Search:Vulnerability:13.03.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Squid Analysis Report Generator buffer overflow
updated since 03.03.2008
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8741
Type: remote
Level: 6/10
Description: Buffer overflow and crossite scripting on oversized User-Agent in squid log.

Affected: SARG : Squid Analysis Report Generator 2.2
CVE: CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.)

Original document GENTOO, [ GLSA 200803-21 ] Sarg: Remote execution of arbitrary code (13.03.2008)

L4teral, Squid Analysis Report Generator <= 2.2.3.1 buffer overflow (03.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Motorola Timbuktu multiple security vulnerabilities
updated since 12.03.2008
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8775
Type: remote
Level: 5/10
Description: Directory traversal, DoS and log spoofing.

Affected: MOTOROLA : Timbuktu Pro 8.7
CVE: CVE-2008-1118
CVE-2008-1117

Original document Luigi Auriemma, Vulnerabilities in Timbuktu Pro 8.6.5 (13.03.2008)

CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0204: Timbuktu Pro Remote Path Traversal and Log Injection (12.03.2008)

Files: Exploits Timbuktu Pro <= 8.6.5 [RC 229] vulnerabilities
Discuss: Read or add your comments to this news (0 comments)

Sun java WebStart multiple security vulnerabilities
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8779
Type: client
Level: 7/10
Description: Buffer overflow in useEncodingDecl().

Affected: SUN : JRE 5.0
SUN : JRE 6
CVE: CVE-2008-1188 (Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.)
CVE-2008-1188 (Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189.)

Original document ZDI, ZDI-08-009: Java Web Start tempbuff Stack Buffer Overflow (13.03.2008)

ZDI, ZDI-08-010: Java Web Start encoding Stack Buffer Overflow (13.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Cisco SecureACS buffer overflow
updated since 12.03.2008
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8777
Type: remote
Level: 6/10
Description: Buffer overflow on UCP (user changeable passwords).

Affected: CISCO : Cisco UCS 4.1
CVE: CVE-2008-0533
CVE-2008-0532

Original document Felix 'FX' Lindner, Cisco ACS UCP Remote Pre-Authentication Buffer Overflows (12.03.2008)

CISCO, Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities (12.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Acronis TrueImage multiple DoS conditions
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8781
Type: remote
Level: 5/10
Description: unallocated memory access, NULL pointer dereference.

Affected: ACRONIS : True Image Group Server 1.5
ACRONIS : Acronis True Image Windows Agent 1.0

Original document Luigi Auriemma, NULL pointer in Acronis True Image Windows Agent 1.0.0.54 (13.03.2008)

Luigi Auriemma, Invalid memory access in Acronis True Image Group Server 1.5.19.191 (13.03.2008)

Files: Exploits Invalid memory access in Acronis True Image Group Server 1.5.19.191
Exploits NULL pointer in Acronis True Image Windows Agent 1.0.0.54
Discuss: Read or add your comments to this news (0 comments)

Zabbix DoS
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8784
Type: remote
Level: 5/10
Description: Invalid data to TCP/10050 �� .

Original document Milen Rangelov, Zabbix (zabbix_agentd) denial of service (13.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8778
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: TRAVELSIZEDCMS : travelsized cms 0.4
UBERGHEY : uberghey cms 0.3
EDITOR : EdiorCMS 3.0

Original document wsn1983_(at)_gmail.com, Directory traversal in EdiorCMS V3.0 (13.03.2008)

nima_501_(at)_yahoo.com, XSS in PHP-Nuke (eWeather module) (13.03.2008)

turkish-warriorr_(at)_hotmail.com, Powered by phpBB 2001, 2006 (SQL) (13.03.2008)

muuratsalo experimental hack lab, travelsized cms 0.4.1 multiple local file inclusion vulnerabilities (13.03.2008)

document muuratsalo experimental hack lab, uberghey cms 0.3.1 multiple local file inclusion vulnerabilities (13.03.2008)

lovebug_(at)_hotmail.it, PHP-Nuke Module ZClassifieds [cat] SQL Injection (13.03.2008)

Discuss: Read or add your comments to this news (0 comments)

McAfee Framework / ePolicy Orchestrator format string vulnerability
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8780
Type: library
Level: 6/10
Description: Format string vulnerability in logging functions.

Affected: MCAFEE : McAfee Framework 3.5
MCAFEE : ePolicy Orchestrator 4.0

Original document Luigi Auriemma, Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0) (13.03.2008)

Files: Exploits McAfee Framework <= 3.6.0.569 (ePolicy Orchestrator 4.0) format string
Discuss: Read or add your comments to this news (0 comments)

Argon Client Management Services directory traversal
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8782
Type: remote
Level: 5/10
Description: directory traversal in built-in TFTP server.

Affected: ARGONTECHNOLOGY : Argon Client Management Services 1.31

Original document Luigi Auriemma, Directory traversal in Argon Client Management Services 1.31 (13.03.2008)

Files: TFTP server tester
Discuss: Read or add your comments to this news (0 comments)

Remotely Anywhere DoS
Published: 13.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8783
Type: remote
Level: 5/10
Description: TCP/2000 HTTP request invalid Accept-Charset header NULL pointer dereference.

Affected: REMOTELYANYWHERE : Remotely Anywhere 8.0

Original document Luigi Auriemma, NULL pointer in Remotely Anywhere 8.0.668 (13.03.2008)

Files: Exploits NULL pointer in Remotely Anywhere 8.0.668
Discuss: Read or add your comments to this news (0 comments)