Search:Vulnerability:20.03.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 20.03.2008
Source:
SecurityVulns ID: 8806
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: EASYCLANPAGE : Easy-Clanpage 2.2
VIEWVC : ViewVC 1.05
CVE: CVE-2008-1292
CVE-2008-1291
CVE-2008-1290

Original document GENTOO, [ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities (20.03.2008)

info_(at)_shadowturk.org, Easy-Clanpage 2.2 (id) Remote SQL Injection Vulnerability (20.03.2008)

Jose Luis Góngora Fernández, KAPhotoservice (album.asp) Remote SQL Injection Exploit (20.03.2008)

Charles "real" F., PEEL CMS Admin Hash Extraction and Remote Upload (20.03.2008)

Files: Exploits PEEL CMS Admin Hash Extraction and Remote Upload
KAPhotoservice - Remote SQL Injection Exploit
Discuss: Read or add your comments to this news (0 comments)

IBM Rational ClearQuest crossite scripting
Published: 20.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8808
Type: remote
Level: 5/10
Description: Multiple crossite scripting conditions.

CVE: CVE-2007-4592

Original document swhite_(at)_securestate.com, IBM Rational ClearQuest Web Multiple XSS Vulnerabilities (20.03.2008)

Discuss: Read or add your comments to this news (0 comments)

Gentoo Linux multiple packages incalid SSL certificates generation
Published: 20.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8809
Type: library
Level: 6/10
Description: Certificate may be leaked to public file due to invalid ssl-cert eclass implementation.

CVE: CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.)

Original document GENTOO, [ GLSA 200803-30 ] ssl-cert eclass: Certificate disclosure (20.03.2008)

Discuss: Read or add your comments to this news (1 comments)

CenterIM shell characters vulnerability
Published: 20.03.2008
Source: MILW0RM
SecurityVulns ID: 8812
Type: client
Level: 5/10
Description: Shell characters vulnerability on URI processing.

Affected: CENTERIM : CenterIM 4.22

Original document Brian Fonfara, CenterIM <= 4.22.3 Remote Command Execution Vulnerability: (20.03.2008)

Discuss: Read or add your comments to this news (0 comments)

FaceBook / Aurigma Image / PhotoUploader / Piczo ImageUploader / ActiveX buffer overflow
updated since 06.02.2008
Published: 20.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8643
Type: client
Level: 6/10
Description: Multiple buffer overflows in different properties.

Affected: FACEBOOK : FaceBook PhotoUploader 4.5
AURIGMA : Aurigma ImageUploader 4.6

Original document david130490_(at)_hotmail.com, Pizco vulnerable to buffer overflow in activex (20.03.2008)

Elazar Broad, [Full-disclosure] FaceBook/Aurigma Image/PhotoUploader Buffer Overflow (06.02.2008)

Discuss: Read or add your comments to this news (0 comments)

HP StorageWorks Library and Tape Tools unauthorized access
Published: 20.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8807
Type: local
Level: 5/10

Affected: HP : StorageWorks Library and Tape Tools 4.5
CVE: CVE-2008-0707

Original document HP, HPSBST02321 SSRT080029 rev.1 - HP StorageWorks Library and Tape Tools (LTT) Running on HP-UX, Local Unauthorized Access (20.03.2008)

Discuss: Read or add your comments to this news (0 comments)

XWine WINE graphical interface multiple security vulnerabilities
Published: 20.03.2008
Source: BUGTRAQ
SecurityVulns ID: 8810
Type: local
Level: 5/10
Description: Symbolic links problem on temporary files creation, weak configuration file permissions.

Affected: XWINE : XWine 1.0
CVE: CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.)
CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.)

Original document DEBIAN, [SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities (20.03.2008)

Discuss: Read or add your comments to this news (0 comments)

CA BrightStor ARCserve Backup ActiveX Buffer overflow
updated since 20.03.2008
Published: 30.03.2008
Source: MILW0RM
SecurityVulns ID: 8811
Type: client
Level: 6/10
Description: Buffer overflow in ListCtrl.ocx AddColumn().

Affected: CA : Brightstor ARCserve Backup 11.5
CVE: CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.)

Original document CA, CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability (30.03.2008)

Krystian Kloskowski, CA BrightStor ARCserve Backup r11.5 AddColumn() 0day ActiveX Remote Buffer Overflow Exploit (20.03.2008)

Discuss: Read or add your comments to this news (0 comments)