Search:Vulnerability:20.05.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Symantec Altiris Deployment Solution multiplse security vulnerabilities
updated since 16.05.2008
Published: 20.05.2008
Source: BUGTRAQ
SecurityVulns ID: 9003
Type: remote
Level: 6/10
Description: SQL injection, information leak.

Affected: SYMANTEC : Altiris Deployment Solution 6.8
SYMANTEC : Altiris Deployment Solution 6.9

Original document Brett Moore, Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection (20.05.2008)

Brett Moore, Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure (20.05.2008)

ZDI, ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability (16.05.2008)

document ZDI, ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability (16.05.2008)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 20.05.2008
Source: BUGTRAQ
SecurityVulns ID: 9006
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting. Invision Power Board: XSS

Affected: PHPGEDVIEW : PhpGedView 4.0
PHPGEDVIEW : PhpGedView 4.1
INVISION : Invision Power Board 2.3
APPSERV : AppServ Open Project 2.5
ECMS : eCMS 0.4
VBULLETIN : vBulletin 3.7
STARSGAMES : Starsgames Control Panel 4.6
CVE: CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors.)

Original document tan_prathan_(at)_hotmail.com, Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability (20.05.2008)

DEBIAN, [SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation (20.05.2008)

a.jasbi_(at)_yahoo.com, Vbulletin 3.7.0 Gold >> Sql injection on faq.php (20.05.2008)

document hadihadi_zedehal_2006_(at)_yahoo.com, eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities (20.05.2008)

tan_prathan_(at)_hotmail.com, AppServ Open Project < = 2.5.10 Remote XSS Vulnerability (20.05.2008)

0in.email_(at)_gmail.com, Smeego CMS vulnerability (20.05.2008)

tan_prathan_(at)_hotmail.com, Wordpress Malicious File Execution Vulnerability (20.05.2008)

document a.jasbi_(at)_yahoo.com, Cpanel all version >> root access with a reseller account. (20.05.2008)

Noname, xss in ipb 2.3.5 (20.05.2008)

Files: Smeego CMS Local File Include Exploit
Discuss: Read or add your comments to this news (0 comments)

Microsoft Office code execution
Published: 20.05.2008
Source: BUGTRAQ
SecurityVulns ID: 9008
Type: client
Level: 5/10
Description: It's possible to embed javasript code into document.

Affected: MICROSOFT : Office XP

Original document jplopezy_(at)_gmail.com, Microsoft word javascript execution (20.05.2008)

Discuss: Read or add your comments to this news (0 comments)

GnuTLS library multiple security vulnerabilities
Published: 20.05.2008
Source: CERT-FI
SecurityVulns ID: 9010
Type: library
Level: 6/10
Description: Frevulnerabilities on TLS traffic parsing lead to DoS conditions and potential buffer overflow.

Affected: GNUTLS : GnuTLS 2.2

Original document CERT-FI, CERT-FI Vulnerability Advisory on GnuTLS (20.05.2008)

Discuss: Read or add your comments to this news (0 comments)

Foxit Reader buffer overflow
Published: 20.05.2008
Source: BUGTRAQ
SecurityVulns ID: 9011
Type: client
Level: 5/10
Description: util.printf() JavaScript function buffer overflow.

Affected: FOXIT : Foxit Reader 2.3
CVE: CVE-2008-1104

Original document SECUNIA, Secunia Research: Foxit Reader "util.printf()" Buffer Overflow (20.05.2008)

Discuss: Read or add your comments to this news (0 comments)

mtr (multiprotocol traceroute) buffer overflow
Published: 20.05.2008
Source: BUGTRAQ
SecurityVulns ID: 9007
Type: remote
Level: 6/10
Description: Buffer overflow on DNS server response parsing.

Original document pi3_(at)_itsec.pl, Mtr - remote and local stack overflow - uncomment situation in libresolv. (20.05.2008)

Discuss: Read or add your comments to this news (0 comments)

CA BrightStor ARCserve Backup multiple security vulnerabilities
Published: 20.05.2008
Source: BUGTRAQ
SecurityVulns ID: 9009
Type: remote
Level: 7/10
Description: caloggerd directory traversal. Buffer overflow in multiple xdr functions.

Affected: CA : Brightstor ARCserve Backup 11.1
CA : Brightstor ARCserve Backup 11.0
CA : Brightstor ARCserve Backup 11.5
CA : CA Server Protection Suite 2
CVE: CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.)
CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.)

Original document ZDI, ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow (20.05.2008)

CA, CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities (20.05.2008)

ZDI, ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability (20.05.2008)

Discuss: Read or add your comments to this news (0 comments)