Computer Security
[EN] securityvulns.ru
no-pyccku



MIT Kerberos multiple security vulnerabilities
Published:19.03.2008
Source:BUGTRAQ
SecurityVulns ID:8801
Type:remote
Level:8/10
Description:krb5kdc multiple memory corruptions. kadmin RPC library array overflow.
Affected:MIT : krb5 1.4
 MIT : krb5 1.5
 MIT : krb5 1.6
CVE:CVE-2008-0948
 CVE-2008-0947
 CVE-2008-0062
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-079B -- MIT Kerberos Updates for Multiple Vulnerabilities (19.03.2008)
 documentMIT, MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (19.03.2008)
 documentMIT, MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc (19.03.2008)
Discuss:Read or add your comments to this news (0 comments)

CUPS print system buffer overflow
Published:19.03.2008
Source:BUGTRAQ
SecurityVulns ID:8803
Type:remote
Level:6/10
Description:Heap buffer overflow on TCP/631 request parsing.
CVE:CVE-2008-0047
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability (19.03.2008)
Discuss:Read or add your comments to this news (0 comments)

Apple Mac OS X wiki server directory traversal
Published:19.03.2008
Source:BUGTRAQ
SecurityVulns ID:8804
Type:remote
Level:6/10
Description:It's possible to upload file to any server directory.
Affected:APPLE : MacOS X 10.5
CVE:CVE-2008-1000
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0123: Leopard Server Remote Path Traversal (19.03.2008)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.03.2008
Source:BUGTRAQ
SecurityVulns ID:8805
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 CSCART : CS-Cart 1.3
Original documentdocumentswhite_(at)_securestate.com, CS-Cart XSS (19.03.2008)
 documentno-reply_(at)_aria-security.net, Mambo/joomla com_intellect "page" LFI [Aria-Security] (19.03.2008)
 documentnbbn_(at)_gmx.net, phpBB 2.0.23 Session Hijacking Vulnerability (19.03.2008)
Discuss:Read or add your comments to this news (0 comments)

Asterisk multiple security vulnerabilities
updated since 19.03.2008
Published:21.03.2008
Source:BUGTRAQ
SecurityVulns ID:8802
Type:remote
Level:8/10
Description:Multiple format string vulnerabilities, buffer overflow on RTP handling, HTTP interface sessions spoofing, unauthorized SIP calls.
Affected:ASTERISK : Asterisk 1.6
CVE:CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.)
 CVE-2008-1333
 CVE-2008-1332
 CVE-2008-1289
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200803-01] Multiple buffer overflows in Asterisk (21.03.2008)
 documentASTERISK, AST-2008-004: Format String Vulnerability in Logger and Manager (19.03.2008)
 documentASTERISK, AST-2008-002: Two buffer overflows in RTP Codec Payload Handling (19.03.2008)
 documentASTERISK, AST-2008-003: Unauthenticated calls allowed from SIP channel driver (19.03.2008)
 documentASTERISK, AST-2008-005: HTTP Manager ID is predictable (19.03.2008)
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 



Рейтинг@Mail.ru