Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.02.2008
Published:13.02.2008
Source:
SecurityVulns ID:8673
Type:remote
Threat Level:
8/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2008-0078
 CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability.")
 CVE-2008-0076
 CVE-2007-4790 (Stack-based buffer overflow in a certain ActiveX control in FPOLE.OCX 6.0.8450.0 in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.)
Original documentdocumentIDEFENSE, ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability (13.02.2008)
 documentIDEFENSE, iDefense Security Advisory 02.12.08: Microsoft Internet Explorer Property Memory Corruption Vulnerability (13.02.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-010 - Critical Cumulative Security Update for Internet Explorer (944533) (12.02.2008)
Files:Microsoft Security Bulletin MS08-010 - Critical Cumulative Security Update for Internet Explorer (944533)

Microsoft Publisher multiple security vulnerabilities
Published:13.02.2008
Source:
SecurityVulns ID:8675
Type:client
Threat Level:
6/10
Description:Uninitialized memory reference and DoS conditions on .pub files processing.
Affected:MICROSOFT : Publisher 2000
 MICROSOFT : Publisher 2003
 MICROSOFT : Publisher XP
CVE:CVE-2008-0104
 CVE-2008-0102
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-012 - Critical Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085) (13.02.2008)
Files:Microsoft Security Bulletin MS08-012 - Critical Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 13.02.2008
Published:13.02.2008
Source:
SecurityVulns ID:8677
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 VWAR : VWar 1.5
 SERENDIPITY : Freetag 2.95 plugin for Serendipity
Original documentdocumenthackturkiye.hackturkiye_(at)_gmail.com, Provided By Development Solutions SQL Injection Exploit(panel) (13.02.2008)
 documentcrazy_kinq_(at)_hotmail.co.uk, Netkom Internet Solutions (folder_id) Remote SQL Injection Vulnerability (13.02.2008)
 documentp_s3rver_(at)_yahoo.com, Vwar New Bug (13.02.2008)
 documentResearch, [Full-disclosure] Serendipity Freetag-plugin XSS vulnerability (13.02.2008)
 documents4tan, Cacti 0.8.7a Multiple Vulnerabilities (13.02.2008)
 documentsex_(at)_aaa-aaa.net.ru, LI-countdown SQL Injection Vulnerability (13.02.2008)
 documentMario Sergio Candian, cacti -- Multiple security vulnerabilities have been discovered (13.02.2008)
 documentmuuratsalo experimental hack lab, artmedic weblog multiple xss vulnerabilities (13.02.2008)

ClamAV antivirus integer overflow
Published:13.02.2008
Source:
SecurityVulns ID:8678
Type:remote
Threat Level:
6/10
Description:Integer overflow on PE files parsing.
Affected:CLAMAV : ClamAV 0.92
CVE:CVE-2008-0318
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.12.08: ClamAV libclamav PE File Integer Overflow Vulnerability (13.02.2008)

HP Mercury SiteScope multiple security vulnerabilities
Published:13.02.2008
Source:
SecurityVulns ID:8679
Type:remote
Threat Level:
5/10
Original documentdocumentIOActive Advisories, IOActive Security Advisory: Multiple Remote SiteScope Vulnerabilities (13.02.2008)

Novell Netware Client buffer overflow
Published:13.02.2008
Source:
SecurityVulns ID:8680
Type:remote
Threat Level:
5/10
Description:NWSPOOL.DLL EnumPrinters buffer overflow.
CVE:CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.)
Original documentdocumentZDI, ZDI-08-005: Novell Client NWSPOOL.DLL EnumPrinters Stack Overflow Vulnerability (13.02.2008)

Brooksnet Remote Print Manager buffer overflow
Published:13.02.2008
Source:
SecurityVulns ID:8681
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized filename.
Affected:BROOKSNET : Remote Print Manager 4.5
Original documentdocumentLuigi Auriemma, Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11 (13.02.2008)
Files:Exploits RPM Remote Print Manager <= 4.5.1.11 unicode buffer-overflow

Intermate WinIPDS multiple security vulnerabilities
Published:13.02.2008
Source:
SecurityVulns ID:8682
Type:remote
Threat Level:
5/10
Description:DoS, directory traversal.
Affected:INTERMATE : WinIPDS 3.3
Original documentdocumentLuigi Auriemma, Directory traversal and DoS in WinIPDS G52-33-021 (13.02.2008)

Gnumeric buffer overflow
Published:13.02.2008
Source:
SecurityVulns ID:8683
Type:client
Threat Level:
5/10
Description:Buffer overflow on .XLS files parsing.
Affected:GNUMERIC : gnumeric 1.8
CVE:CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200802-05 ] Gnumeric: User-assisted execution of arbitrary code (13.02.2008)

Apple Mac OS X multiple security vulnerabilities
Published:13.02.2008
Source:
SecurityVulns ID:8684
Type:remote
Threat Level:
7/10
Description:Service Location Protocol buffer overflow, Safari code execution, Time Machine code execution, Mail file:// URI code execution, Parental Control information leakage, Terminal URI code execution,Open Directory weak authentication, NFS client and server DoS.
CVE:CVE-2008-0042
 CVE-2008-0041
 CVE-2008-0040
 CVE-2008-0039
 CVE-2008-0038
 CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.)
 CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.8 and earlier allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.)
Original documentdocument , (unnamed)(13.02.2008)
Files:About the security content of Mac OS X 10.5.2 and Security Update 2008-001

Apple QuickTime ActiveX buffer overflow
Published:13.02.2008
Source:
SecurityVulns ID:8685
Type:client
Threat Level:
7/10
Description:Multiple buffer overflows in different methods and properties.
Affected:APPLE : QuickTime Player 7.4
Original documentdocumentlaurent gaffie, QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow (13.02.2008)

Adobe Flash Media Server multiple security vulnerabilities
Published:13.02.2008
Source:
SecurityVulns ID:8686
Type:remote
Threat Level:
6/10
Description:Integer overflows and memory corruptions on parsing TCP/1935 and TCP/19350 RTMP messages.
Affected:ADOBE : Flash Media Server 2.0
CVE:CVE-2007-6149
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.12.08: Adobe Flash Media Server 2 Memory Corruption Vulnerability (13.02.2008)
 documentIDEFENSE, iDefense Security Advisory 02.12.08: Adobe Flash Media Server 2 Multiple Integer Overflow Vulnerabilities (13.02.2008)

Fortinet Forticlient privilege escalation
Published:13.02.2008
Source:
SecurityVulns ID:8687
Type:local
Threat Level:
5/10
Affected:FORTICLIENT : FortiClient 3.0
Original documentdocumentReversemode, [Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient (13.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod