Computer Security
[EN] securityvulns.ru no-pyccku


Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS
updated since 03.10.2008
Published:14.11.2008
Source:
SecurityVulns ID:9330
Type:remote
Threat Level:
4/10
Description:window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Mozilla 1.7
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MOZILLA : Firefox 3.0
 GOOGLE : Chrome 0.2
 OPERA : Opera 9.52
 GOOGLE : Chrome 0.3
Original documentdocumentMustLive, DoS vulnerabilities in Internet Explorer and Google Chrome (14.11.2008)
 documentMustLive, DoS vulnerability in Mozilla Firefox (06.10.2008)
 documentMustLive, DoS vulnerability in Internet Explorer (06.10.2008)
 documentMustLive, DoS vulnerability in Opera (06.10.2008)
 documentMustLive, DoS vulnerability in Mozilla, Internet Explorer, Google Chrome and Opera (03.10.2008)
Files:close.html

Oracle multiple security vulnerabilities
updated since 26.10.2008
Published:14.11.2008
Source:
SecurityVulns ID:9382
Type:remote
Threat Level:
8/10
Description:New quarterly updated fixes different types of security vulnerabilities.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 8i
 ORACLE : Oracle 10g
 ORACLE : Oracle 11g
CVE:CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.)
 CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.)
 CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.)
 CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.)
 CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode.)
Original documentdocumentSHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database multiple SQL Injection vulnerabilities in Workspace Manager (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database Multiple SQL Injection vulnerabilities in LTADM (14.11.2008)
 documentpete_(at)_petefinnigan.com, Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges (26.10.2008)
 documentAmichai Shulman, CVE-2008-4000: Oracle PeopleTools – Authentication Weakness (26.10.2008)
 documentAmichai Shulman, CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability (26.10.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.11.2008
Source:
SecurityVulns ID:9430
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Fusebox Framework: crossite scripting
Affected:JOOMLA : JooBlog 0.1.1 component for Joomla
Original documentdocumentStephen Argent, Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vuln. (14.11.2008)
 documentMustLive, Cross-Site Scripting vulnerability in Fusebox Framework (14.11.2008)

rPath Linux symbolic links vulnerability
Published:14.11.2008
Source:
SecurityVulns ID:9431
Type:local
Threat Level:
5/10
Description:rapa-console init script symbolic links vulnerability.
Affected:RPATH : rPath Appliance Platform Linux Service 1
 RPATH : rPath Appliance Platform Linux Service 2
 RPATH : rPath Linux 1
 RPATH : rPath Linux 2
CVE:CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.)
 CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.)
Original documentdocumentRPATH, rPSA-2008-0318-1 initscripts (14.11.2008)

GnuTLS certificates spoofing
Published:14.11.2008
Source:
SecurityVulns ID:9432
Type:library
Threat Level:
6/10
Description:Invalid trust chain verification procedure.
Affected:GNUTLS : GnuTLS 2.0
CVE:CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).)
Original documentdocumentMANDRIVA, [ MDVSA-2008:227 ] gnutls (14.11.2008)

HP Service Manager privilege escalation
Published:14.11.2008
Source:
SecurityVulns ID:9433
Type:remote
Threat Level:
5/10
Affected:HP : HP Service Manager 7.01
CVE:CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02385 SSRT080161 rev.1 - HP Service Manager (HPSM), Gain Extended Privileges (14.11.2008)

Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
Published:14.11.2008
Source:
SecurityVulns ID:9434
Type:client
Threat Level:
9/10
Description:Information leak, free'd memory reusing, privilege escalation, buffer overflow, crossite scripting, protection bypass.
Affected:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
 MOZILLA : Firefox 3.0
CVE:CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.)
 CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.)
 CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.)
 CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.)
 CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.)
 CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.)
 CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.)
 CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.)
 CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.)
 CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.)
 CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.)
 CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.)
 CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.)
 CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2008-58 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-57 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-56 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-55 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-54 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-53 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-52 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-51 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-50 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-49 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-48 (14.11.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-47 (14.11.2008)

VM-Builder weak password
Published:14.11.2008
Source:
SecurityVulns ID:9435
Type:local
Threat Level:
5/10
Description:Weak PRNG is used to generate virtual machine root password.
Affected:VMBUILDER : vm-builder 0.9
Original documentdocumentUBUNTU, [USN-670-1] VMBuilder vulnerability (14.11.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod