Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.08.2008
Source:
SecurityVulns ID:9211
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contact Form ][: crossite request forgery, crossite scripting.
Affected:WORDPRESS : Contact Form ][ 2.0
 KAYAKO : Kayako SupportSuite 3.30
Original documentdocumenthadihadi_zedehal_2006_(at)_yahoo.com, K-Links Directory Blind SQL Injection Exploit (12.08.2008)
 documentr3d.w0rm_(at)_yahoo.com, Ovidentia Sql Injection (12.08.2008)
 documentJeiAr, Kayako SupportSuite < 3.30.00 Multiple Vulnerabilities (12.08.2008)
 documentMustLive, New vulnerabilities in Contact Form ][ for WordPress (12.08.2008)
Files:K-Links Directory Blind SQL Injection Exploit

Microsoft Access ActiveX file download
updated since 09.07.2008
Published:12.08.2008
Source:
SecurityVulns ID:9137
Type:client
Threat Level:
7/10
Description:SnapShot Viewer ActiveX allows file download to any location.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-041 – Critical Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) (12.08.2008)
 documentCERT, US-CERT Technical Cyber Security Alert TA08-189A -- Microsoft Office Snapshot Viewer ActiveX Vulnerability (09.07.2008)
Files:Microsoft Security Advisory (955179) Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
  Microsoft Security Bulletin MS08-041 – Critical Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution

UUDeview symbolic links vulnerability
Published:12.08.2008
Source:
SecurityVulns ID:9212
Type:local
Threat Level:
5/10
Description:Insecure temporary files creation.
CVE:CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20 allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.)
Original documentdocumentGENTOO, [ GLSA 200808-11 ] UUDeview: Insecure temporary file creation (12.08.2008)

Alcatel OmniSwitch switches buffer overflow
Published:12.08.2008
Source:
SecurityVulns ID:9213
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized Cookie: header in embedded web server.
Affected:ALCATEL : OmniSwitch OS7000
 ALCATEL : OmniSwitch OS6600
 ALCATEL : OmniSwitch OS6800
 ALCATEL : OmniSwitch OS6850
 ALCATEL : OmniSwitch OS9000
Original documentdocumentDeral Heiland, Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow (12.08.2008)

Sun Solaris snoop format string vulnerability
Published:12.08.2008
Source:
SecurityVulns ID:9214
Type:remote
Threat Level:
5/10
Description:Format string vulnerability on SMB traffic parsing.
Affected:ORACLE : Solaris 8
 ORACLE : Solaris 9
 ORACLE : Solaris 10
CVE:CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.)
 CVE-2008-0964
Original documentdocumentIDEFENSE, iDefense Security Advisory 08.04.08: Solaris snoop SMB Decoding Multiple Stack Buffer Overflow Vulnerabilities (12.08.2008)
 documentIDEFENSE, iDefense Security Advisory 08.04.08: Solaris snoop SMB Decoding Multiple Format String Vulnerabilities (12.08.2008)

hMailServer IMAP server DoS
Published:12.08.2008
Source:
SecurityVulns ID:9215
Type:remote
Threat Level:
5/10
Description:Memory leak on command execution leads to buffer overflow.
Affected:HMAILSERVER : hMAilServer 4.4
Original documentdocumentJoгo Antunes, [AJECT] hMailServer 4.4.1 DoS vulnerability (12.08.2008)

Microsoft Windows IPSec policies vulnerability
Published:12.08.2008
Source:
SecurityVulns ID:9219
Type:m-i-t-m
Threat Level:
5/10
Description:Under certain conditions rules are not applied after Windows 2003 domain is migrated to Windows 2008.
Affected:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-2246
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-047 – Important Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) (12.08.2008)
Files:Microsoft Security Bulletin MS08-047 – Important Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)

Microsoft Office / Word / Excel / Power Point multiple security vulnerabilities
updated since 12.08.2008
Published:13.08.2008
Source:
SecurityVulns ID:9216
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions, protection bypass.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office SharePoint Server 2007
CVE:CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability.")
 CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.)
 CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability.")
 CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability.")
 CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.)
 CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability.")
 CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability.")
 CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability.")
 CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability.")
 CVE-2008-2244
Original documentdocumentIDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Excel FORMAT Record Invalid Array Index Vulnerability (13.08.2008)
 documentIDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability (13.08.2008)
 documentIDEFENSE, iDefense Security Advisory 08.12.08: Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability (13.08.2008)
 documentIDEFENSE, iDefense Security Advisory 08.12.08: Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability (13.08.2008)
 documentIDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability (13.08.2008)
 documentIDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Office BMP Input Filter Heap Overflow Vulnerability (13.08.2008)
 documentZDI, ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability (13.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-051 – Critical Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) Microsoft Security Bulletin MS08-051 – Critical (12.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) (12.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) (12.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-042 – Important Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048) (12.08.2008)
Files:Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
 Microsoft Security Bulletin MS08-051 – Critical Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) Microsoft Security Bulletin MS08-051 – Critical
 Microsoft Security Bulletin MS08-042 – Important Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)

Microsoft Windows color management system memory corruption
updated since 12.08.2008
Published:13.08.2008
Source:
SecurityVulns ID:9218
Type:library
Threat Level:
7/10
Description:Memory corruption on ICCM management.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability (13.08.2008)
 documentZDI, ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption (13.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-046 – Critical Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954) (12.08.2008)
Files:Microsoft Security Bulletin MS08-046 – Critical Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.08.2008
Published:14.08.2008
Source:
SecurityVulns ID:9217
Type:remote
Threat Level:
8/10
Description:Multiple memory corruptions, MHTML crossite scripting.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-2259
 CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257.)
 CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.)
 CVE-2008-2256
 CVE-2008-2255
 CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (14.08.2008)
 documentZDI, ZDI-08-050: Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability (13.08.2008)
 documentZDI, ZDI-08-051: Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability (13.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail (951066) (12.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-045 - Critical Cumulative Security Update for Internet Explorer (953838) (12.08.2008)
Files:Microsoft Security Bulletin MS08-045 - Critical Cumulative Security Update for Internet Explorer (953838)
 Microsoft Security Bulletin MS08-048 - Important Security Update for Outlook Express and Windows Mail (951066)

Microsoft Messenger unauthorized ActiveX access
updated since 12.08.2008
Published:15.08.2008
Source:
SecurityVulns ID:9221
Type:client
Threat Level:
6/10
Description:Messenger.UIAutomation.1 ActiveX allows access to applciation functionality.
Affected:MICROSOFT : Windows Messenger 4.7
CVE:CVE-2008-0082
Original documentdocumentcocoruder, Microsoft Windows Messenger Remote Illegal Access Vulnerability (15.08.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-050 – Important Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) (12.08.2008)
Files:Microsoft Security Bulletin MS08-050 – Important Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod