Search:Vulnerability:12.02.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Adobe Acrobat / Reader multiple security vulnerabilities
updated since 10.02.2008
Published: 12.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8651
Type: client
Level: 8/10
Description: Multiple buffer overflows and integer overflows, unsafe methods, unsafe dynamic library loading.

Affected: ADOBE : Adobe Reader 8.1
ADOBE : Adobe Acrobat 8.1
CVE: CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.)
CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.)
CVE-2007-5666
CVE-2007-5663
CVE-2007-5659
CVE-2007-5609

Original document ZDI, ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability (12.02.2008)

CERT, US-CERT Technical Cyber Security Alert TA08-043A -- Adobe Reader and Acrobat Vulnerabilities (12.02.2008)

cocoruder, Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability (10.02.2008)

document IDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities (10.02.2008)

IDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability (10.02.2008)

IDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability (10.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Linux kernel multiple security vulnerabilities
updated since 11.02.2008
Published: 12.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8659
Type: local
Level: 7/10
Description: Kernel memory access with vmsplice syscall, access between virtual machines with /proc

Affected: LINUX : kernel 2.6
CVE: CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.)
CVE-2008-0163
CVE-2008-0010

Original document Wojciech Purczynski, CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference (12.02.2008)

DEBIAN, [Full-disclosure] [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation (11.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 12.02.2008
Source:
SecurityVulns ID: 8660
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting, information leakage.

Affected: VWAR : VWar 1.5
PPHLOGGER : Power Phlogger 2.2
SANDBOX : sandbox 1.4
SIMPLEMACHINES : Simple Machines Forum 1.16
MERCURY : Mercury 1.1
MYLITTLEFORUM : my little forum 2.0

Original document hackturkiye.hackturkiye_(at)_gmail.com, joomla (k12.tr)(com_iomezun)SQL Injection (12.02.2008)

hackturkiye.hackturkiye_(at)_gmail.com, joomll(k12.tr)(com_mezun)SQL Injection (12.02.2008)

hackturkiye.hackturkiye_(at)_gmail.com, joomla (k12.tr)(com_iomezun)SQL Injection (12.02.2008)

document hackturkiye.hackturkiye_(at)_gmail.com, Kommentare zum Download script SQL Injection (12.02.2008)

db_(at)_rawsecurity.org, my little forum XSS (12.02.2008)

rxhr_(at)_hotmail.com, aliboard Beta Upload Shell From ControlPanel (12.02.2008)

no-reply_(at)_aria-security.net, Mercury v1.1.5 Send Message Cross-Site Scripting (12.02.2008)

document enterth3dragon_(at)_gmail.com, Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS (12.02.2008)

f10_(at)_by-f10.com, hi (12.02.2008)

staad1_(at)_gmail.com, Default Multiple Joomla! Component com_rapidrecipe "user_id=" Remote SQL Inj. (12.02.2008)

p_s3rver_(at)_yahoo.com, Vwar 1.5.0 (12.02.2008)

document MustLive, Vulnerabilities in Power Phlogger (12.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Apache mod_jk2 multiple security vulnerabilities
Published: 12.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8663
Type: remote
Level: 6/10
Description: Multiple buffer overflows, including oversized Host: header.

Affected: APACHE : mod_jk2 2.0

Original document IOActive Advisories, IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow (12.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows Active Directory DoS
Published: 12.02.2008
Source: MICROSOFT
SecurityVulns ID: 8667
Type: remote
Level: 6/10
Description: Crash on LDAP request handling.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
CVE: CVE-2008-0088

Original document MICROSOFT, Microsoft Security Bulletin MS08-003 � Important Vulnerability in Active Directory Could Allow Denial of Service (946538) (12.02.2008)

Files: Microsoft Security Bulletin MS08-003 � Important Vulnerability in Active Directory Could Allow Denial of Service (946538)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows Vista DoS
Published: 12.02.2008
Source: MICROSOFT
SecurityVulns ID: 8668
Type: client
Level: 4/10
Description: Crash on DHCP server response parsing.

Affected: MICROSOFT : Windows Vista
CVE: CVE-2008-0084

Original document MICROSOFT, Microsoft Security Bulletin MS08-004 � Important Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) (12.02.2008)

Files: Microsoft Security Bulletin MS08-004 � Important Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows Web Client service buffer overflow
Published: 12.02.2008
Source: MICROSOFT
SecurityVulns ID: 8670
Type: client
Level: 7/10
Description: Buffer overflow on WebDAV server response parsing.

Affected: MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
MICROSOFT : Windows Vista
CVE: CVE-2008-0080

Original document MICROSOFT, Microsoft Security Bulletin MS08-007 � Critical Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) (12.02.2008)

Files: Microsoft Security Bulletin MS08-007 � Critical Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
Discuss: Read or add your comments to this news (0 comments)

Cyansoftware Opium OPI Server / cyanPrintIP multiple security vulnerabilities
Published: 12.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8665
Type: remote
Level: 5/10
Description: Format string vulnerability, DoS conditions.

Affected: CYANSOFTWARE : Opium OPI Server 4.10
CYANSOFTWARE : cyanPrintIP 4.10

Original document Luigi Auriemma, Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x (12.02.2008)

Files: Exploits Format string and crash in CyanSoftware print servers
Discuss: Read or add your comments to this news (0 comments)

Microsoft Internet Information Services privilege escalation
Published: 12.02.2008
Source: MICROSOFT
SecurityVulns ID: 8669
Type: local
Level: 6/10
Description: Privilege escalation through file change notification. ASP files processing privilege escalation.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
MICROSOFT : Windows Vista
CVE: CVE-2008-0075
CVE-2008-0074

Original document MICROSOFT, Microsoft Security Bulletin MS08-006 � Important Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) (12.02.2008)

MICROSOFT, Microsoft Security Bulletin MS08-005 � Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) (12.02.2008)

Files: Microsoft Security Bulletin MS08-005 � Important Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Microsoft Security Bulletin MS08-006 � Important Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Discuss: Read or add your comments to this news (0 comments)

Larson Software Technology Network Print Server multiple security vulnerabilities
Published: 12.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8666
Type: remote
Level: 5/10
Description: Format string vulnerability and buffer overflow.

Affected: CGMLARSON : Network Print Server 9.4

Original document Luigi Auriemma, Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105 (12.02.2008)

Discuss: Read or add your comments to this news (0 comments)

WML symbolic links vulnerability
Published: 12.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8662
Type: local
Level: 5/10
Description: Symbolic links problem on temporary files creation.

Affected: WML : wml 2.0
CVE: CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.)
CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.)

Original document DEBIAN, [SECURITY] [DSA 1492-1] New wml packages fix denial of service (12.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Grouplogic EztremeZ-IP file and print server multiple security vulnerabilities
Published: 12.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8664
Type: remote
Level: 5/10
Description: DoS conditions, directory traversal.

Affected: GROUPLOGIC : EztremeZ-IP 5.1

Original document Luigi Auriemma, Multiple vulnerabilities in EztremeZ-IP File and Printer Server 5.1.2x15 (12.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows OLE buffer overflow
Published: 12.02.2008
Source: MICROSOFT
SecurityVulns ID: 8671
Type: client
Level: 7/10
Description: Heap buffer overflow

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
MICROSOFT : Windows Vista
MICROSOFT : Microsoft Office 2004 for Mac
MICROSOFT : Visual Basic 6.0
CVE: CVE-2007-0065

Original document MICROSOF, Microsoft Security Bulletin MS08-008 � Critical Vulnerability in OLE Automation Could Allow Remote Code Execution (947890) (12.02.2008)

Files: Microsoft Security Bulletin MS08-008 � Critical Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Word memory corruption
Published: 12.02.2008
Source: MICROSOFT
SecurityVulns ID: 8672
Type: client
Level: 6/10
Description: Memory corruption on .doc file parsing.

Affected: MICROSOFT : Office 2000
MICROSOFT : Office XP
MICROSOFT : Office 2003
CVE: CVE-2008-0109

Original document MICROSOF, Microsoft Security Bulletin MS08-009 - Critical Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077) (12.02.2008)

Files: Microsoft Security Bulletin MS08-009 - Critical Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.02.2008
Published: 13.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8673
Type: remote
Level: 8/10
Description: Multiple memory corruptions.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
MICROSOFT : Windows Vista
CVE: CVE-2008-0078
CVE-2008-0077
CVE-2008-0076
CVE-2007-4790 (Stack-based buffer overflow in a certain ActiveX control in FPOLE.OCX 6.0.8450.0 in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.)

Original document IDEFENSE, ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability (13.02.2008)

IDEFENSE, iDefense Security Advisory 02.12.08: Microsoft Internet Explorer Property Memory Corruption Vulnerability (13.02.2008)

MICROSOFT, Microsoft Security Bulletin MS08-010 - Critical Cumulative Security Update for Internet Explorer (944533) (12.02.2008)

Files: Microsoft Security Bulletin MS08-010 - Critical Cumulative Security Update for Internet Explorer (944533)
Discuss: Read or add your comments to this news (0 comments)

F5 BIG-IP crossite scripting
updated since 12.02.2008
Published: 24.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8661
Type: remote
Level: 4/10
Description: Crossite scripting in web admin console.

Affected: F5 : BIG-IP 9.4

Original document Ricardo Martins - Chief Security Officers, PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script (24.05.2008)

nnposter_(at)_disclosed.not, F5 BIG-IP Web Management Audit Log XSS (24.03.2008)

nnposter_(at)_disclosed.not, F5 BIG-IP Web Management Console XSS (09.03.2008)

document nnposter_(at)_disclosed.not, F5 BIG-IP Web Management Console CSRF (with example) (12.02.2008)

Discuss: Read or add your comments to this news (0 comments)