Apple QuickTime Player buffer overflow updated since 12.01.2008
Published:		12.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8556
Type:		client
Level:		6/10
Description:		Buffer overflow on HTTP error message displaying.

Affected:

APPLE : QuickTime 7.3

Original document

Luigi Auriemma, Buffer-overflow in Quicktime Player 7.3.1.70 (12.01.2008)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		12.01.2008
Source:
SecurityVulns ID:		8557
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MTCMS : MTCMS 2.0
		MOODLE : Moodle 1.8
CVE:		CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.)

Original document		rlavertu, [Full-disclosure] ID-Commerce Security Advisory - SLR-2007-001 (12.01.2008)
		Hanno Bock, [Full-disclosure] Cross site scripting (XSS) in Moodle 1.8.3 (12.01.2008)
		morin.josh_(at)_gmail.com, Naymz multiple XSS (12.01.2008)
		ship_nx_(at)_yahoo.com, Member Area System (MAS) Remote File Include Vulnerability (view_func.php) (12.01.2008)
		db_(at)_rawsecurity.org, ImageAlbum Remote SQL Injection Vulnerabilities (12.01.2008)
		hadihadi_zedehal_2006_(at)_yahoo.com, MTCMS <=2.0 SQL Injection Vulnerbility (12.01.2008)

Discuss:

Read or add your comments to this news (0 comments)

OpenAFS race conditions
Published:		12.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8558
Type:		remote
Level:		5/10
Description:		Race conditions on acquiring and giving back file callbacks.

Affected:		OPENAFS : OpenAFS 1.3
		OPENAFS : OpenAFS 1.4
		IMAGEALBUM : ImageAlbum 2.0
CVE:		CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.)

Original document

DEBIAN, [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability (12.01.2008)

Discuss:

Read or add your comments to this news (0 comments)

Apache multiple security vulnerabilities updated since 12.01.2008
Published:		24.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8559
Type:		remote
Level:		5/10
Description:		mod_proxy_balancer ñrossite scripting, crossite requests forgery, memory corruption, DoS, mod_proxy_ftp and mod_status, mod_negotiation - crossite scripting.

Affected:		APACHE : Apache 1.3
		APACHE : Apache 2.0
		APACHE : Apache 2.2
CVE:		CVE-2008-0005
		CVE-2007-6423
		CVE-2007-6422
		CVE-2007-6421
		CVE-2007-6420
		CVE-2007-6388

Original document		Minded Security Research Labs, Apache mod_negotiation Xss and Http Response Splitting (24.01.2008)
		sp3x_(at)_securityreason.com, SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS) (16.01.2008)
		sp3x_(at)_securityreason.com, SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability (12.01.2008)
		sp3x_(at)_securityreason.com, SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability (12.01.2008)

Discuss:

Read or add your comments to this news (0 comments)