:Crossite request forgery to embedded web server is possible.
Affected:AKAMAI : Red Swoosh Client 3322
CVE:CVE-2008-1106
Original documentdocumentAKAMAI, Akamai Technologies Security Advisory 2008-0003 (Akamai Client Software) (09.06.2008)
 documentSECUNIA, Secunia Research: Akamai Red Swoosh Cross-Site Request Forgery (09.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod