 |
|
|
|
| feta symbolic links vulnerability | | Published: |  | 09.10.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9340 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Symboliclinks vulnerability on temporayr files creation. |
| Affected: |  | FETA : feta 1.4 | | CVE: |  | CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.) |
| mon symbolic links vulnerability | | Published: | | 09.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9342 | | Type: | | local | | Level: | | 5/10 | | Description: | | Symbolic links vulnerability on temporary files creation. |
| Affected: | | MON : mon 0.99 | | CVE: | | CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file.) |
| Cisco Unity authentication bypass | | Published: | | 09.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9346 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Authentication bypass to administration features if anonymous access is enabled. |
| Affected: | | CISCO : Cisco Unity 4.2 | | | | CISCO : Cisco Unity 5.0 | | | | CISCO : Cisco Unity 7.0 | | CVE: | | CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modify system configuration parameters by going to a specific link more than once.) |
| Gentoo Linux Portage privilege escalation | | Published: | | 09.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9348 | | Type: | | local | | Level: | | 6/10 | | Description: | | Relative shared library search path in suid application. |
| Affected: | | GENTOO : portage 2.1 | | CVE: | | CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.) |
| HP System Management Homepage crossite scripting | | Published: | | 09.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9349 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | HP : HP System Management Homepage 2.11 | | CVE: | | CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.) |
| Motorola Timbuktu information leak | | Published: | | 09.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9343 | | Type: | | remote | | Level: | | 5/10 | | Description: | | User data is sent to central server. |
| Novell eDirectory multiple security vulnerabilities | | Published: | | 09.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9347 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Multiple buffer overflows on TCP/8028 and TCP/8028 traffic parsing. |
| CVE: | | CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.) | | | | CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.) | | | | CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.) |
| Windows kernel integer overflow | | Published: | | 09.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9345 | | Type: | | local | | Level: | | 5/10 | | Description: | | Integer overflow in IopfCompleteRequest function. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 09.10.2008 | | Source: | | | | SecurityVulns ID: | | 9341 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
HP-UX NFS/ONCplus DoS
updated since 09.10.2008 | | Published: | | 09.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9344 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | HP : HP-UX 11.31 | | CVE: | | CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.) |
|
|
|
|
|
|
|
|
