Computer Security

Search:Vulnerability:20.05.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.05.2008
Source:BUGTRAQ
SecurityVulns ID:9006
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting. Invision Power Board: XSS
Affected:PHPGEDVIEW : PhpGedView 4.0
 PHPGEDVIEW : PhpGedView 4.1
 INVISION : Invision Power Board 2.3
 APPSERV : AppServ Open Project 2.5
 ECMS : eCMS 0.4
 VBULLETIN : vBulletin 3.7
 STARSGAMES : Starsgames Control Panel 4.6
CVE:CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors.)
Original documentdocumenttan_prathan_(at)_hotmail.com, Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability (20.05.2008)
 documentDEBIAN, [SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation (20.05.2008)
 documenta.jasbi_(at)_yahoo.com, Vbulletin 3.7.0 Gold >> Sql injection on faq.php (20.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities (20.05.2008)
 documenttan_prathan_(at)_hotmail.com, AppServ Open Project < = 2.5.10 Remote XSS Vulnerability (20.05.2008)
 document0in.email_(at)_gmail.com, Smeego CMS vulnerability (20.05.2008)
 documenttan_prathan_(at)_hotmail.com, Wordpress Malicious File Execution Vulnerability (20.05.2008)
 documenta.jasbi_(at)_yahoo.com, Cpanel all version >> root access with a reseller account. (20.05.2008)
 documentNoname, xss in ipb 2.3.5 (20.05.2008)
Files:Smeego CMS Local File Include Exploit
Discuss:Read or add your comments to this news (0 comments)

Microsoft Office code execution
Published:20.05.2008
Source:BUGTRAQ
SecurityVulns ID:9008
Type:client
Level:5/10
Description:It's possible to embed javasript code into document.
Affected:MICROSOFT : Office XP
Original documentdocumentjplopezy_(at)_gmail.com, Microsoft word javascript execution (20.05.2008)
Discuss:Read or add your comments to this news (0 comments)

GnuTLS library multiple security vulnerabilities
Published:20.05.2008
Source:CERT-FI
SecurityVulns ID:9010
Type:library
Level:6/10
Description:Frevulnerabilities on TLS traffic parsing lead to DoS conditions and potential buffer overflow.
Affected:GNUTLS : GnuTLS 2.2
Original documentdocumentCERT-FI, CERT-FI Vulnerability Advisory on GnuTLS (20.05.2008)
Discuss:Read or add your comments to this news (0 comments)

Foxit Reader buffer overflow
Published:20.05.2008
Source:BUGTRAQ
SecurityVulns ID:9011
Type:client
Level:5/10
Description:util.printf() JavaScript function buffer overflow.
Affected:FOXIT : Foxit Reader 2.3
CVE:CVE-2008-1104
Original documentdocumentSECUNIA, Secunia Research: Foxit Reader "util.printf()" Buffer Overflow (20.05.2008)
Discuss:Read or add your comments to this news (0 comments)

Symantec Altiris Deployment Solution multiplse security vulnerabilities
updated since 16.05.2008
Published:20.05.2008
Source:BUGTRAQ
SecurityVulns ID:9003
Type:remote
Level:6/10
Description:SQL injection, information leak.
Affected:SYMANTEC : Altiris Deployment Solution 6.8
 SYMANTEC : Altiris Deployment Solution 6.9
Original documentdocumentBrett Moore, Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection (20.05.2008)
 documentBrett Moore, Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure (20.05.2008)
 documentZDI, ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability (16.05.2008)
 documentZDI, ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability (16.05.2008)
Discuss:Read or add your comments to this news (0 comments)

mtr (multiprotocol traceroute) buffer overflow
Published:20.05.2008
Source:BUGTRAQ
SecurityVulns ID:9007
Type:remote
Level:6/10
Description:Buffer overflow on DNS server response parsing.
Original documentdocumentpi3_(at)_itsec.pl, Mtr - remote and local stack overflow - uncomment situation in libresolv. (20.05.2008)
Discuss:Read or add your comments to this news (0 comments)

CA BrightStor ARCserve Backup multiple security vulnerabilities
Published:20.05.2008
Source:BUGTRAQ
SecurityVulns ID:9009
Type:remote
Level:7/10
Description:caloggerd directory traversal. Buffer overflow in multiple xdr functions.
Affected:CA : Brightstor ARCserve Backup 11.1
 CA : Brightstor ARCserve Backup 11.0
 CA : Brightstor ARCserve Backup 11.5
 CA : CA Server Protection Suite 2
CVE:CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.)
 CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.)
Original documentdocumentZDI, ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow (20.05.2008)
 documentCA, CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities (20.05.2008)
 documentZDI, ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability (20.05.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server