 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 14.12.2008 | | Source: |  | | | SecurityVulns ID: |  | 9509 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
CapCC for WordPress - crossite scripting, information leakage.
Blogsmith - crossite scripting. |
| CA ARCserve Backup code execution | | Published: | | 14.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9511 | | Type: | | remote | | Level: | | 5/10 | | Description: | | handle_t RPC call insufficient arguments validation. |
| Affected: |  | CA : ARCserve Backup 11.5 | | CVE: |  | CVE-2008-5415 (The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.) |
| uw-imap DoS | | Published: | | 14.12.2008 | | Source: | | CVE | | SecurityVulns ID: | | 9510 | | Type: | | remote | | Level: | | 6/10 | | Description: | | NULL pointer dereference on invalid QUIT command response. |
| Affected: | | UW : UW IMAP 2007c | | CVE: | | CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.) |
| Multiple security vulnerabilities in different antiviral applications | | Published: | | 14.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9513 | | Type: | | remote | | Level: | | 8/10 | | Description: | | ClamAV: LZH DoS;
BitDefender: multiple integer overflow on PE parsing;
Avast: multiple buffer overflows on ISO and RPM parsing;
AVG: crash on UPX files;
Sophos: multiple DoS on different compressed formats parsing;
F-Secure F-prot: protection bypass |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 10.12.2008 | | Published: | | 14.12.2008 | | Source: | | | | SecurityVulns ID: | | 9502 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
EZ Publish: privilege escalation from user to CMS Administrator + Privilege escalation from CMS Administrator to system user. |
HP-UX DCE DoS
updated since 16.12.2007 | | Published: | | 14.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8452 | | Type: | | remote | | Level: | | 5/10 |
| CVE: | | CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.) | | | | CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request.) |
| Asterisk voice server DoS | | Published: | | 14.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9512 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on IAX2 processing |
|
|
|
|
|
|
|
|
