Computer Security
[EN] securityvulns.ru no-pyccku


HP-UX DCE DoS
updated since 16.12.2007
Published:14.12.2008
Source:
SecurityVulns ID:8452
Type:remote
Threat Level:
5/10
CVE:CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.)
 CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request.)
Original documentdocumentHP, [security bulletin] HPSBUX02393 SSRT080057 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS) (14.12.2008)
 documentHP, [security bulletin] HPSBUX02294 SSRT071451 rev.1 - HP-UX Running DCE, Remote Denial of Service (DoS) (16.12.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 10.12.2008
Published:14.12.2008
Source:
SecurityVulns ID:9502
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. EZ Publish: privilege escalation from user to CMS Administrator + Privilege escalation from CMS Administrator to system user.
Affected:EZ : ez publish 3.10
 EZ : ez publish 4.0
 PRESTASHOP : PrestaShop 1.1
 PHPEPPERSHOP : PHPepperShop 1.4
 XOOPS : XOOPS 2.3
Original documentdocumentS4aVRd0w, Эксплоит для эксплуатации уязвимости EZSA-2008-003 с активацией учетной записи (14.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x (10.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x (10.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x (10.12.2008)
 documentth3.r00k_(at)_gmail.com, XSS in PHPepperShop v 1.4 (10.12.2008)
 documentth3.r00k_(at)_gmail.com, Two XSS Flaws in PrestaShop 1.1.0.3 (10.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, Joomla Component mydyngallery (10.12.2008)
 documentS4aVRd0w, Эксплоит для эксплуатации уязвимости EZSA-2008-003 (10.12.2008)
Files:eZ Publish privilege escalation exploit by s4avrd0w
 eZ Publish OS Commanding executing exploit by s4avrd0w
 EZ publish exploit with admin account activization

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.12.2008
Source:
SecurityVulns ID:9509
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CapCC for WordPress - crossite scripting, information leakage. Blogsmith - crossite scripting.
Affected:MOODLE : moodle 1.9
 CAPCC : CapCC 1.0
 ASPCMS : ASP-CMS 1.0
 PHPF1 : Max's Guestbook 1.0
Original documentdocument08253_(at)_maurickcollege.nl, Max's Guestbook (XSS) Remote Vulnerability (14.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, aspProductCatalog Sql Injection (14.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, Meta Cart Free Database Disclosure (14.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, facto Database Disclosure (14.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, ASP-CMS v.1.0 Sql Injection/Database Disclosure (14.12.2008)
 documentascii, Moodle 1.9.3 Remote Code Execution (14.12.2008)
 documentMustLive, Multiple vulnerabilities in CapCC for WordPress (14.12.2008)
 documentMustLive, Cross-Site Scripting vulnerability in Blogsmith (14.12.2008)

uw-imap DoS
Published:14.12.2008
Source:
SecurityVulns ID:9510
Type:remote
Threat Level:
6/10
Description:NULL pointer dereference on invalid QUIT command response.
Affected:UW : UW IMAP 2007c
CVE:CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.)

CA ARCserve Backup code execution
Published:14.12.2008
Source:
SecurityVulns ID:9511
Type:remote
Threat Level:
5/10
Description:handle_t RPC call insufficient arguments validation.
Affected:CA : ARCserve Backup 11.5
CVE:CVE-2008-5415 (The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.)
Original documentdocumentCA, CA ARCserve Backup LDBserver Vulnerability (14.12.2008)
 documentSECUNIA, Secunia Research: CA ARCserve Backup RPC "handle_t" Argument Vulnerability (14.12.2008)

Asterisk voice server DoS
Published:14.12.2008
Source:
SecurityVulns ID:9512
Type:remote
Threat Level:
5/10
Description:Crash on IAX2 processing
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
Original documentdocumentASTERISK, AST-2008-012: Remote crash vulnerability in IAX2 (14.12.2008)

Multiple security vulnerabilities in different antiviral applications
Published:14.12.2008
Source:
SecurityVulns ID:9513
Type:remote
Threat Level:
8/10
Description:ClamAV: LZH DoS; BitDefender: multiple integer overflow on PE parsing; Avast: multiple buffer overflows on ISO and RPM parsing; AVG: crash on UPX files; Sophos: multiple DoS on different compressed formats parsing; F-Secure F-prot: protection bypass
Affected:CLAMAV : ClamAV 0.93
 BITDEFENDER : BitDefender 7.60825
 AVAST : Avast for Workstations 1.0
 AVG : AVG 7.5
 SOPHOS : SAVScan 4.33
 F-SECURE : F-Prot Antivirus 4.6
Original documentdocumentiViZ Security Advisories, [IVIZ-08-011] ClamAV lzh unpacking segmentation fault (14.12.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod