Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer multiple security vulnerabilities
Published:11.06.2008
Source:
SecurityVulns ID:9074
Type:client
Threat Level:
6/10
Description:Crossite scripting, information leak.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, and (3) bypass referrer restrictions via an incorrect Referer header.)
 CVE-2008-1442
Original documentdocumentZDI, ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability (11.06.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759) (11.06.2008)
Files:Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.06.2008
Source:
SecurityVulns ID:9078
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TYPO3 : TYPO3 4.0
 PHPEASYDATA : PHPEasyData 1.5
 TYPO3 : TYPO3 4.1
 TYPO3 : typo3 4.2
Original documentdocumentTYPO3, TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core (11.06.2008)
 documentSylvain, PHPEasyData 1.5.4 Multiple Vulnerabilities (11.06.2008)
 documentPsymera, Many bugs on CMS system Piugame (11.06.2008)

Microsoft Wndows Bluetooth stack code execution
Published:11.06.2008
Source:
SecurityVulns ID:9073
Type:remote
Threat Level:
6/10
Description:The Windows Bluetooth Stack does not correctly handle a large number of SDP requests.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
CVE:CVE-2008-1453
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-030 – Critical Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) (11.06.2008)
Files:Microsoft Security Bulletin MS08-030 – Critical Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

Citect CitectSCADA memory corruption
Published:11.06.2008
Source:
SecurityVulns ID:9076
Type:remote
Threat Level:
5/10
Description:Memory corruption in TCP/20222 ODBC service.
Affected:CITECT : CitectSCADA 6
 CITECT : CitectSCADA 7
 CITECT : CitectFacilities 7
CVE:CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [Full-disclosure] CORE-2008-0125: CitectSCADA ODBC service vulnerability (11.06.2008)

uTorrent / BitTorrent DoS
Published:11.06.2008
Source:
SecurityVulns ID:9077
Type:remote
Threat Level:
5/10
Description:Web UI HTTP request Range: header DoS.
Affected:BITTORRENT : BitTorrent 6.0
 UTORRENT : uTorrent 1.7
CVE:CVE-2008-0071
Original documentdocumentSECUNIA, [Full-disclosure] Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS (11.06.2008)

Apple QuickTime buffer overflow
updated since 10.06.2008
Published:11.06.2008
Source:
SecurityVulns ID:9070
Type:client
Threat Level:
7/10
Description:Buffer overflow on PICT images, INDEO video parsing.
Affected:APPLE : QuickTime 7.4
CVE:CVE-2008-1585
 CVE-2008-1584
 CVE-2008-1581
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities (11.06.2008)
 documentZDI, ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability (10.06.2008)
 documentSECUNIA, Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (10.06.2008)
 documentSECUNIA, Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (10.06.2008)

Microsoft Vista speech recognition unauthorized access
updated since 03.02.2007
Published:11.06.2008
Source:
SecurityVulns ID:7167
Type:client
Threat Level:
5/10
Description:Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2007-0675 (** DISPUTED ** The Speech Recognition feature of Windows Vista allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. NOTE: the vendor disputes the severity of this issue, stating that "there is little if any need to worry about the effects of this issue on your new Windows Vista installation." Since little user interaction is required, and the relevant operating environment is common, CVE considers this a vulnerability.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-032 - Moderate Cumulative Security Update of ActiveX Kill Bits (950760) (11.06.2008)
 documentGeorge Ou, [Dailydave] Vista speach recognition (03.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod