Computer Security
[EN] securityvulns.ru no-pyccku


Squid Analysis Report Generator buffer overflow
updated since 03.03.2008
Published:13.03.2008
Source:
SecurityVulns ID:8741
Type:remote
Threat Level:
6/10
Description:Buffer overflow and crossite scripting on oversized User-Agent in squid log.
Affected:SARG : Squid Analysis Report Generator 2.2
CVE:CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.)
Original documentdocumentGENTOO, [ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code (13.03.2008)
 documentL4teral, Squid Analysis Report Generator <= 2.2.3.1 buffer overflow (03.03.2008)

Motorola Timbuktu multiple security vulnerabilities
updated since 12.03.2008
Published:13.03.2008
Source:
SecurityVulns ID:8775
Type:remote
Threat Level:
5/10
Description:Directory traversal, DoS and log spoofing.
Affected:MOTOROLA : Timbuktu Pro 8.7
CVE:CVE-2008-1118
 CVE-2008-1117
Original documentdocumentLuigi Auriemma, Vulnerabilities in Timbuktu Pro 8.6.5 (13.03.2008)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection (12.03.2008)
Files:Exploits Timbuktu Pro <= 8.6.5 [RC 229] vulnerabilities

Cisco SecureACS buffer overflow
updated since 12.03.2008
Published:13.03.2008
Source:
SecurityVulns ID:8777
Type:remote
Threat Level:
6/10
Description:Buffer overflow on UCP (user changeable passwords).
Affected:CISCO : Cisco UCS 4.1
CVE:CVE-2008-0533
 CVE-2008-0532
Original documentdocumentFelix 'FX' Lindner, Cisco ACS UCP Remote Pre-Authentication Buffer Overflows (12.03.2008)
 documentCISCO, Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities (12.03.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.03.2008
Source:
SecurityVulns ID:8778
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TRAVELSIZEDCMS : travelsized cms 0.4
 UBERGHEY : uberghey cms 0.3
 EDITOR : EdiorCMS 3.0
Original documentdocumentwsn1983_(at)_gmail.com, Directory traversal in EdiorCMS V3.0 (13.03.2008)
 documentnima_501_(at)_yahoo.com, XSS in PHP-Nuke (eWeather module) (13.03.2008)
 documentturkish-warriorr_(at)_hotmail.com, Powered by phpBB 2001, 2006 (SQL) (13.03.2008)
 documentmuuratsalo experimental hack lab, travelsized cms 0.4.1 multiple local file inclusion vulnerabilities (13.03.2008)
 documentmuuratsalo experimental hack lab, uberghey cms 0.3.1 multiple local file inclusion vulnerabilities (13.03.2008)
 documentlovebug_(at)_hotmail.it, PHP-Nuke Module ZClassifieds [cat] SQL Injection (13.03.2008)

Sun java WebStart multiple security vulnerabilities
Published:13.03.2008
Source:
SecurityVulns ID:8779
Type:client
Threat Level:
7/10
Description:Buffer overflow in useEncodingDecl().
Affected:SUN : JRE 5.0
 ORACLE : JRE 6
CVE:CVE-2008-1188 (Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.)
 CVE-2008-1188 (Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.)
Original documentdocumentZDI, ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow (13.03.2008)
 documentZDI, ZDI-08-010: Java Web Start encoding Stack Buffer Overflow (13.03.2008)

McAfee Framework / ePolicy Orchestrator format string vulnerability
Published:13.03.2008
Source:
SecurityVulns ID:8780
Type:library
Threat Level:
6/10
Description:Format string vulnerability in logging functions.
Affected:MCAFEE : McAfee Framework 3.5
 MCAFEE : ePolicy Orchestrator 4.0
Original documentdocumentLuigi Auriemma, Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0) (13.03.2008)
Files:Exploits McAfee Framework <= 3.6.0.569 (ePolicy Orchestrator 4.0) format string

Argon Client Management Services directory traversal
Published:13.03.2008
Source:
SecurityVulns ID:8782
Type:remote
Threat Level:
5/10
Description:directory traversal in built-in TFTP server.
Affected:ARGONTECHNOLOGY : Argon Client Management Services 1.31
Original documentdocumentLuigi Auriemma, Directory traversal in Argon Client Management Services 1.31 (13.03.2008)
Files:TFTP server tester

Remotely Anywhere DoS
Published:13.03.2008
Source:
SecurityVulns ID:8783
Type:remote
Threat Level:
5/10
Description:TCP/2000 HTTP request invalid Accept-Charset header NULL pointer dereference.
Affected:REMOTELYANYWHERE : Remotely Anywhere 8.0
Original documentdocumentLuigi Auriemma, NULL pointer in Remotely Anywhere 8.0.668 (13.03.2008)
Files:Exploits NULL pointer in Remotely Anywhere 8.0.668

Zabbix DoS
Published:13.03.2008
Source:
SecurityVulns ID:8784
Type:remote
Threat Level:
5/10
Description:Invalid data to TCP/10050 приводят к отказу службы.
Original documentdocumentMilen Rangelov, Zabbix (zabbix_agentd) denial of service (13.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod