 |
|
|
|
| Cisco Unified Communications Manager / Cisco CallManager SQL injection | | Published: |  | 16.02.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8689 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Multiple SQL injections in user and admin pages. |
| Sami FTP Server multiple security vulnerabilities | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8696 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple DoS conditions and buffer overflows. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 16.02.2008 | | Source: | | | | SecurityVulns ID: | | 8698 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | muuratsalo experimental hack lab, banpro-dms 1.0 local file inclusion vulnerability (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_sg) (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_emcompose) (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_filebase) (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_lexikon) (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection( com_scheduling) (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla SQL Injection(com_salesrep) (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, Simple Forum Version 1.7-1.9(pagename) (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, SellOwnHouse login SQL Injection (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, all version Wordpress FORUM S@L injection (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla faq SQL Injection (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla com_activities sql injection (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, Ecommerce Websites from b1st.com SQL Injection (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, joomla "com_smslist" sql injecton (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, engineering Neoteric UK LTD S@L İNJECTİON (16.02.2008) |
| | | hadihadi_zedehal_2006_(at)_yahoo.com, artmedic_weblog Cross Site Scriptting Vulnerbility (16.02.2008) |
| | | hackturkiye.hackturkiye_(at)_gmail.com, Simple Forum Version 1.10-1.11 SQL Injection (16.02.2008) |
| OpenDAL DoS | | Published: | | 16.02.2008 | | Source: | | | | SecurityVulns ID: | | 8700 | | Type: | | remote | | Level: | | 5/10 |
| CVE: |  | CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.) | | | | CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.) |
| FreeBSD sendfile() privilege escalation | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8691 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Syscall allows read access to write-only files. |
| IP Diva VPN SSL multiple security vulnerabilities | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8693 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Unlimited number of passwords attempts, CSS. |
| UniversalFtp Server multiple security vulnerabilities | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8694 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflows and DoS conditions. |
| SOPHOS Email Security Appliance crossite scripting | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8695 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Administration interface crossite scripting. |
| Cisco Unified IP Phones multiple SIP security vulnerabilities | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8690 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflows, DoS. |
| FreeBSD IPSec DoS | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8692 | | Type: | | remote | | Level: | | 7/10 | | Description: | | NULL pointer dereference on IPSec packet parsing. |
| Mailman crossite scripting | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8699 | | Type: | | remote | | Level: | | 5/10 |
| Affected: |  | GNU : Mailman 2.1 | | CVE: | | CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.) |
Mplayer / Xine multiple security vulnerabilities
updated since 05.02.2008 | | Published: | | 16.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8631 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on FLAC data parsing, uninitilized pointer dereference on MOV parsing. |
| Affected: | | MPLAYER : MPlayer 1.0 | | | | XINE : xine 1.1 | | | | XINE : xinelib 1.1 | | CVE: | | CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.) | | | | CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.) | | | | CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) | | | | CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.) |
Mozilla Firefox / Opera information leak
updated since 16.02.2008 | | Published: | | 27.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8697 | | Type: | | client | | Level: | | 5/10 | | Description: | | Error on BMP files displaying allows to read content of heap memory. |
| Affected: | | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | | | OPERA : Opera 9.50 | | CVE: | | CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.) |
|
|
|
|
|
|
|
|
