Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		17.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8576
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MYBB : MyBB 1.2
		ARIA : aria 0.99
		BLOGCMS : blogcms 4.2
		MCGUESTBOOG : mcGuestbook 1.2
		GRADMAN : Gradman 0.1

Original document		HACKERS PAL, PHPEchoCMS Multible remote vulnerabilitis (17.01.2008)
		Smasher_(at)_ciucciamiilcalzino.it, JoomlaFlash Component Multiple Remote File Inclusion (17.01.2008)
		Jose Luis Góngora Fernández, Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit (17.01.2008)
		Janek Vind, [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 (17.01.2008)
		Janek Vind, [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 (17.01.2008)
		gokhankaya_(at)_hotmail.com, mcGuestbook v1.2 Remote File Inc. (17.01.2008)
		no-reply_(at)_aria-security.net, [Aria-Security.Net] Real Estate Web SQL Injection (17.01.2008)
		Digital Security Research Group [DSecRG], [DSECRG-08-002] Local File Include in arias 0.99-6 (17.01.2008)
		no-reply_(at)_aria-security.net, cPanel Hosting Manager (dohtaccess.html) (17.01.2008)
		Jose Luis Góngora Fernández, RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit (17.01.2008)
		Digital Security Research Group [DSecRG], [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities (17.01.2008)

Files:		RichStrong CMS - Remote SQL Injection Exploit
Discuss:		Read or add your comments to this news (0 comments)

Apple QuickTime multiple security vulnerabilities updated since 16.01.2008
Published:		17.01.2008
Source:		FULL-DISCLOSURE
SecurityVulns ID:		8574
Type:		client
Level:		7/10
Description:		Buffer overflow on parsing Macintosh resources embedded into QuickTime movie. Quicktime Image IDSC atom memory corruption.

Affected:		APPLE : QuickTime 7.3
		APPLE : QuickTime Player 7.3
		APPLE : QuickTime PictureViewer 7.3
CVE:		CVE-2008-0033
		CVE-2008-0032

Original document		CERT, US-CERT Technical Cyber Security Alert TA08-016A -- Apple QuickTime Updates for Multiple Vulnerabilities (17.01.2008)
		DVLabs, TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability (17.01.2008)
		IDEFENSE, [Full-disclosure] iDefense Security Advisory 01.15.08: Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability (16.01.2008)

Discuss:

Read or add your comments to this news (0 comments)

BitTorrent / uTorrent buffer overflow
Published:		17.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8580
Type:		client
Level:		6/10
Description:		Buffer overflow on peer information displaying.

Affected:		BITTORRENT : BitTorrent 6.0
		UTORRENT : uTorrent 1.7
		UTORRENT : uTorrent 1.8

Original document

Luigi Auriemma, Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 (17.01.2008)

Files:		BitTorrent <= 6.0 (build 5535) and uTorrent <= 1.7.5 (build 4602) Peers info GUI unicode overflow
Discuss:		Read or add your comments to this news (0 comments)

Linux kernel filesystem DoS
Published:		17.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8578
Type:		local
Level:		6/10
Description:		Local user can corrupt filesystem.

Affected:		LINUX : kernel 2.6
CVE:		CVE-2008-0001

Original document

RPATH, rPSA-2008-0021-1 kernel (17.01.2008)

Discuss:

Read or add your comments to this news (0 comments)

Cisco Call Manager / Cisco Unified Communications Manager buffer overflow
Published:		17.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8581
Type:		remote
Level:		7/10
Description:		Buffer overflow in CTL Provider Service (TCP/2444).

Affected:		CISCO : Call Manager 4.1
		CISCO : Call Manager 4.0
		CISCO : Unified Communications Manager 4.2
		CISCO : Unified Communications Manager 4.3
CVE:		CVE-2008-0027

Original document		CISCO, Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow (17.01.2008)
		DVLabs, TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability (17.01.2008)

Discuss:

Read or add your comments to this news (0 comments)

apt-listchanges privilege escalation
Published:		17.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8579
Type:		local
Level:		4/10
Description:		Library is loaded by relative path.

Affected:		DEBIAN : apt-listchanges 2.72
		DEBIAN : apt-listchanges 2.81
CVE:		CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.)

Original document

DEBIAN, [SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution (17.01.2008)

Discuss:

Read or add your comments to this news (0 comments)

boost library DoS
Published:		17.01.2008
Source:		BUGTRAQ
SecurityVulns ID:		8582
Type:		library
Level:		5/10
Description:		Insufficient regular expression validation.

Affected:		BOOST : boost 1.33
CVE:		CVE-2008-0172
		CVE-2008-0171

Original document

UBUNTU, [USN-570-1] boost vulnerabilities (17.01.2008)

Discuss:

Read or add your comments to this news (0 comments)

8e6 Technologies R3000 Internet Filter URL filtering bypass updated since 17.01.2008
Published:		07.08.2008
Source:		BUGTRAQ
SecurityVulns ID:		8577
Type:		remote
Level:		4/10
Description:		Stateful-filtering is not used. X-DecoyHost header may be used to bypass filtering.

Original document		nnposter_(at)_disclosed.not, 8e6 Technologies R3000 Internet Filter Bypass with Host Decoy (07.08.2008)
		nnposter_(at)_disclosed.not, 8e6 Technologies R3000 Internet Filter Bypass by Request Split (17.01.2008)

Discuss:

Read or add your comments to this news (0 comments)