 |
|
|
|
| Microsoft Windows WINS privilege escalation | | Published: |  | 14.06.2008 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 9080 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Memory corruption on packet parsing. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 14.06.2008 | | Source: | | | | SecurityVulns ID: | | 9083 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| mt-daapd buffer overflow | | Published: | | 14.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9085 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow on POST request processing. |
| Affected: |  | MTDAAPD : mt-daapd 0.2 | | CVE: |  | CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length.) |
| Microsoft Active Directory DoS | | Published: | | 14.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9081 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Uninitialized memory reference on LDAP processing. |
| Microsoft Windows PGM DoS | | Published: | | 14.06.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9082 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Infinite loop on PGM packet parsing. |
| HP OpenView Network Node Manager code excution | | Published: | | 14.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9084 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Integer overflow on TCP/8886 request parsing. |
| Affected: | | HP : OpenView Network Node Manager 7.53 | | CVE: | | CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 7.53 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.) |
| Apple Safari for Windows multiple security vulnerabilities | | Published: | | 14.06.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9087 | | Type: | | client | | Level: | | 5/10 | | Description: | | Code execution through DLL spoofing, filename spoofing. |
vim multiple security vulnerabilities
updated since 14.06.2008 | | Published: | | 25.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9086 | | Type: | | local | | Level: | | 5/10 | | Description: | | Code execution on file open. |
| Affected: | | VIM : vim 6.4 | | | | VIM : vim 7.1 | | CVE: | | CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.) | | | | CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.) |
| Original document |  | Jan Minar, Vim: Arbitrary Code Execution in Commands: K, Control-], g] (25.08.2008) |
| | | Jan Minar, Vim 7.2c.002 Fixes Arbitrary Command Execution when Handling Tar Archives (13.08.2008) |
| | | Jan Minar, Vim: Netrw: FTP User Name and Password Disclosure (13.08.2008) |
| | | Jan Minar, Vim: Unfixed Vulnerabilities in Tar Plugin Version 20 (08.08.2008) |
| | | Jan Minar, Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim (24.07.2008) |
| | | Jan Minar, Vim: Improper Implementation of shellescape()/Arbitrary Code Execution (22.07.2008) |
| | | Jan Minar, Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution (22.07.2008) |
| | | Jan Minar, Collection of Vulnerabilities in Fully Patched Vim 7.1 (14.06.2008) |
|
|
|
|
|
|
|
|
