 |
|
|
|
| HP StorageWorks Library and Tape Tools unauthorized access | | Published: |  | 20.03.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8807 | | Type: |  | local | | Level: |  | 5/10 |
| XWine WINE graphical interface multiple security vulnerabilities | | Published: | | 20.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8810 | | Type: | | local | | Level: | | 5/10 | | Description: |  | Symbolic links problem on temporary files creation, weak configuration file permissions. |
| Affected: |  | XWINE : XWine 1.0 | | CVE: |  | CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.) | | | | CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.) |
FaceBook / Aurigma Image / PhotoUploader / Piczo ImageUploader / ActiveX buffer overflow
updated since 06.02.2008 | | Published: | | 20.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8643 | | Type: | | client | | Level: | | 6/10 | | Description: | | Multiple buffer overflows in different properties. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 20.03.2008 | | Source: | | | | SecurityVulns ID: | | 8806 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| IBM Rational ClearQuest crossite scripting | | Published: | | 20.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8808 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple crossite scripting conditions. |
| CVE: | | CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web interface for IBM Rational ClearQuest before 2003.06.16 Patch 2008A, 7.0.0.2_iFix01, and 7.0.1.1_iFix01 allow remote attackers to inject arbitrary web script or HTML via the (1) contextid, (2) username, (3) userNameVal, and (4) schema parameters to the login component.) |
| Gentoo Linux multiple packages incalid SSL certificates generation | | Published: | | 20.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8809 | | Type: | | library | | Level: | | 6/10 | | Description: | | Certificate may be leaked to public file due to invalid ssl-cert eclass implementation. |
| CVE: | | CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.) |
| CenterIM shell characters vulnerability | | Published: | | 20.03.2008 | | Source: | | MILW0RM | | SecurityVulns ID: | | 8812 | | Type: | | client | | Level: | | 5/10 | | Description: | | Shell characters vulnerability on URI processing. |
CA BrightStor ARCserve Backup ActiveX Buffer overflow
updated since 20.03.2008 | | Published: | | 30.03.2008 | | Source: | | MILW0RM | | SecurityVulns ID: | | 8811 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer overflow in ListCtrl.ocx AddColumn(). |
| Affected: | | CA : Brightstor ARCserve Backup 11.5 | | CVE: | | CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.) |
|
|
|
|
|
|
|
|
