 |
|
|
|
| Home FTP Server DoS | | Published: |  | 18.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8796 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Some command sequence causes service to crash. |
| unzip code execution | | Published: | | 18.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8795 | | Type: | | client | | Level: | | 6/10 | | Description: | | Memory corruption with free() with invalid pointer. |
| Affected: |  | UNZIP : unzip 5.52 | | CVE: |  | CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 18.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8797 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| Sun Solaris Cluster service rpc.metad DoS | | Published: | | 18.03.2008 | | Source: | | SECURITEAM | | SecurityVulns ID: | | 8798 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Cradsh on malformed RPC request. |
| Microsoft Internet Explorer 7.0 DoS | | Published: | | 18.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8800 | | Type: | | client | | Level: | | 5/10 | | Description: | | Crash on createtextrange method. |
| VMWare applications multiple security vulnerabilities | | Published: | | 18.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8799 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Host to guest shared folder (HGFS) directory traversal, named pipes privileg e escalation, Windows 2000 privilege escalation, DHCP service DoS, configuration file privilege escalation, memory corruption. |
| Affected: | | VMWARE : VMware Workstation 5.5 | | | | VMWARE : VMware Player 1.0 | | | | VMWARE : VMware Server 1.0 | | | | VMWARE : VMware ACE 1.0 | | | | VMWARE : VMWare Workstation 6.0 | | | | VMWARE : VMware Player 2.0 | | | | VMWARE : VMWare ACE 2.0 | | | | VMWARE : VMware Fusion 1.1 | | CVE: | | CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.) | | | | CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process.") | | | | CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.) | | | | CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.) | | | | CVE-2008-1340 | | | | CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.) | | | | CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, might allow local users to gain privileges via malicious programs.) |
|
|
|
|
|
|
|
|
