Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime multiple security vulnerabilities
updated since 16.01.2008
Published:17.01.2008
Source:
SecurityVulns ID:8574
Type:client
Threat Level:
7/10
Description:Buffer overflow on parsing Macintosh resources embedded into QuickTime movie. Quicktime Image IDSC atom memory corruption.
Affected:APPLE : QuickTime 7.3
 APPLE : QuickTime Player 7.3
 APPLE : QuickTime PictureViewer 7.3
CVE:CVE-2008-0033
 CVE-2008-0032
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-016A -- Apple QuickTime Updates for Multiple Vulnerabilities (17.01.2008)
 documentDVLabs, TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability (17.01.2008)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability (16.01.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.01.2008
Source:
SecurityVulns ID:8576
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYBB : MyBB 1.2
 ARIA : aria 0.99
 BLOGCMS : blogcms 4.2
 MCGUESTBOOG : mcGuestbook 1.2
 GRADMAN : Gradman 0.1
Original documentdocumentHACKERS PAL, PHPEchoCMS Multible remote vulnerabilitis (17.01.2008)
 documentSmasher_(at)_ciucciamiilcalzino.it, JoomlaFlash Component Multiple Remote File Inclusion (17.01.2008)
 documentJose Luis Góngora Fernández, Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit (17.01.2008)
 documentJanek Vind, [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 (17.01.2008)
 documentJanek Vind, [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 (17.01.2008)
 documentgokhankaya_(at)_hotmail.com, mcGuestbook v1.2 Remote File Inc. (17.01.2008)
 documentno-reply_(at)_aria-security.net, [Aria-Security.Net] Real Estate Web SQL Injection (17.01.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-002] Local File Include in arias 0.99-6 (17.01.2008)
 documentno-reply_(at)_aria-security.net, cPanel Hosting Manager (dohtaccess.html) (17.01.2008)
 documentJose Luis Góngora Fernández, RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit (17.01.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities (17.01.2008)
Files:RichStrong CMS - Remote SQL Injection Exploit

Linux kernel filesystem DoS
Published:17.01.2008
Source:
SecurityVulns ID:8578
Type:local
Threat Level:
6/10
Description:Local user can corrupt filesystem.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.)
Original documentdocumentRPATH, rPSA-2008-0021-1 kernel (17.01.2008)

apt-listchanges privilege escalation
Published:17.01.2008
Source:
SecurityVulns ID:8579
Type:local
Threat Level:
4/10
Description:Library is loaded by relative path.
Affected:DEBIAN : apt-listchanges 2.72
 DEBIAN : apt-listchanges 2.81
CVE:CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution (17.01.2008)

BitTorrent / uTorrent buffer overflow
Published:17.01.2008
Source:
SecurityVulns ID:8580
Type:client
Threat Level:
6/10
Description:Buffer overflow on peer information displaying.
Affected:BITTORRENT : BitTorrent 6.0
 UTORRENT : uTorrent 1.7
 UTORRENT : uTorrent 1.8
Original documentdocumentLuigi Auriemma, Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 (17.01.2008)
Files:BitTorrent <= 6.0 (build 5535) and uTorrent <= 1.7.5 (build 4602) Peers info GUI unicode overflow

Cisco Call Manager / Cisco Unified Communications Manager buffer overflow
Published:17.01.2008
Source:
SecurityVulns ID:8581
Type:remote
Threat Level:
7/10
Description:Buffer overflow in CTL Provider Service (TCP/2444).
Affected:CISCO : Call Manager 4.1
 CISCO : Call Manager 4.0
 CISCO : Unified Communications Manager 4.2
 CISCO : Unified Communications Manager 4.3
CVE:CVE-2008-0027
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow (17.01.2008)
 documentDVLabs, TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability (17.01.2008)

boost library DoS
Published:17.01.2008
Source:
SecurityVulns ID:8582
Type:library
Threat Level:
5/10
Description:Insufficient regular expression validation.
Affected:BOOST : boost 1.33
CVE:CVE-2008-0172
 CVE-2008-0171
Original documentdocumentUBUNTU, [USN-570-1] boost vulnerabilities (17.01.2008)

8e6 Technologies R3000 Internet Filter URL filtering bypass
updated since 17.01.2008
Published:07.08.2008
Source:
SecurityVulns ID:8577
Type:remote
Threat Level:
4/10
Description:Stateful-filtering is not used. X-DecoyHost header may be used to bypass filtering.
Original documentdocumentnnposter_(at)_disclosed.not, 8e6 Technologies R3000 Internet Filter Bypass with Host Decoy (07.08.2008)
 documentnnposter_(at)_disclosed.not, 8e6 Technologies R3000 Internet Filter Bypass by Request Split (17.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod