Computer Security
[EN] securityvulns.ru no-pyccku


Apple Mac OS X CUPS printing system code execution
Published:12.10.2008
Source:
SecurityVulns ID:9351
Type:remote
Threat Level:
6/10
Description:Buffer overflow in HP-GL/2 filter.
Affected:APPLE : MacOS X 10.4
CVE:CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.)
Original documentdocumentZDI, ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability (12.10.2008)

Apache Tomcat information leak
Published:12.10.2008
Source:
SecurityVulns ID:9350
Type:remote
Threat Level:
5/10
Description:Race conditions allow to bypass IP address check.
Affected:APACHE : Tomcat 4.1
 APACHE : Tomcat 5.5
CVE:CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.)
Original documentdocumentAPACHE, [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure (12.10.2008)

CA ARCserve Backup multiple security vulnerabilities
updated since 12.10.2008
Published:15.10.2008
Source:
SecurityVulns ID:9352
Type:remote
Threat Level:
7/10
Description:Code execution, multiple DoS conditions.
Affected:CA : CA Server Protection Suite 2
 CA : CA Business Protection Suite 2
 CA : ARCserve Backup 11.1
 CA : ARCserve Backup 11.5
 CA : ARCserve Backup 12.0
CVE:CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation.")
 CVE-2008-4399 (Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation.")
 CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.)
 CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.)
Original documentdocumentVR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup DB Engine Denial of Service (15.10.2008)
 documentVR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup Tape Engine Denial of Service (15.10.2008)
 documentcocoruder, CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability (14.10.2008)
 documentCA, CA ARCserve Backup Multiple Vulnerabilities (12.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod