Computer Security

Search:Vulnerability:12.07.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



vsftpd FTP server memory leak
Published:12.07.2008
Source:BUGTRAQ
SecurityVulns ID:9143
Type:remote
Level:5/10
Description:Memory leak on invalid authentication attempt leads to memory exhaustion.
CVE:CVE-2008-2375
Original documentdocumentRPATH, rPSA-2008-0217-1 vsftpd (12.07.2008)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.07.2008
Source:
SecurityVulns ID:9144
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:GAPICMS : gapicms 9.0
 PHPUSERBASE : phpuserbase 1.3
 MORASP : MorASP Anket Sistemi 2.0
Original documentdocumentAlemin_Krali Krali, MorASP Anket Sistemi v2.0 [PID] Bypass Vulnerability (tr) (12.07.2008)
 documentGhost hacker, phpuserbase 1.3 (menu) Remote File Inclusion Vulnerability (12.07.2008)
 documentGhost hacker, gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability (12.07.2008)
 documentAlemin_Krali Krali, OkulAjansi [ID] Remote SQL Injection Vulnerability (12.07.2008)
Discuss:Read or add your comments to this news (0 comments)

Apache multiple DoS conditions
Published:12.07.2008
Source:BUGTRAQ
SecurityVulns ID:9145
Type:remote
Level:6/10
Description:mod_proxy requests recursion, mod_ssl memory leak.
Affected:APACHE : Apache 2.2
CVE:CVE-2008-2364
 CVE-2008-1678
Original documentdocumentGENTOO, [ GLSA 200807-06 ] Apache: Denial of Service (12.07.2008)
Discuss:Read or add your comments to this news (0 comments)

Novell eDirectory multiple security vulnerabilities
Published:12.07.2008
Source:BUGTRAQ
SecurityVulns ID:9146
Type:remote
Level:6/10
Description:Integer overflows, memory corruptions.
Affected:NOVELL : eDirectory 8.7
 NOVELL : eDirectory 8.8
CVE:CVE-2008-1809
Original documentdocumentZDI, ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution Vulnerability (12.07.2008)
 documentIDEFENSE, iDefense Security Advisory 07.09.08: Novell eDirectory LDAP Search Request Heap Corruption Vulnerability (12.07.2008)
Discuss:Read or add your comments to this news (0 comments)

Apple Core Image Fun House buffer overflow
Published:12.07.2008
Source:BUGTRAQ
SecurityVulns ID:9148
Type:client
Level:5/10
Description:Buffer overflow on .funhouse files parsing.
Affected:APPLE : Core Image Fun House 2.0
Original documentdocumentNetragard Security Advisories, [NETRAGARD SECURITY ADVISORY][Apple Core Image Fun House <= 2.0 OS X -- Arbitrary Code Execution][NETRAGARD-20080711] (12.07.2008)
Discuss:Read or add your comments to this news (0 comments)

Sun Java multiple security vulnerabilities
Published:12.07.2008
Source:CERT
SecurityVulns ID:9147
Type:library
Level:7/10
Description:8 different vulnerabilities, including privilege escalation, sandbox protection bypass and code excutions.
Affected:SUN : JRE 1.3
 SUN : JDK 1.3
 SUN : JDK 1.4
 SUN : JRE 1.4
 SUN : JRE 5.0
 SUN : JDK 5.0
 SUN : JRE 6.0
 SUN : JDK 6.0
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-193A -- Sun Java Updates for Multiple Vulnerabilities (12.07.2008)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Outlook Web Access crossite scripting
updated since 09.07.2008
Published:12.07.2008
Source:MICROSOFT
SecurityVulns ID:9135
Type:remote
Level:5/10
Description:Crossite scripting on different pages.
Affected:MICROSOFT : Exchange 2003
 MICROSOFT : Exchange 2007
CVE:CVE-2008-2248
 CVE-2008-2247
Original documentdocumentdisclosure_(at)_contextis.co.uk, Context IS Advisory - MS08-39 OWA XSS (12.07.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) (09.07.2008)
Files:Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
Discuss:Read or add your comments to this news (0 comments)

Multiple DNS servers and clients DNS records spoofing
updated since 12.07.2008
Published:29.07.2008
Source:BUGTRAQ
SecurityVulns ID:9142
Type:client
Level:6/10
Description:DNS poisoning attack may be used to spoof query results.
Affected:CISCO : IOS 12.2
 CISCO : IOS 12.3
 BIND : bind 9.3
 CISCO : IOS 12.4
 PDNS : pdns-recursor 3.1
 PYTHON : python-dns 2.3
CVE:CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.)
 CVE-2008-1447
Original documentdocumentDEBIAN, [SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing (29.07.2008)
 documentI)ruid, CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit (25.07.2008)
 documentDEBIAN, [SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness (18.07.2008)
 documentCISCO, Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks (12.07.2008)
 documentDEBIAN, [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver (12.07.2008)
Files:DNS BailiWicked Host Attack
 Tool: PorkBind Nameserver Security Scanner
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Πειςθνγ@Mail.ru