 |
|
|
|
Squid Analysis Report Generator buffer overflow updated since 03.03.2008 | | Published: |  | 13.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8741 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Buffer overflow and crossite scripting on oversized User-Agent in squid log. |
| Affected: |  | SARG : Squid Analysis Report Generator 2.2 | | CVE: |  | CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | |  | CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.) |
| Original document |  | GENTOO, [ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code (13.03.2008) |
| |  | L4teral, Squid Analysis Report Generator <= 2.2.3.1 buffer overflow (03.03.2008) |
Motorola Timbuktu multiple security vulnerabilities updated since 12.03.2008 | | Published: |  | 13.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8775 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Directory traversal, DoS and log spoofing. |
| Affected: |  | MOTOROLA : Timbuktu Pro 8.7 | | CVE: |  | CVE-2008-1118 | | |  | CVE-2008-1117 |
| Original document |  | Luigi Auriemma, Vulnerabilities in Timbuktu Pro 8.6.5 (13.03.2008) |
| |  | CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection (12.03.2008) |
| Sun java WebStart multiple security vulnerabilities | | Published: |  | 13.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8779 | | Type: |  | client | | Level: |  | 7/10 | | Description: |  | Buffer overflow in useEncodingDecl(). |
| Affected: |  | SUN : JRE 5.0 | | |  | SUN : JRE 6 | | CVE: |  | CVE-2008-1188 (Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.) | | |  | CVE-2008-1188 (Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.) |
| Original document |  | ZDI, ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow (13.03.2008) |
| |  | ZDI, ZDI-08-010: Java Web Start encoding Stack Buffer Overflow (13.03.2008) |
Cisco SecureACS buffer overflow updated since 12.03.2008 | | Published: |  | 13.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8777 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Buffer overflow on UCP (user changeable passwords). |
| Affected: |  | CISCO : Cisco UCS 4.1 | | CVE: |  | CVE-2008-0533 | | |  | CVE-2008-0532 |
| Original document |  | Felix 'FX' Lindner, Cisco ACS UCP Remote Pre-Authentication Buffer Overflows (12.03.2008) |
| |  | CISCO, Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities (12.03.2008) |
| Acronis TrueImage multiple DoS conditions | | Published: |  | 13.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8781 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | unallocated memory access, NULL pointer dereference. |
| Affected: |  | ACRONIS : True Image Group Server 1.5 | | |  | ACRONIS : Acronis True Image Windows Agent 1.0 |
| Original document |  | Luigi Auriemma, NULL pointer in Acronis True Image Windows Agent 1.0.0.54 (13.03.2008) |
| |  | Luigi Auriemma, Invalid memory access in Acronis True Image Group Server 1.5.19.191 (13.03.2008) |
| Zabbix DoS | | Published: |  | 13.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8784 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Invalid data to TCP/10050 приводят к отказу службы. |
| Original document |  | Milen Rangelov, Zabbix (zabbix_agentd) denial of service (13.03.2008) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 13.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8778 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| |
|
| |