 |
|
|
|
vsftpd FTP server memory leak
updated since 12.07.2008 | | Published: |  | 12.07.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9143 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Memory leak on invalid authentication attempt leads to memory exhaustion. |
| CVE: |  | CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 12.07.2008 | | Source: | | | | SecurityVulns ID: | | 9144 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Apache multiple DoS conditions | | Published: | | 12.07.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9145 | | Type: | | remote | | Level: | | 6/10 | | Description: | | mod_proxy requests recursion, mod_ssl memory leak. |
| Affected: |  | APACHE : Apache 2.2 | | CVE: | | CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.) | | | | CVE-2008-1678 |
| Novell eDirectory multiple security vulnerabilities | | Published: | | 12.07.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9146 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Integer overflows, memory corruptions. |
| Apple Core Image Fun House buffer overflow | | Published: | | 12.07.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9148 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on .funhouse files parsing. |
Microsoft Outlook Web Access crossite scripting
updated since 09.07.2008 | | Published: | | 12.07.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9135 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting on different pages. |
| Sun Java multiple security vulnerabilities | | Published: | | 12.07.2008 | | Source: | | CERT | | SecurityVulns ID: | | 9147 | | Type: | | library | | Level: | | 7/10 | | Description: | | 8 different vulnerabilities, including privilege escalation, sandbox protection bypass and code excutions. |
Multiple DNS servers and clients DNS records spoofing
updated since 12.07.2008 | | Published: | | 29.07.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9142 | | Type: | | client | | Level: | | 6/10 | | Description: | | DNS poisoning attack may be used to spoof query results. |
| Affected: | | CISCO : IOS 12.2 | | | | CISCO : IOS 12.3 | | | | BIND : bind 9.3 | | | | CISCO : IOS 12.4 | | | | PDNS : pdns-recursor 3.1 | | | | PYTHON : python-dns 2.3 | | CVE: | | CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.) | | | | CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.") |
|
|
|
|
|
|
|
|
