Computer Security
[EN] securityvulns.ru no-pyccku


PCRE library buffer overflow
updated since 20.02.2008
Published:17.04.2008
Source:
SecurityVulns ID:8706
Type:library
Threat Level:
7/10
Description:Buffer overflows on regular expressins with codepoints greatr than 255.
Affected:PCRE : pcre 4.5
 CHIKEN : chicken 3.1
CVE:CVE-2008-1026
 CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.)
 CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.)
Original documentdocumentZDI, ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability (17.04.2008)
 documentGENTOO, [ GLSA 200802-10 ] Python: PCRE Integer overflow (26.02.2008)
 documentFlorian Weimer, [SECURITY] [DSA 1499-1] New pcre3 packages fix arbitrary code execution (20.02.2008)

FoxIt Reader multiple security vulnerabilities
Published:17.04.2008
Source:
SecurityVulns ID:8916
Type:remote
Threat Level:
5/10
Description:Memory corruptions on PDF parsing.
Affected:FOXIT : FoxIT Reader 2.2
Original documentdocumentj.v.vallejo_(at)_gmail.com, Foxit Reader 2.2 two potentially exploitable bugs (17.04.2008)

Cisco Network Admission Control weak encryption
Published:17.04.2008
Source:
SecurityVulns ID:8917
Type:m-i-t-m
Threat Level:
6/10
Description:Shared secret is transmitted cleartext over the networkig during logging.
Affected:CISCO : Cisco Network Admission Control 3.5
 CISCO : Cisco Network Admission Control 3.6
 CISCO : Cisco Network Admission Control 4.0
 CISCO : Cisco Network Admission Control 4.1
CVE:CVE-2008-1155
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability (17.04.2008)

CA multiple applications ActiveX code execution
Published:17.04.2008
Source:
SecurityVulns ID:8918
Type:client
Threat Level:
7/10
Description:Code execution with gui_cm_ctrls control.
Affected:CA : Brightstor ARCserve Backup 11.5
 CA : CA Desktop Management Suite 11.2
 CA : Unicenter Desktop Management Bundle 11.2
 CA : Unicenter Asset Management 11.2
 CA : Unicenter Software Delivery 11.2
 CA : Unicenter Remote Control 11.2
 CA : CA Desktop and Server Management 11.2
CVE:CVE-2008-1786 (The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute abritrary code via crafted function arguments.)
Original documentdocumentCA, CA DSM gui_cm_ctrls ActiveX Control Vulnerability (17.04.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.04.2008
Source:
SecurityVulns ID:8919
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Original documentdocumentJose Luis Góngora Fernández, Classifieds Caffe (index.php cat_id) Remote SQL Injection (17.04.2008)

BigAnt Server buffer overflow
Published:17.04.2008
Source:
SecurityVulns ID:8920
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized TCP/6080 HTTP request.
Affected:BIGANT : BigAnt Server 2.2
Original documentdocumentadmin_(at)_adult.wikipediatr.com, BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day) (17.04.2008)
Files:BigAnt Server Ver 2.2 PreAuth Remote SEH Overflow (0day)

PolicyKit format string security vulnerability
Published:17.04.2008
Source:
SecurityVulns ID:8921
Type:remote
Threat Level:
6/10
Description:Format string vulnerability via password.
Affected:POLICYKIT : PolicyKit 0.7
CVE:CVE-2008-1658
Original documentdocumentMANDRIVA, [ MDVSA-2008:087 ] - Updated policykit package fixes format string vulnerability (17.04.2008)

Speex / VLC / gstreamer-plugins-good / sweep / SDL_sound / vorbis-tools / Xine buffer overflow
Published:17.04.2008
Source:
SecurityVulns ID:8922
Type:library
Threat Level:
7/10
Description:Buffer overflow in speex_packet_to_header().
Affected:XINE : xine 1.1
 XINE : xinelib 1.1
 VLC : VLC Media Player 0.8
 GSTREAMER : gstreamer-plugins-good 0.10
 SDLSOUND : SDL_sound 1.0
 SPEEX : Speex 1.1
 SWEEP : Sweep 1.1
 VORBISTOOLS : vorbis-tools 1.2
CVE:CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)
Original documentdocumentAndrea Barisani, [oCERT-2008-004] multiple speex implementations insufficient boundary checks (17.04.2008)

XPDF / Poppler uninitialized pointer dereference
Published:17.04.2008
Source:
SecurityVulns ID:8923
Type:library
Threat Level:
7/10
Description:User-controlled pointer dereference.
Affected:XPDF : xpdf 3.02
 POPPLER : poppler 0.6
 KDE : Koffice 1.5
CVE:CVE-2008-1693
Original documentdocumentGENTOO, [ GLSA 200804-18 ] Poppler: User-assisted execution of arbitrary code (17.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod