Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Network Node Manager code excution
Published:14.06.2008
Source:
SecurityVulns ID:9084
Type:remote
Threat Level:
6/10
Description:Integer overflow on TCP/8886 request parsing.
Affected:HP : OpenView Network Node Manager 7.53
CVE:CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 7.53 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.)
Original documentdocumentHP, [security bulletin] HPSBMA02340 SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) (14.06.2008)

Apple Safari for Windows multiple security vulnerabilities
Published:14.06.2008
Source:
SecurityVulns ID:9087
Type:client
Threat Level:
5/10
Description:Code execution through DLL spoofing, filename spoofing.
Original documentdocumentLIUDIEYU dot COM, Technical Details of Security Issues Regarding Safari for Windows (14.06.2008)

Microsoft Windows WINS privilege escalation
Published:14.06.2008
Source:
SecurityVulns ID:9080
Type:local
Threat Level:
5/10
Description:Memory corruption on packet parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2008-1451
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-034 – Important Vulnerability in WINS Could Allow Elevation of Privilege (948745) (14.06.2008)
Files:Microsoft Security Bulletin MS08-034 – Important Vulnerability in WINS Could Allow Elevation of Privilege (948745)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.06.2008
Source:
SecurityVulns ID:9083
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : vBulletin 3.6
 PHPRIDER : phpRaider 1.0
 VBULLETIN : vBulletin 3.7
 FLATCALENDAR : Flat Calendar 1.1
 PARIDEL : Pooya Site Builder 6.0
Original documentdocumentJessica Hope, Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10) (14.06.2008)
 documentadmin_(at)_bugreport.ir, Pooya Site Builder (PSB) SQL Injection Vulnerabilities (14.06.2008)
 documentJose Luis Góngora Fernández, ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability (14.06.2008)
 documentlaurent gaffié, Flat Calendar v1.1 Remote Permission Bypass Vulnerability (14.06.2008)
 documentlaurent gaffié, phpRaider <= v1.0.6,7 Maybe Other Versions Remote File include Vulnerable (14.06.2008)

mt-daapd buffer overflow
Published:14.06.2008
Source:
SecurityVulns ID:9085
Type:remote
Threat Level:
6/10
Description:Buffer overflow on POST request processing.
Affected:MTDAAPD : mt-daapd 0.2
CVE:CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities (14.06.2008)

vim multiple security vulnerabilities
updated since 14.06.2008
Published:25.08.2008
Source:
SecurityVulns ID:9086
Type:local
Threat Level:
5/10
Description:Code execution on file open.
Affected:VIM : vim 6.4
 VIM : vim 7.1
CVE:CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.)
 CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using (1) filetype.vim, (3) xpm.vim, (4) gzip_vim, and (5) netrw. NOTE: the originally reported version was 7.1.314, but the researcher actually found this set of issues in 7.1.298. NOTE: the zipplugin issue (originally vector 2 in this identifier) has been subsumed by CVE-2008-3075.)
Original documentdocumentJan Minar, Vim: Arbitrary Code Execution in Commands: K, Control-], g] (25.08.2008)
 documentJan Minar, Vim 7.2c.002 Fixes Arbitrary Command Execution when Handling Tar Archives (13.08.2008)
 documentJan Minar, Vim: Netrw: FTP User Name and Password Disclosure (13.08.2008)
 documentJan Minar, Vim: Unfixed Vulnerabilities in Tar Plugin Version 20 (08.08.2008)
 documentJan Minar, Vim: Flawed Fix of Arbitrary Code Execution Vulnerability in filetype.vim (24.07.2008)
 documentJan Minar, Vim: Improper Implementation of shellescape()/Arbitrary Code Execution (22.07.2008)
 documentJan Minar, Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution (22.07.2008)
 documentJan Minar, Collection of Vulnerabilities in Fully Patched Vim 7.1 (14.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod