Search:Vulnerability:17.03.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

VideoLAN VLC media player multiple security vulnerabilities
updated since 26.12.2007
Published: 17.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8494
Type: remote
Level: 6/10
Description: Buffer overflow on subtitles parsing, format string vulnerability in Web interface TCP/8080.

Affected: VLC : VLC 0.8

Original document Luigi Auriemma, VLC highlander bug (17.03.2008)

Luigi Auriemma, Buffer-overflow and format string in VideoLAN VLC 0.8.6d (26.12.2007)

Files: Exploits Buffer-overflow and format string in VideoLAN VLC 0.8.6d
Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 17.03.2008
Source:
SecurityVulns ID: 8790
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Snewscms Rus 2.3: crossite scripting

Affected: HORDE : Horde 3.0
SMARTY : Smarty 2.6
WML : wml 2.0
SNEWSCMS : SnewsCMS Rus 2.3
EASYCALENDAR : EasyCalendar 4.0
MULTIPLETIMESHEE : Mutiple Timesheets 5.0
CVE: CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name.)
CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.)
CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.)
CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.)

Original document DEBIAN, [SECURITY] [DSA 1520-1] New smarty packages fix arbitrary code execution (17.03.2008)

DEBIAN, [SECURITY] [DSA 1519-1] New horde3 packages fix information disclosure (17.03.2008)

Jose Luis Góngora Fernández, Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities (17.03.2008)

document Jose Luis Góngora Fernández, EasyCalendar <= 4.0tr - Multiple Remote Vulnerabilities (17.03.2008)

GENTOO, [ GLSA 200803-23 ] Website META Language: Insecure temporary file usage (17.03.2008)

no-reply_(at)_aria-security.net, Joomla components com_guide "category" Remote SQL Injection [Aria-Security] (17.03.2008)

document �� , new vuln in snewscms rus v 2.3 (17.03.2008)

Discuss: Read or add your comments to this news (0 comments)

RSA WebID crossite scripting
Published: 17.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8792
Type: remote
Level: 5/10
Description: Multipel crossite scripting possibilities.

Affected: RSA : WebID 5.3
CVE: CVE-2005-118

Original document quentin.berdugo_(at)_hapsis.fr, Security Advisory on RSA Web ID (XSS) (17.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Bootix BootManage TFTPD buffer overflow
Published: 17.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8794
Type: remote
Level: 5/10
Description: Buffer overflow on logging.

Affected: BOOTIX : BootManage TFTPD 1.99
BOOTIX : BootManage Administrator 7.1

Original document Luigi Auriemma, Buffer-overflow in BootManage TFTPD 1.99 (17.03.2008)

Files: TFTP server tester
Discuss: Read or add your comments to this news (0 comments)

Raidsonic nas-4220 weak cryptography
Published: 17.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8791
Type: local
Level: 5/10
Description: Encryption key is stored with data.

Affected: RAIDSONIC : NAS-4220-B

Original document Collin R. Mulliner, raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition) (17.03.2008)

Discuss: Read or add your comments to this news (0 comments)

MG-Soft Net Inspector multiple security vulnerabilities
Published: 17.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8793
Type: remote
Level: 7/10
Description: Format string vulnerability, directory traversal, DoS conditions.

Affected: MG-SOFT : Net Inspector 6.5

Original document Luigi Auriemma, Multiple vulnerabilities in Net Inspector 6.5.0.828 (17.03.2008)

Discuss: Read or add your comments to this news (0 comments)