Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		10.06.2008
Source:
SecurityVulns ID:		9068
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		INSANELYSIMPLE : Insanely Simple Blog 0.5
		TORNADO : Tornado Knowledge Retrieval System 4.2
		ERFURTWIKI : ErfurtWiki 1.02
		DCFMBLOG : DCFM Blog 0.9
		YBLOG : yBlog 0.2

Original document		Eduardo Jorge, XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) (10.06.2008)
		unohope_(at)_chroot.org, [web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability (10.06.2008)
		unohope_(at)_chroot.org, [web-app] Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities (10.06.2008)
		unohope_(at)_chroot.org, [web-app] yBlog 0.2.2.2 Multiple Remote Vulnerabilities (10.06.2008)
		unohope_(at)_chroot.org, [web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability (10.06.2008)
		unohope_(at)_chroot.org, [web-app] ErfurtWiki <= R1.02b (css) Local File Inclusion Vulnerability (10.06.2008)
		unohope_(at)_chroot.org, [web-app] Tornado Knowledge Retrieval System <= 4.2 Remote XSS Vulnerability (10.06.2008)

Discuss:

Read or add your comments to this news (0 comments)

FreeType2 library multiple security vulnerabilities
Published:		10.06.2008
Source:		BUGTRAQ
SecurityVulns ID:		9072
Type:		library
Level:		7/10
Description:		Multiple integer overflows, buffer overflows, memory corruptions.

Affected:		FREETYPE : FreeType 2.3
CVE:		CVE-2008-1808
		CVE-2008-1807
		CVE-2008-1806

Original document		IDEFENSE, iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities (10.06.2008)
		IDEFENSE, iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability (10.06.2008)
		IDEFENSE, iDefense Security Advisory 06.10.08: Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability (10.06.2008)

Discuss:

Read or add your comments to this news (0 comments)

Multiple SNMPv3 authentication implementations bypass
Published:		10.06.2008
Source:		BUGTRAQ
SecurityVulns ID:		9069
Type:		remote
Level:		6/10
Description:		User-supplied number of signature bytes are checked on signature validation.

Affected:		CISCO : IOS 12.0
		CISCO : IOS 12.1
		CISCO : IOS 12.2
		CISCO : IOS 12.3
		CISCO : IOS 12.4
		NETSNMP : Net-SNMP 5.2
		CISCO : IOS XR 3.2
		NETSNMP : Net-SNMP 5.3
		CISCO : IOS XR 3.4
		CISCO : CatOS 7.6
		CISCO : CatOS 8.5
		CISCO : IOS XR 3.3
		NETSNMP : Net-SNMP 5.4
		CISCO : CatOS 6.4
		CISCO : CatOS 8.6
		CISCO : NX-OS 4.0
CVE:		CVE-2008-0960

Original document		CISCO, Cisco Security Advisory: SNMP Version 3 Authentication Vulnerabilities (10.06.2008)
		CERT, US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability (10.06.2008)
		Andrea Barisani, [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing (10.06.2008)

Discuss:

Read or add your comments to this news (0 comments)

OpenOffice integer overflow
Published:		10.06.2008
Source:		BUGTRAQ
SecurityVulns ID:		9071
Type:		client
Level:		6/10
Description:		Buffer overflow in rtl_allocateMemory() on different file formats parsing.

Affected:		OPENOFFICE : OpenOffice 2.4
CVE:		CVE-2008-2152

Original document

IDEFENSE, iDefense Security Advisory 06.10.08: Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability (10.06.2008)

Discuss:

Read or add your comments to this news (0 comments)

Apple QuickTime buffer overflow updated since 10.06.2008
Published:		11.06.2008
Source:		BUGTRAQ
SecurityVulns ID:		9070
Type:		client
Level:		7/10
Description:		Buffer overflow on PICT images, INDEO video parsing.

Affected:		APPLE : QuickTime 7.4
CVE:		CVE-2008-1585
		CVE-2008-1584
		CVE-2008-1581

Original document		CERT, US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities (11.06.2008)
		ZDI, ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability (10.06.2008)
		SECUNIA, Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (10.06.2008)
		SECUNIA, Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (10.06.2008)

Discuss:

Read or add your comments to this news (0 comments)