Computer Security
[EN] securityvulns.ru no-pyccku


HP StorageWorks Library and Tape Tools unauthorized access
Published:20.03.2008
Source:
SecurityVulns ID:8807
Type:local
Threat Level:
5/10
Affected:HP : StorageWorks Library and Tape Tools 4.5
CVE:CVE-2008-0707
Original documentdocumentHP, HPSBST02321 SSRT080029 rev.1 - HP StorageWorks Library and Tape Tools (LTT) Running on HP-UX, Local Unauthorized Access (20.03.2008)

XWine WINE graphical interface multiple security vulnerabilities
Published:20.03.2008
Source:
SecurityVulns ID:8810
Type:local
Threat Level:
5/10
Description:Symbolic links problem on temporary files creation, weak configuration file permissions.
Affected:XWINE : XWine 1.0
CVE:CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.)
 CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities (20.03.2008)

FaceBook / Aurigma Image / PhotoUploader / Piczo ImageUploader / ActiveX buffer overflow
updated since 06.02.2008
Published:20.03.2008
Source:
SecurityVulns ID:8643
Type:client
Threat Level:
6/10
Description:Multiple buffer overflows in different properties.
Affected:FACEBOOK : FaceBook PhotoUploader 4.5
 AURIGMA : Aurigma ImageUploader 4.6
Original documentdocumentdavid130490_(at)_hotmail.com, Pizco vulnerable to buffer overflow in activex (20.03.2008)
 documentElazar Broad, [Full-disclosure] FaceBook/Aurigma Image/PhotoUploader Buffer Overflow (06.02.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.03.2008
Source:
SecurityVulns ID:8806
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EASYCLANPAGE : Easy-Clanpage 2.2
 VIEWVC : ViewVC 1.05
CVE:CVE-2008-1292
 CVE-2008-1291
 CVE-2008-1290
Original documentdocumentGENTOO, [ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities (20.03.2008)
 documentinfo_(at)_shadowturk.org, Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability (20.03.2008)
 documentJose Luis Góngora Fernández, KAPhotoservice (album.asp) Remote SQL Injection Exploit (20.03.2008)
 documentCharles "real" F., PEEL CMS Admin Hash Extraction and Remote Upload (20.03.2008)
Files:Exploits PEEL CMS Admin Hash Extraction and Remote Upload
 KAPhotoservice - Remote SQL Injection Exploit

IBM Rational ClearQuest crossite scripting
Published:20.03.2008
Source:
SecurityVulns ID:8808
Type:remote
Threat Level:
5/10
Description:Multiple crossite scripting conditions.
CVE:CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.)
Original documentdocumentswhite_(at)_securestate.com, IBM Rational ClearQuest Web Multiple XSS Vulnerabilities (20.03.2008)

Gentoo Linux multiple packages incalid SSL certificates generation
Published:20.03.2008
Source:
SecurityVulns ID:8809
Type:library
Threat Level:
6/10
Description:Certificate may be leaked to public file due to invalid ssl-cert eclass implementation.
CVE:CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.)
Original documentdocumentGENTOO, [ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure (20.03.2008)

CenterIM shell characters vulnerability
Published:20.03.2008
Source:
SecurityVulns ID:8812
Type:client
Threat Level:
5/10
Description:Shell characters vulnerability on URI processing.
Affected:CENTERIM : CenterIM 4.22
Original documentdocumentBrian Fonfara, CenterIM <= 4.22.3 Remote Command Execution Vulnerability: (20.03.2008)

CA BrightStor ARCserve Backup ActiveX Buffer overflow
updated since 20.03.2008
Published:30.03.2008
Source:
SecurityVulns ID:8811
Type:client
Threat Level:
6/10
Description:Buffer overflow in ListCtrl.ocx AddColumn().
Affected:CA : Brightstor ARCserve Backup 11.5
CVE:CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.)
Original documentdocumentCA, CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability (30.03.2008)
 documentKrystian Kloskowski, CA BrightStor ARCserve Backup r11.5 AddColumn() 0day ActiveX Remote Buffer Overflow Exploit (20.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod