 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 16.10.2008 | | Source: |  | | | SecurityVulns ID: |  | 9371 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| VLC Mediaplayer memory corruption | | Published: | | 16.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9372 | | Type: | | client | | Level: | | 5/10 | | Description: | | Memory corruption on XSPF playlists parsing. |
| Sun Java Web Proxy buffer overflow | | Published: | | 16.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9373 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow on FTP resource GET request handling in HTTP proxy. |
| Affected: |  | SUN : Java System Web Proxy Server 4.0 | | CVE: |  | CVE-2008-4541 (Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.) |
Xen privilege escalation
updated since 06.10.2007 | | Published: | | 16.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8222 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible for DomU domain user to execute code in Dom0 context. |
| libxml memory corruption | | Published: | | 16.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9374 | | Type: | | library | | Level: | | 5/10 | | Description: | | Memory corruption on XML parsing |
| Affected: | | LIBXML : libxml2 2.7 | | CVE: | | CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.) |
Microsoft Windows AFD driver privilege escalation
updated since 15.10.2008 | | Published: | | 16.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9369 | | Type: | | local | | Level: | | 7/10 | | Description: | | Kernel memory access is possible. |
| Affected: | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | CVE: | | CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability.") |
|
|
|
|
|
|
|
|
