Search:Vulnerability:16.02.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

OpenDAL DoS
Published: 16.02.2008
Source:
SecurityVulns ID: 8700
Type: remote
Level: 5/10

CVE: CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.)
CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability.)

Original document RPATH, rPSA-2008-0059-1 openldap openldap-clients openldap-servers (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

UniversalFtp Server multiple security vulnerabilities
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8694
Type: remote
Level: 5/10
Description: Buffer overflows and DoS conditions.

Affected: UNIVERSALFTP : UniversalFtp Server 1.0

Original document securfrog_(at)_gmail.com, UniversalFtp Server 1.0.44 Multiple Remote Denial of service (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

SOPHOS Email Security Appliance crossite scripting
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8695
Type: remote
Level: 4/10
Description: Administration interface crossite scripting.

Affected: SOPHOS : Sophos ES1000

Original document infocus, [INFIGO-2008-02-13]: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Mplayer / Xine multiple security vulnerabilities
updated since 05.02.2008
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8631
Type: remote
Level: 5/10
Description: Buffer overflow on FLAC data parsing, uninitilized pointer dereference on MOV parsing.

Affected: MPLAYER : MPlayer 1.0
XINE : xine 1.1
XINE : xinelib 1.1
CVE: CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.)
CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.)
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.)

Original document MANDRIVA, [ MDVSA-2008:046 ] - Updated xine-lib package fixes arbitrary code execution vulnerability (16.02.2008)

CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability (05.02.2008)

CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0122: MPlayer arbitrary pointer dereference (05.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Cisco Unified IP Phones multiple SIP security vulnerabilities
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8690
Type: remote
Level: 6/10
Description: Buffer overflows, DoS.

Affected: CISCO : Cisco 7940
CISCO : Cisco 7960

Original document CISCO, Cisco Security Advisory: Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

FreeBSD IPSec DoS
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8692
Type: remote
Level: 7/10
Description: NULL pointer dereference on IPSec packet parsing.

CVE: CVE-2008-0177

Original document FREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:04.ipsec (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Mailman crossite scripting
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8699
Type: remote
Level: 5/10

Affected: MAILMAN : Mailman 2.1
CVE: CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.)

Original document RPATH, rPSA-2008-0056-1 mailman (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Cisco Unified Communications Manager / Cisco CallManager SQL injection
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8689
Type: remote
Level: 6/10
Description: Multiple SQL injections in user and admin pages.

Affected: CISCO : Unified Communication Manager 5.0
CISCO : Unified Communication Manager 5.1
CISCO : Unified Communication Manager 6.0
CISCO : Unified Communication Manager 6.1

Original document CISCO, Cisco Security Advisory: SQL injection in Cisco Unified Communications Manager (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Sami FTP Server multiple security vulnerabilities
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8696
Type: remote
Level: 5/10
Description: Multiple DoS conditions and buffer overflows.

Affected: SAMI : Sami FTP Server 2.0

Original document securfrog_(at)_gmail.com, Sami FTP Server 2.0.* Multiple Remote Vulnerabilities (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

FreeBSD sendfile() privilege escalation
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8691
Type: remote
Level: 5/10
Description: Syscall allows read access to write-only files.

Affected: FREEBSD : FreeBSD 7.0
FREEBSD : FreeBSD 6.1
FREEBSD : FreeBSD 5.5
FREEBSD : FreeBSD 6.2
FREEBSD : FreeBSD 6.3
CVE: CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.)

Original document FREEEBSD, FreeBSD Security Advisory FreeBSD-SA-08:03.sendfile (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

IP Diva VPN SSL multiple security vulnerabilities
Published: 16.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8693
Type: remote
Level: 5/10
Description: Unlimited number of passwords attempts, CSS.

Affected: IPDIVA : IPDiva VPNSSL 2.3
IPDIVA : IPDiva VPNSSL 2.2

Original document eagle, DOINGSOFT-2008-02-11-002 IP Diva VPN SSL many XSS attacks (16.02.2008)

eagle, DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Mozilla Firefox / Opera information leak
updated since 16.02.2008
Published: 27.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8697
Type: client
Level: 5/10
Description: Error on BMP files displaying allows to read content of heap memory.

Affected: MOZILLA : Firefox 2.0
MOZILLA : Thunderbird 2.0
MOZILLA : SeaMonkey 1.1
OPERA : Opera 9.50
CVE: CVE-2008-0420

Original document MOZILLA, Mozilla Foundation Security Advisory 2008-07 (27.02.2008)

Gynvael Coldwind, [HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service (16.02.2008)

Discuss: Read or add your comments to this news (0 comments)