 |
|
|
|
| Apple Mac OS X wiki server directory traversal | | Published: |  | 19.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8804 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | It's possible to upload file to any server directory. |
| MIT Kerberos multiple security vulnerabilities | | Published: | | 19.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8801 | | Type: | | remote | | Level: | | 8/10 | | Description: | | krb5kdc multiple memory corruptions. kadmin RPC library array overflow. |
| Affected: |  | MIT : krb5 1.4 | | | | MIT : krb5 1.5 | | | | MIT : krb5 1.6 | | CVE: |  | CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.) | | | | CVE-2008-0947 (Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.) | | | | CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.) |
| CUPS print system buffer overflow | | Published: | | 19.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8803 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Heap buffer overflow on TCP/631 request parsing. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 19.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8805 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
Asterisk multiple security vulnerabilities
updated since 19.03.2008 | | Published: | | 21.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8802 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Multiple format string vulnerabilities, buffer overflow on RTP handling, HTTP interface sessions spoofing, unauthorized SIP calls. |
| Affected: | | ASTERISK : Asterisk 1.6 | | CVE: | | CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.) | | | | CVE-2008-1333 | | | | CVE-2008-1332 | | | | CVE-2008-1289 |
|
|
|
|
|
|
|
|
