Computer Security
[EN] securityvulns.ru no-pyccku


Apple Mac OS X wiki server directory traversal
Published:19.03.2008
Source:
SecurityVulns ID:8804
Type:remote
Threat Level:
6/10
Description:It's possible to upload file to any server directory.
Affected:APPLE : MacOS X 10.5
CVE:CVE-2008-1000
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0123: Leopard Server Remote Path Traversal (19.03.2008)

MIT Kerberos multiple security vulnerabilities
Published:19.03.2008
Source:
SecurityVulns ID:8801
Type:remote
Threat Level:
8/10
Description:krb5kdc multiple memory corruptions. kadmin RPC library array overflow.
Affected:MIT : krb5 1.4
 MIT : krb5 1.5
 MIT : krb5 1.6
CVE:CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.)
 CVE-2008-0947 (Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.)
 CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-079B -- MIT Kerberos Updates for Multiple Vulnerabilities (19.03.2008)
 documentMIT, MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (19.03.2008)
 documentMIT, MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc (19.03.2008)

CUPS print system buffer overflow
Published:19.03.2008
Source:
SecurityVulns ID:8803
Type:remote
Threat Level:
6/10
Description:Heap buffer overflow on TCP/631 request parsing.
CVE:CVE-2008-0047
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability (19.03.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.03.2008
Source:
SecurityVulns ID:8805
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 CSCART : CS-Cart 1.3
Original documentdocumentswhite_(at)_securestate.com, CS-Cart XSS (19.03.2008)
 documentno-reply_(at)_aria-security.net, Mambo/joomla com_intellect "page" LFI [Aria-Security] (19.03.2008)
 documentnbbn_(at)_gmx.net, phpBB 2.0.23 Session Hijacking Vulnerability (19.03.2008)

Asterisk multiple security vulnerabilities
updated since 19.03.2008
Published:21.03.2008
Source:
SecurityVulns ID:8802
Type:remote
Threat Level:
8/10
Description:Multiple format string vulnerabilities, buffer overflow on RTP handling, HTTP interface sessions spoofing, unauthorized SIP calls.
Affected:ASTERISK : Asterisk 1.6
CVE:CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.)
 CVE-2008-1333
 CVE-2008-1332
 CVE-2008-1289
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200803-01] Multiple buffer overflows in Asterisk (21.03.2008)
 documentASTERISK, AST-2008-004: Format String Vulnerability in Logger and Manager (19.03.2008)
 documentASTERISK, AST-2008-002: Two buffer overflows in RTP Codec Payload Handling (19.03.2008)
 documentASTERISK, AST-2008-003: Unauthenticated calls allowed from SIP channel driver (19.03.2008)
 documentASTERISK, AST-2008-005: HTTP Manager ID is predictable (19.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod