Computer Security

Search:Vulnerability:11.06.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Internet Explorer multiple security vulnerabilities
Published:11.06.2008
Source:BUGTRAQ
SecurityVulns ID:9074
Type:client
Level:6/10
Description:Crossite scripting, information leak.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, and (3) bypass referrer restrictions via an incorrect Referer header.)
 CVE-2008-1442
Original documentdocumentZDI, ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability (11.06.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759) (11.06.2008)
Files:Microsoft Security Bulletin MS08-031 - Critical Cumulative Security Update for Internet Explorer (950759)
Discuss:Read or add your comments to this news (1 comments)

Microsoft DirectX code execution
Published:11.06.2008
Source:BUGTRAQ
SecurityVulns ID:9075
Type:client
Level:7/10
Description:MJPEG format AVI and ASF files parsing vulnerability, SAMI files parsing vulnerability.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-1444
 CVE-2008-0011
Original documentdocumentZDI, ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability (11.06.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-033 – Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) (11.06.2008)
Files:Microsoft Security Bulletin MS08-033 – Critical Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.06.2008
Source:
SecurityVulns ID:9078
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TYPO3 : TYPO3 4.0
 PHPEASYDATA : PHPEasyData 1.5
 TYPO3 : TYPO3 4.1
 TYPO3 : typo3 4.2
Original documentdocumentTYPO3, TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core (11.06.2008)
 documentSylvain, PHPEasyData 1.5.4 Multiple Vulnerabilities (11.06.2008)
 documentPsymera, Many bugs on CMS system Piugame (11.06.2008)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Wndows Bluetooth stack code execution
Published:11.06.2008
Source:BUGTRAQ
SecurityVulns ID:9073
Type:remote
Level:6/10
Description:The Windows Bluetooth Stack does not correctly handle a large number of SDP requests.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
CVE:CVE-2008-1453
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-030 – Critical Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) (11.06.2008)
Files:Microsoft Security Bulletin MS08-030 – Critical Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
Discuss:Read or add your comments to this news (0 comments)

Citect CitectSCADA memory corruption
Published:11.06.2008
Source:FULL-DISCLOSURE
SecurityVulns ID:9076
Type:remote
Level:5/10
Description:Memory corruption in TCP/20222 ODBC service.
Affected:CITECT : CitectSCADA 6
 CITECT : CitectSCADA 7
 CITECT : CitectFacilities 7
CVE:CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [Full-disclosure] CORE-2008-0125: CitectSCADA ODBC service vulnerability (11.06.2008)
Discuss:Read or add your comments to this news (0 comments)

uTorrent / BitTorrent DoS
Published:11.06.2008
Source:FULL-DISCLOSURE
SecurityVulns ID:9077
Type:remote
Level:5/10
Description:Web UI HTTP request Range: header DoS.
Affected:BITTORRENT : BitTorrent 6.0
 UTORRENT : uTorrent 1.7
CVE:CVE-2008-0071
Original documentdocumentSECUNIA, [Full-disclosure] Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS (11.06.2008)
Discuss:Read or add your comments to this news (0 comments)

Apple QuickTime buffer overflow
updated since 10.06.2008
Published:11.06.2008
Source:BUGTRAQ
SecurityVulns ID:9070
Type:client
Level:7/10
Description:Buffer overflow on PICT images, INDEO video parsing.
Affected:APPLE : QuickTime 7.4
CVE:CVE-2008-1585
 CVE-2008-1584
 CVE-2008-1581
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities (11.06.2008)
 documentZDI, ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability (10.06.2008)
 documentSECUNIA, Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (10.06.2008)
 documentSECUNIA, Secunia Research: Apple QuickTime PICT Image Parsing Buffer Overflow (10.06.2008)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Vista speech recognition unauthorized access
updated since 03.02.2007
Published:11.06.2008
Source:DAILYDAVE
SecurityVulns ID:7167
Type:client
Level:5/10
Description:Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2007-0675 (** DISPUTED ** The Speech Recognition feature of Windows Vista allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. NOTE: the vendor disputes the severity of this issue, stating that "there is little if any need to worry about the effects of this issue on your new Windows Vista installation." Since little user interaction is required, and the relevant operating environment is common, CVE considers this a vulnerability.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-032 - Moderate Cumulative Security Update of ActiveX Kill Bits (950760) (11.06.2008)
 documentGeorge Ou, [Dailydave] Vista speach recognition (03.02.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server