Barracuda mail filtering applications multiple security vulnerabilities
Published:		17.12.2008
Source:		BUGTRAQ
SecurityVulns ID:		9522
Type:		remote
Level:		5/10
Description:		Crossite scripting, SQL injection (in Barracuda Spam Firewall)

Affected:		BARRACUDA : Barracuda Spam Firewall 3.5
		BARRACUDA : Barracuda Message Archiver 1.1
		BARRACUDA : Barracuda Web Filter 3.3
		BARRACUDA : Barracuda IM Firewall 3.1
		BARRACUDA : Barracuda Load Balancer 2.3
CVE:		CVE-2008-1094
		CVE-2008-0971

Original document

Marian Ventuneac, CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability (17.12.2008)

Discuss:

Read or add your comments to this news (0 comments)

JasPer multiple security vulnerabilities
Published:		17.12.2008
Source:		BUGTRAQ
SecurityVulns ID:		9523
Type:		library
Level:		5/10
Description:		Multiple memory corruptions on JPEG parsing.

Affected:		JASPER : JasPer 1.900
CVE:		CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.)

Original document

GENTOO, [ GLSA 200812-18 ] JasPer: User-assisted execution of arbitrary code (17.12.2008)

Discuss:

Read or add your comments to this news (0 comments)

Opera memory corruption
Published:		17.12.2008
Source:		BUGTRAQ
SecurityVulns ID:		9524
Type:		client
Level:		7/10
Description:		Heap corruption on HTML parsing.

Affected:

OPERA : Opera 9.62

Original document

security_(at)_nruns.com, n.runs-SA-2008.010 - Opera HTML parsing Code Execution (17.12.2008)

Discuss:

Read or add your comments to this news (0 comments)

Oracle database server multiple security vulnerabilities updated since 16.04.2008
Published:		17.12.2008
Source:		FULL-DISCLOSURE
SecurityVulns ID:		8914
Type:		remote
Level:		8/10
Description:		CPU for April, 2008 fixes huge number of vulnerabilities.

Affected:		ORACLE : Oracle 9i
		ORACLE : Oracle 10g
		ORACLE : Oracle 11g

Original document		ZDI, ZDI-08-088: Oracle E-Business Suite Business Intelligence SQL Injection Vulnerability (17.12.2008)
		SHATTER, Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.KUPF$FILE_INT.GET_FULL_FILENAME (DB11) (02.05.2008)
		SHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_UTILITY.LOCK_CHANGE_SET (DB02) (02.05.2008)
		SHATTER, Team SHATTER Security Advisory: Oracle Database Buffer Overflow in SYS.DBMS_AQJMS_INTERNAL (DB15) (02.05.2008)
		IDEFENSE, iDefense Security Advisory 04.15.08: Oracle Application Express Privilege Escalation Vulnerability (16.04.2008)
		Kornbrust, Alexander, [Full-disclosure] Oracle - SQL Injection in package SDO_GEOM [DB06] (16.04.2008)
		Kornbrust, Alexander, [Full-disclosure] Oracle - SQL Injection in package SDO_UTIL [DB05] (16.04.2008)
		Kornbrust, Alexander, [Full-disclosure] Oracle - SQL Injection in package SDO_IDX [DB07] (16.04.2008)
		Kornbrust, Alexander, [Full-disclosure] Oracle - Hardcoded Password and Password Reset of OUTLN User [DB13] (16.04.2008)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Outlook Express / Outlook / Internet Explorer DoS updated since 17.12.2008
Published:		19.12.2008
Source:		MustLive
SecurityVulns ID:		9525
Type:		remote
Level:		6/10
Description:		<dt><h1 style=width:1px><li></h1> in HTML part causes application to crash.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server

Original document		MustLive, New DoS vulnerability in Microsoft Outlook (19.12.2008)
		MustLive, New DoS vulnerability in Outlook Express (17.12.2008)

Files:		DoS exploit N2 for Microsoft Outlook Express
Discuss:		Read or add your comments to this news (0 comments)