Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Acrobat / Reader multiple security vulnerabilities
updated since 10.02.2008
Published:12.02.2008
Source:
SecurityVulns ID:8651
Type:client
Threat Level:
8/10
Description:Multiple buffer overflows and integer overflows, unsafe methods, unsafe dynamic library loading.
Affected:ADOBE : Adobe Reader 8.1
 ADOBE : Adobe Acrobat 8.1
CVE:CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.)
 CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655.)
 CVE-2007-5666
 CVE-2007-5663
 CVE-2007-5659
 CVE-2007-5609
Original documentdocumentZDI, ZDI-08-004: Adobe AcrobatReader Javascript for PDF Integer Overflow Vulnerability (12.02.2008)
 documentCERT, US-CERT Technical Cyber Security Alert TA08-043A -- Adobe Reader and Acrobat Vulnerabilities (12.02.2008)
 documentcocoruder, Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability (10.02.2008)
 documentIDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat Multiple Stack-based Buffer Overflow Vulnerabilities (10.02.2008)
 documentIDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader Security Provider Unsafe Libary Path Vulnerability (10.02.2008)
 documentIDEFENSE, iDefense Security Advisory 02.08.08: Adobe Reader and Acrobat JavaScript Insecure Method Exposure Vulnerability (10.02.2008)

Linux kernel multiple security vulnerabilities
updated since 11.02.2008
Published:12.02.2008
Source:
SecurityVulns ID:8659
Type:local
Threat Level:
7/10
Description:Kernel memory access with vmsplice syscall, access between virtual machines with /proc
Affected:LINUX : kernel 2.6
CVE:CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.)
 CVE-2008-0163
 CVE-2008-0010
Original documentdocumentWojciech Purczynski, CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference (12.02.2008)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation (11.02.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.02.2008
Source:
SecurityVulns ID:8660
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting, information leakage.
Affected:VWAR : VWar 1.5
 PPHLOGGER : Power Phlogger 2.2
 SANDBOX : sandbox 1.4
 SIMPLEMACHINES : Simple Machines Forum 1.16
 MERCURY : Mercury 1.1
 MYLITTLEFORUM : my little forum 2.0
Original documentdocumenthackturkiye.hackturkiye_(at)_gmail.com, joomla (k12.tr)(com_iomezun)SQL Injection (12.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomll(k12.tr)(com_mezun)SQL Injection (12.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, joomla (k12.tr)(com_iomezun)SQL Injection (12.02.2008)
 documenthackturkiye.hackturkiye_(at)_gmail.com, Kommentare zum Download script SQL Injection (12.02.2008)
 documentdb_(at)_rawsecurity.org, my little forum XSS (12.02.2008)
 documentrxhr_(at)_hotmail.com, aliboard Beta Upload Shell From ControlPanel (12.02.2008)
 documentno-reply_(at)_aria-security.net, Mercury v1.1.5 Send Message Cross-Site Scripting (12.02.2008)
 documententerth3dragon_(at)_gmail.com, Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS (12.02.2008)
 documentf10_(at)_by-f10.com, hi (12.02.2008)
 documentstaad1_(at)_gmail.com, Default Multiple Joomla! Component com_rapidrecipe "user_id=" Remote SQL Inj. (12.02.2008)
 documentp_s3rver_(at)_yahoo.com, Vwar 1.5.0 (12.02.2008)
 documentMustLive, Vulnerabilities in Power Phlogger (12.02.2008)

WML symbolic links vulnerability
Published:12.02.2008
Source:
SecurityVulns ID:8662
Type:local
Threat Level:
5/10
Description:Symbolic links problem on temporary files creation.
Affected:WML : wml 2.0
CVE:CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.)
 CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1492-1] New wml packages fix denial of service (12.02.2008)

Apache mod_jk2 multiple security vulnerabilities
Published:12.02.2008
Source:
SecurityVulns ID:8663
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows, including oversized Host: header.
Affected:APACHE : mod_jk2 2.0
Original documentdocumentIOActive Advisories, IOActive Security Advisory: Legacy mod_jk2 Buffer Overflow (12.02.2008)

Grouplogic EztremeZ-IP file and print server multiple security vulnerabilities
Published:12.02.2008
Source:
SecurityVulns ID:8664
Type:remote
Threat Level:
5/10
Description:DoS conditions, directory traversal.
Affected:GROUPLOGIC : EztremeZ-IP 5.1
Original documentdocumentLuigi Auriemma, Multiple vulnerabilities in EztremeZ-IP File and Printer Server 5.1.2x15 (12.02.2008)

Cyansoftware Opium OPI Server / cyanPrintIP multiple security vulnerabilities
Published:12.02.2008
Source:
SecurityVulns ID:8665
Type:remote
Threat Level:
5/10
Description:Format string vulnerability, DoS conditions.
Affected:CYANSOFTWARE : Opium OPI Server 4.10
 CYANSOFTWARE : cyanPrintIP 4.10
Original documentdocumentLuigi Auriemma, Format string and DoS in Opium OPI and cyanPrintIP servers 4.10.x (12.02.2008)
Files:Exploits Format string and crash in CyanSoftware print servers

Larson Software Technology Network Print Server multiple security vulnerabilities
Published:12.02.2008
Source:
SecurityVulns ID:8666
Type:remote
Threat Level:
5/10
Description:Format string vulnerability and buffer overflow.
Affected:CGMLARSON : Network Print Server 9.4
Original documentdocumentLuigi Auriemma, Format string and buffer-overflow in Lst Network Print Server 9.4.2 build 105 (12.02.2008)

Microsoft Windows Vista DoS
Published:12.02.2008
Source:
SecurityVulns ID:8668
Type:client
Threat Level:
4/10
Description:Crash on DHCP server response parsing.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2008-0084
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-004 – Important Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) (12.02.2008)
Files:Microsoft Security Bulletin MS08-004 – Important Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)

Microsoft Windows Web Client service buffer overflow
Published:12.02.2008
Source:
SecurityVulns ID:8670
Type:client
Threat Level:
7/10
Description:Buffer overflow on WebDAV server response parsing.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2008-0080
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-007 – Critical Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026) (12.02.2008)
Files:Microsoft Security Bulletin MS08-007 – Critical Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.02.2008
Published:13.02.2008
Source:
SecurityVulns ID:8673
Type:remote
Threat Level:
8/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2008-0078
 CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability.")
 CVE-2008-0076
 CVE-2007-4790 (Stack-based buffer overflow in a certain ActiveX control in FPOLE.OCX 6.0.8450.0 in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.)
Original documentdocumentIDEFENSE, ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability (13.02.2008)
 documentIDEFENSE, iDefense Security Advisory 02.12.08: Microsoft Internet Explorer Property Memory Corruption Vulnerability (13.02.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-010 - Critical Cumulative Security Update for Internet Explorer (944533) (12.02.2008)
Files:Microsoft Security Bulletin MS08-010 - Critical Cumulative Security Update for Internet Explorer (944533)

F5 BIG-IP crossite scripting
updated since 12.02.2008
Published:24.05.2008
Source:
SecurityVulns ID:8661
Type:remote
Threat Level:
4/10
Description:Crossite scripting in web admin console.
Affected:F5 : BIG-IP 9.4
Original documentdocumentRicardo Martins - Chief Security Officers, PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script (24.05.2008)
 documentnnposter_(at)_disclosed.not, F5 BIG-IP Web Management Audit Log XSS (24.03.2008)
 documentnnposter_(at)_disclosed.not, F5 BIG-IP Web Management Console XSS (09.03.2008)
 documentnnposter_(at)_disclosed.not, F5 BIG-IP Web Management Console CSRF (with example) (12.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod