Computer Security
[EN] securityvulns.ru no-pyccku


libxml memory corruption
Published:16.10.2008
Source:
SecurityVulns ID:9374
Type:library
Threat Level:
5/10
Description:Memory corruption on XML parsing
Affected:LIBXML2 : libxml2 2.7
CVE:CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:212 ] libxml2 (16.10.2008)

Microsoft Windows AFD driver privilege escalation
updated since 15.10.2008
Published:16.10.2008
Source:
SecurityVulns ID:9369
Type:local
Threat Level:
7/10
Description:Kernel memory access is possible.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability.")
Original documentdocumentReversemode, Exploit for MS08-066 - AFD.sys kernel memory overwrite. (16.10.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-066 – Important Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803) (15.10.2008)
Files:Microsoft Security Bulletin MS08-066 – Important Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.10.2008
Source:
SecurityVulns ID:9371
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Original documentdocumentoffice_(at)_hackattack.at, HACKATTACK Advisory 20081016]WEB//NEWS SQL Injection and Cookie Manipulation (16.10.2008)
 documentdjmomo_(at)_live.com, Vivid Ads Shopping Cart (cid) Remote SQL Injection (16.10.2008)

VLC Mediaplayer memory corruption
Published:16.10.2008
Source:
SecurityVulns ID:9372
Type:client
Threat Level:
5/10
Description:Memory corruption on XSPF playlists parsing.
Affected:VIDEOLAN : VLC media player 0.9
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-1010: VLC media player XSPF Memory Corruption (16.10.2008)

Sun Java Web Proxy buffer overflow
Published:16.10.2008
Source:
SecurityVulns ID:9373
Type:remote
Threat Level:
7/10
Description:Buffer overflow on FTP resource GET request handling in HTTP proxy.
Affected:SUN : Java System Web Proxy Server 4.0
CVE:CVE-2008-4541 (Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow (16.10.2008)

Xen privilege escalation
updated since 06.10.2007
Published:16.10.2008
Source:
SecurityVulns ID:8222
Type:local
Threat Level:
5/10
Description:It's possible for DomU domain user to execute code in Dom0 context.
Affected:XEN : xen 3.0
CVE:CVE-2007-4993
Original documentdocumentJoanna Rutkowska, Paper: Adventures with a certain Xen vulnerability (16.10.2008)
 documentDEBIAN, [SECURITY] [DSA 1384-1] New xen-utils packages fix several vulnerabilities (06.10.2007)
Files:Adventures with a certain Xen vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod