Search:Vulnerability:18.03.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

unzip code execution
Published: 18.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8795
Type: client
Level: 6/10
Description: Memory corruption with free() with invalid pointer.

Affected: UNZIP : unzip 5.52
CVE: CVE-2008-0888

Original document DEBIAN, [SECURITY] [DSA 1522-1] New unzip packages fix potential code execution (18.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 18.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8797
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPSTATS : phpstats 0.1
IKIWIKI : ikiwiki 1.33
IKIWIKI : ikiwiki 2.31
EFORUM : eForum 0.4
CPANEL : cPanel 11.18
CVE: CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.)
CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.)
CVE-2008-0125

Original document xx_hack_xx_2004_(at)_hotmail.com, cPanel 11.x => List Directories and Folders (18.03.2008)

omnipresent_(at)_email.it, eForum 0.4 XSS (18.03.2008)

DEBIAN, [SECURITY] [DSA 1523-1] New ikiwiki packages fix cross-site scripting (18.03.2008)

Hanno Bock, Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125 (18.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Sun Solaris Cluster service rpc.metad DoS
Published: 18.03.2008
Source: SECURITEAM
SecurityVulns ID: 8798
Type: remote
Level: 6/10
Description: Cradsh on malformed RPC request.

Original document SECURITEAM, [EXPL] Sun Cluster rpc.metad DoS (Exploit) (18.03.2008)

Files: SunOS 5.10 Sun Cluster rpc.metad DoS PoC
Discuss: Read or add your comments to this news (0 comments)

Microsoft Internet Explorer 7.0 DoS
Published: 18.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8800
Type: client
Level: 5/10
Description: Crash on createtextrange method.

Affected: MICROSOFT : Windows XP
MICROSOFT : Windows Vista
MICROSOFT : Windows Server 2003
MICROSOFT : Windows Server 2008

Original document jplopezy_(at)_gmail.com, Internet Explorer 7.0 crash (18.03.2008)

Files: Internet Explorer 7.0 crash Proof of concept
Discuss: Read or add your comments to this news (0 comments)

VMWare applications multiple security vulnerabilities
Published: 18.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8799
Type: remote
Level: 7/10
Description: Host to guest shared folder (HGFS) directory traversal, named pipes privileg e escalation, Windows 2000 privilege escalation, DHCP service DoS, configuration file privilege escalation, memory corruption.

Affected: VMWARE : VMware Workstation 5.5
VMWARE : VMware Player 1.0
VMWARE : VMware Server 1.0
VMWARE : VMware ACE 1.0
VMWARE : VMware Workstation 6.0
VMWARE : VMware Player 2.0
VMWARE : VMware ACE 2.0
VMWARE : VMware Fusion 1.1
CVE: CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.)
CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process.")
CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.)
CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.)
CVE-2008-1340
CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.)
CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, might allow local users to gain privileges via malicious programs.)

Original document VMWARE, VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues (18.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Home FTP Server DoS
Published: 18.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8796
Type: remote
Level: 5/10
Description: Some command sequence causes service to crash.

Original document 0in.email_(at)_gmail.com, Home FTP Server DoS (18.03.2008)

Files: HOME FTP SERVER DoS Exploit
Discuss: Read or add your comments to this news (0 comments)