vim Netrw plugin code execution Published: 18.07.2008 Source: BUGTRAQ SecurityVulns ID: 9157 Type: client Level: 5/10 Description: Directory name shell characters vulnerability. Affected: NETRW : Netrw 127 Original document Jan Minar , Arbitrary code execution in Netrw version 127, Vim 7.2b (18.07.2008 )
Velocity Web Server directory traversal Published: 18.07.2008 Source: BUGTRAQ SecurityVulns ID: 9158 Type: remote Level: 5/10 Affected: HIRSCHELECTRONIC : Velocity web server 1.0 Original document Alexandr Polyakov , [DSECRG-08-028] File read in Velocity web-server (18.07.2008 )
PCRE buffer overflow Published: 18.07.2008 Source: BUGTRAQ SecurityVulns ID: 9152 Type: library Level: 6/10 Description: Buffer overflow on regular expression compilation. CVE: CVE-2008-2371 Original document MANDRIVA , [ MDVSA-2008:147 ] - Updated pcre packages fix vulnerability (18.07.2008 )
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities Published: 18.07.2008 Source: MOZILLA SecurityVulns ID: 9154 Type: client Level: 7/10 Description: Array index overflow on CSS parsing, crash on GIF processing under Mac OS X, code execution on command-line launch with URI. Affected: MOZILLA : Firefox 2.0 MOZILLA : Thunderbird 2.0 MOZILLA : SeaMonkey 1.1 MOZILLA : Firefox 3.0 CVE: CVE-2008-2934 CVE-2008-2933 CVE-2008-2785 (Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown impact and remote attack vectors, aka ZDI-CAN-349.) Original document ZDI , ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability (18.07.2008 ) MOZILLA , Mozilla Foundation Security Advisory 2008-35 (18.07.2008 ) MOZILLA , Mozilla Foundation Security Advisory 2008-36 (18.07.2008 ) MOZILLA , Mozilla Foundation Security Advisory 2008-34 (18.07.2008 )
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Published: 18.07.2008 Source: SecurityVulns ID: 9156 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
CNCat: crossite scripting. Affected: COMDEV : Comdev Web Blogger 4.1 COMMUNITYCMS : communitycms 0.1 DOKEOS : Dokeos E-Learning System 1.8 OPENPRO : openPro 1.3 Original document adv_(at)_e-rdc.org , [ECHO_ADV_100$2008] Comdev Web Blogger <= 4.1.3 (arcmonth) Sql Injection Vulnerability (18.07.2008 ) Ghost hacker , openPro 1.3.1 (LIBPATH) Remote RFI Vulnerability (18.07.2008 ) Digital Security Research Group [DSecRG] , [DSECRG-08-029] Local File Include in Dokeos E-Learning System 1.8.5 (18.07.2008 ) n3tr00t3r_(at)_yahoo.com , communitycms-0.1 Remote File Includion (18.07.2008 ) MustLive , Cross-Site Scripting vulnerabilities in CNCat (18.07.2008 )
bluez bluetooth stack memory corruption Published: 18.07.2008 Source: BUGTRAQ SecurityVulns ID: 9151 Type: remote Level: 5/10 Description: Memory corruption on SDP packet parsing. Affected: BLUEZ : bluez 3.9 CVE: CVE-2008-2374 Original document MANDRIVA , [ MDVSA-2008:145 ] - Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability (18.07.2008 )
Oracle multiple security vulnerabilities Published: 05.08.2008 Source: ORACLE SecurityVulns ID: 9153 Type: remote Level: 8/10 Description: New Critical Patch Update patches nearly 50 different vulnerabilities in all Oracle products. Affected: ORACLE : WebLogic Server 6.1 ORACLE : WebLogic Server 7.0 ORACLE : Oracle 9i ORACLE : Oracle 10g ORACLE : WebLogic Server 8.1 ORACLE : Oracle 11g ORACLE : PeopleSoft Enterprise PeopleTools 8.48 ORACLE : PeopleSoft Enterprise PeopleTools 8.49 ORACLE : WebLogic Server 10.0 ORACLE : WebLogic Server 9.0 ORACLE : WebLogic Server 9.1 ORACLE : WebLogic Server 9.2 ORACLE : PeopleSoft Enterprise CRM 8.9 ORACLE : PeopleSoft Enterprise CRM 9.0 CVE: CVE-2008-2622 CVE-2008-2621 CVE-2008-2620 CVE-2008-2618 CVE-2008-2617 CVE-2008-2616 CVE-2008-2615 CVE-2008-2614 CVE-2008-2613 CVE-2008-2612 CVE-2008-2611 CVE-2008-2610 CVE-2008-2609 CVE-2008-2608 CVE-2008-2607 CVE-2008-2606 CVE-2008-2605 CVE-2008-2604 CVE-2008-2603 CVE-2008-2602 CVE-2008-2601 CVE-2008-2600 CVE-2008-2599 CVE-2008-2598 CVE-2008-2597 CVE-2008-2596 CVE-2008-2595 CVE-2008-2594 CVE-2008-2593 CVE-2008-2592 CVE-2008-2591 CVE-2008-2590 CVE-2008-2589 CVE-2008-2587 CVE-2008-2586 CVE-2008-2585 CVE-2008-2583 CVE-2008-2582 CVE-2008-2581 CVE-2008-2580 CVE-2008-2579 CVE-2008-2578 CVE-2008-2577 CVE-2008-2576 CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.) Original document SHATTER , Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN) (05.08.2008 ) SHATTER , Team SHATTER Security Advisory: Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter) (05.08.2008 ) SHATTER , Team SHATTER Security Advisory: SQL Injection in Oracle Application Server (WWEXP_API_ENGINE) (04.08.2008 ) Jose Antonio , Oracle Database Local Untrusted Library Path Vulnerability (21.07.2008 ) Andrea Purificato , Oracle Portal XSS fixed by CPU July 2008 (18.07.2008 ) David Litchfield , Oracle Application Server PLSQL injection flaw (18.07.2008 ) IDEFENSE , iDefense Security Advisory 07.15.08: Oracle Database Local Untrusted Library Path Vulnerability (18.07.2008 ) IDEFENSE , iDefense Security Advisory 07.15.08: Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability (18.07.2008 ) IDEFENSE , iDefense Security Advisory 07.15.08: Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability (18.07.2008 ) ORACLE , Oracle Critical Patch Update Advisory - July 2008 (18.07.2008 )
Sun Java WebStart multiple security vulnerabilities Published: 26.10.2008 Source: BUGTRAQ SecurityVulns ID: 9155 Type: remote Level: 6/10 Description: Sandbox limitation bypass, buffer overflow.
