Computer Security
[EN] securityvulns.ru no-pyccku


BEA Weblogic multiple security vulnerabilities
Published:12.03.2008
Source:
SecurityVulns ID:8774
Type:remote
Threat Level:
5/10
Description:Session hijacking and HTML injection in web administration console.
Affected:BEA : WebLogic 10.0
Original documentdocumentACROS Security, ACROS Security: HTML Injection in BEA WebLogic Server Console (ASPR #2008-03-11-1) (12.03.2008)
 documentACROS Security, ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2) (12.03.2008)

Adobe LiveCycle Workflow crossite scripting
Published:12.03.2008
Source:
SecurityVulns ID:8776
Type:remote
Threat Level:
5/10
Description:Crossite scripting with web management page.
Affected:ADOBE : LiveCycle Workflow 6.2
CVE:CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.)
Original documentdocumentLiquidmatrix Security Digest, Advisory Adobe LiveCycle Workflow XSS Vulnerability (12.03.2008)

Cisco SecureACS buffer overflow
updated since 12.03.2008
Published:13.03.2008
Source:
SecurityVulns ID:8777
Type:remote
Threat Level:
6/10
Description:Buffer overflow on UCP (user changeable passwords).
Affected:CISCO : Cisco UCS 4.1
CVE:CVE-2008-0533
 CVE-2008-0532
Original documentdocumentFelix 'FX' Lindner, Cisco ACS UCP Remote Pre-Authentication Buffer Overflows (12.03.2008)
 documentCISCO, Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities (12.03.2008)

Motorola Timbuktu multiple security vulnerabilities
updated since 12.03.2008
Published:13.03.2008
Source:
SecurityVulns ID:8775
Type:remote
Threat Level:
5/10
Description:Directory traversal, DoS and log spoofing.
Affected:MOTOROLA : Timbuktu Pro 8.7
CVE:CVE-2008-1118
 CVE-2008-1117
Original documentdocumentLuigi Auriemma, Vulnerabilities in Timbuktu Pro 8.6.5 (13.03.2008)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection (12.03.2008)
Files:Exploits Timbuktu Pro <= 8.6.5 [RC 229] vulnerabilities

Microsoft Office / Excel / Outlook / Web Components multiple security vulnerabilities
updated since 12.03.2008
Published:22.03.2008
Source:
SecurityVulns ID:8773
Type:client
Threat Level:
8/10
Description:Microsoft Excel multiple security vulnerabilities, Outlook mailt: URI code execution, multiple Office memory corruptions, Office Web Components multiple security vulnerabilities.
CVE:CVE-2008-0118
 CVE-2008-0117
 CVE-2008-0116
 CVE-2008-0115
 CVE-2008-0114
 CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability.")
 CVE-2008-0112
 CVE-2008-0111
 CVE-2008-0110
 CVE-2008-0081
 CVE-2007-1201
 CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability.")
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Outlook mailto Command Line Switch Injection (12.03.2008)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability (12.03.2008)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel DVAL Heap Corruption Vulnerability (12.03.2008)
 documentZDI, ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability (12.03.2008)
 documentDVLabs, TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability (12.03.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-017 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) (12.03.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-016 – Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) (12.03.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-015 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) (12.03.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-014 - Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) (12.03.2008)
Files:MS08-014 exploit
  Microsoft Security Bulletin MS08-016 – Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
 Microsoft Security Bulletin MS08-017 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
 Microsoft Security Bulletin MS08-014 - Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
 Microsoft Security Bulletin MS08-015 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod