Search:Vulnerability:17.01.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Linux kernel filesystem DoS
Published: 17.01.2008
Source: BUGTRAQ
SecurityVulns ID: 8578
Type: local
Level: 6/10
Description: Local user can corrupt filesystem.

Affected: LINUX : kernel 2.6
CVE: CVE-2008-0001

Original document RPATH, rPSA-2008-0021-1 kernel (17.01.2008)

Discuss: Read or add your comments to this news (0 comments)

Cisco Call Manager / Cisco Unified Communications Manager buffer overflow
Published: 17.01.2008
Source: BUGTRAQ
SecurityVulns ID: 8581
Type: remote
Level: 7/10
Description: Buffer overflow in CTL Provider Service (TCP/2444).

Affected: CISCO : Call Manager 4.1
CISCO : Call Manager 4.0
CISCO : Unified Communications Manager 4.2
CISCO : Unified Communications Manager 4.3
CVE: CVE-2008-0027

Original document CISCO, Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow (17.01.2008)

DVLabs, TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability (17.01.2008)

Discuss: Read or add your comments to this news (0 comments)

BitTorrent / uTorrent buffer overflow
Published: 17.01.2008
Source: BUGTRAQ
SecurityVulns ID: 8580
Type: client
Level: 6/10
Description: Buffer overflow on peer information displaying.

Affected: BITTORRENT : BitTorrent 6.0
UTORRENT : uTorrent 1.7
UTORRENT : uTorrent 1.8

Original document Luigi Auriemma, Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 (17.01.2008)

Files: BitTorrent <= 6.0 (build 5535) and uTorrent <= 1.7.5 (build 4602) Peers info GUI unicode overflow
Discuss: Read or add your comments to this news (1 comments)

Apple QuickTime multiple security vulnerabilities
updated since 16.01.2008
Published: 17.01.2008
Source: FULL-DISCLOSURE
SecurityVulns ID: 8574
Type: client
Level: 7/10
Description: Buffer overflow on parsing Macintosh resources embedded into QuickTime movie. Quicktime Image IDSC atom memory corruption.

Affected: APPLE : QuickTime 7.3
APPLE : QuickTime Player 7.3
APPLE : QuickTime PictureViewer 7.3
CVE: CVE-2008-0033
CVE-2008-0032

Original document CERT, US-CERT Technical Cyber Security Alert TA08-016A -- Apple QuickTime Updates for Multiple Vulnerabilities (17.01.2008)

DVLabs, TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability (17.01.2008)

IDEFENSE, [Full-disclosure] iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability (16.01.2008)

Discuss: Read or add your comments to this news (0 comments)

apt-listchanges privilege escalation
Published: 17.01.2008
Source: BUGTRAQ
SecurityVulns ID: 8579
Type: local
Level: 4/10
Description: Library is loaded by relative path.

Affected: DEBIAN : apt-listchanges 2.72
DEBIAN : apt-listchanges 2.81
CVE: CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.)

Original document DEBIAN, [SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution (17.01.2008)

Discuss: Read or add your comments to this news (0 comments)

boost library DoS
Published: 17.01.2008
Source: BUGTRAQ
SecurityVulns ID: 8582
Type: library
Level: 5/10
Description: Insufficient regular expression validation.

Affected: BOOST : boost 1.33
CVE: CVE-2008-0172
CVE-2008-0171

Original document UBUNTU, [USN-570-1] boost vulnerabilities (17.01.2008)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 17.01.2008
Source: BUGTRAQ
SecurityVulns ID: 8576
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: MYBB : MyBB 1.2
ARIA : aria 0.99
BLOGCMS : blogcms 4.2
MCGUESTBOOG : mcGuestbook 1.2
GRADMAN : Gradman 0.1

Original document HACKERS PAL, PHPEchoCMS Multible remote vulnerabilitis (17.01.2008)

Smasher_(at)_ciucciamiilcalzino.it, JoomlaFlash Component Multiple Remote File Inclusion (17.01.2008)

Jose Luis Góngora Fernández, Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit (17.01.2008)

document Janek Vind, [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 (17.01.2008)

Janek Vind, [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 (17.01.2008)

gokhankaya_(at)_hotmail.com, mcGuestbook v1.2 Remote File Inc. (17.01.2008)

no-reply_(at)_aria-security.net, [Aria-Security.Net] Real Estate Web SQL Injection (17.01.2008)

document Digital Security Research Group [DSecRG], [DSECRG-08-002] Local File Include in arias 0.99-6 (17.01.2008)

no-reply_(at)_aria-security.net, cPanel Hosting Manager (dohtaccess.html) (17.01.2008)

Jose Luis Góngora Fernández, RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit (17.01.2008)

document Digital Security Research Group [DSecRG], [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities (17.01.2008)

Files: RichStrong CMS - Remote SQL Injection Exploit
Discuss: Read or add your comments to this news (0 comments)

8e6 Technologies R3000 Internet Filter URL filtering bypass
updated since 17.01.2008
Published: 07.08.2008
Source: BUGTRAQ
SecurityVulns ID: 8577
Type: remote
Level: 4/10
Description: Stateful-filtering is not used. X-DecoyHost header may be used to bypass filtering.

Original document nnposter_(at)_disclosed.not, 8e6 Technologies R3000 Internet Filter Bypass with Host Decoy (07.08.2008)

nnposter_(at)_disclosed.not, 8e6 Technologies R3000 Internet Filter Bypass by Request Split (17.01.2008)

Discuss: Read or add your comments to this news (0 comments)