MIT Kerberos multiple security vulnerabilities
Published:		19.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8801
Type:		remote
Level:		8/10
Description:		krb5kdc multiple memory corruptions. kadmin RPC library array overflow.

Affected:		MIT : krb5 1.4
		MIT : krb5 1.5
		MIT : krb5 1.6
CVE:		CVE-2008-0948
		CVE-2008-0947
		CVE-2008-0062

Original document		CERT, US-CERT Technical Cyber Security Alert TA08-079B -- MIT Kerberos Updates for Multiple Vulnerabilities (19.03.2008)
		MIT, MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin (19.03.2008)
		MIT, MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc (19.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

CUPS print system buffer overflow
Published:		19.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8803
Type:		remote
Level:		6/10
Description:		Heap buffer overflow on TCP/631 request parsing.

CVE:

CVE-2008-0047

Original document

IDEFENSE, iDefense Security Advisory 03.18.08: Multiple Vendor CUPS CGI Heap Overflow Vulnerability (19.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Apple Mac OS X wiki server directory traversal
Published:		19.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8804
Type:		remote
Level:		6/10
Description:		It's possible to upload file to any server directory.

Affected:		APPLE : MacOS X 10.5
CVE:		CVE-2008-1000

Original document

CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0123: Leopard Server Remote Path Traversal (19.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		19.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8805
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPBB : phpBB 2.0
		CSCART : CS-Cart 1.3

Original document		swhite_(at)_securestate.com, CS-Cart XSS (19.03.2008)
		no-reply_(at)_aria-security.net, Mambo/joomla com_intellect "page" LFI [Aria-Security] (19.03.2008)
		nbbn_(at)_gmx.net, phpBB 2.0.23 Session Hijacking Vulnerability (19.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Asterisk multiple security vulnerabilities updated since 19.03.2008
Published:		21.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8802
Type:		remote
Level:		8/10
Description:		Multiple format string vulnerabilities, buffer overflow on RTP handling, HTTP interface sessions spoofing, unauthorized SIP calls.

Affected:		ASTERISK : Asterisk 1.6
CVE:		CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.)
		CVE-2008-1333
		CVE-2008-1332
		CVE-2008-1289

Original document		noreply_(at)_musecurity.com, [Full-disclosure] [MU-200803-01] Multiple buffer overflows in Asterisk (21.03.2008)
		ASTERISK, AST-2008-004: Format String Vulnerability in Logger and Manager (19.03.2008)
		ASTERISK, AST-2008-002: Two buffer overflows in RTP Codec Payload Handling (19.03.2008)
		ASTERISK, AST-2008-003: Unauthenticated calls allowed from SIP channel driver (19.03.2008)
		ASTERISK, AST-2008-005: HTTP Manager ID is predictable (19.03.2008)

Discuss:

Read or add your comments to this news (0 comments)