 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 14.11.2008 | | Source: |  | | | SecurityVulns ID: |  | 9430 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Fusebox Framework: crossite scripting |
| rPath Linux symbolic links vulnerability | | Published: | | 14.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9431 | | Type: | | local | | Level: | | 5/10 | | Description: | | rapa-console init script symbolic links vulnerability. |
| Affected: |  | RPATH : rPath Appliance Platform Linux Service 1 | | | | RPATH : rPath Appliance Platform Linux Service 2 | | | | RPATH : rPath Linux 1 | | | | RPATH : rPath Linux 2 | | CVE: |  | CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time.) | | | | CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run.) |
| GnuTLS certificates spoofing | | Published: | | 14.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9432 | | Type: | | library | | Level: | | 6/10 | | Description: | | Invalid trust chain verification procedure. |
| Affected: | | GNUTLS : GnuTLS 2.0 | | CVE: | | CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).) |
| HP Service Manager privilege escalation | | Published: | | 14.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9433 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | HP : HP Service Manager 7.01 | | CVE: | | CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.) |
| Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities | | Published: | | 14.11.2008 | | Source: | | MOZILLA | | SecurityVulns ID: | | 9434 | | Type: | | client | | Level: | | 9/10 | | Description: | | Information leak, free'd memory reusing, privilege escalation, buffer overflow, crossite scripting, protection bypass. |
| Affected: | | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | | | MOZILLA : Firefox 3.0 | | CVE: | | CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js.) | | | | CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.) | | | | CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.) | | | | CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.) | | | | CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.) | | | | CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.) | | | | CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.) | | | | CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.) | | | | CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.) | | | | CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.) | | | | CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.) | | | | CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.) | | | | CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.) | | | | CVE-2008-0017 |
| Original document |  | MOZILLA, Mozilla Foundation Security Advisory 2008-58 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-57 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-56 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-55 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-54 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-53 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-52 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-51 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-50 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-49 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-48 (14.11.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-47 (14.11.2008) |
Oracle multiple security vulnerabilities
updated since 26.10.2008 | | Published: | | 14.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9382 | | Type: | | remote | | Level: | | 8/10 | | Description: | | New quarterly updated fixes different types of security vulnerabilities. |
| Affected: | | ORACLE : Oracle 9i | | | | ORACLE : Oracle 8i | | | | ORACLE : Oracle 10g | | | | ORACLE : Oracle 11g | | CVE: | | CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.) | | | | CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.) | | | | CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.) | | | | CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.) | | | | CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.) | | | | CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.) | | | | CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.) | | | | CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode.) |
Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS
updated since 03.10.2008 | | Published: | | 14.11.2008 | | Source: | | MustLive | | SecurityVulns ID: | | 9330 | | Type: | | remote | | Level: | | 4/10 | | Description: | | window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript. |
| VM-Builder weak password | | Published: | | 14.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9435 | | Type: | | local | | Level: | | 5/10 | | Description: | | Weak PRNG is used to generate virtual machine root password. |
|
|
|
|
|
|
|
|
