Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Altiris Deployment Solution multiplse security vulnerabilities
updated since 16.05.2008
Published:20.05.2008
Source:
SecurityVulns ID:9003
Type:remote
Threat Level:
6/10
Description:SQL injection, information leak.
Affected:SYMANTEC : Altiris Deployment Solution 6.8
 SYMANTEC : Altiris Deployment Solution 6.9
Original documentdocumentBrett Moore, Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection (20.05.2008)
 documentBrett Moore, Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure (20.05.2008)
 documentZDI, ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability (16.05.2008)
 documentZDI, ZDI-08-025: Symantec Altiris Deployment Solution Domain Credential Disclosure Vulnerability (16.05.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.05.2008
Source:
SecurityVulns ID:9006
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting. Invision Power Board: XSS
Affected:PHPGEDVIEW : PhpGedView 4.0
 PHPGEDVIEW : PhpGedView 4.1
 INVISION : Invision Power Board 2.3
 APPSERV : AppServ Open Project 2.5
 ECMS : eCMS 0.4
 VBULLETIN : vBulletin 3.7
 STARSGAMES : Starsgames Control Panel 4.6
CVE:CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors.)
Original documentdocumenttan_prathan_(at)_hotmail.com, Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability (20.05.2008)
 documentDEBIAN, [SECURITY] [DSA 1580-1] New phpgedview packages fix privilege escalation (20.05.2008)
 documenta.jasbi_(at)_yahoo.com, Vbulletin 3.7.0 Gold >> Sql injection on faq.php (20.05.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities (20.05.2008)
 documenttan_prathan_(at)_hotmail.com, AppServ Open Project < = 2.5.10 Remote XSS Vulnerability (20.05.2008)
 document0in.email_(at)_gmail.com, Smeego CMS vulnerability (20.05.2008)
 documenttan_prathan_(at)_hotmail.com, Wordpress Malicious File Execution Vulnerability (20.05.2008)
 documenta.jasbi_(at)_yahoo.com, Cpanel all version >> root access with a reseller account. (20.05.2008)
 documentNoname, xss in ipb 2.3.5 (20.05.2008)
Files:Smeego CMS Local File Include Exploit

mtr (multiprotocol traceroute) buffer overflow
Published:20.05.2008
Source:
SecurityVulns ID:9007
Type:remote
Threat Level:
6/10
Description:Buffer overflow on DNS server response parsing.
Original documentdocumentpi3_(at)_itsec.pl, Mtr - remote and local stack overflow - uncomment situation in libresolv. (20.05.2008)

Microsoft Office code execution
Published:20.05.2008
Source:
SecurityVulns ID:9008
Type:client
Threat Level:
5/10
Description:It's possible to embed javasript code into document.
Affected:MICROSOFT : Office XP
Original documentdocumentjplopezy_(at)_gmail.com, Microsoft word javascript execution (20.05.2008)

CA BrightStor ARCserve Backup multiple security vulnerabilities
Published:20.05.2008
Source:
SecurityVulns ID:9009
Type:remote
Threat Level:
7/10
Description:caloggerd directory traversal. Buffer overflow in multiple xdr functions.
Affected:CA : Brightstor ARCserve Backup 11.1
 CA : Brightstor ARCserve Backup 11.0
 CA : Brightstor ARCserve Backup 11.5
 CA : CA Server Protection Suite 2
CVE:CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.)
 CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.)
Original documentdocumentZDI, ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow (20.05.2008)
 documentCA, CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities (20.05.2008)
 documentZDI, ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability (20.05.2008)

GnuTLS library multiple security vulnerabilities
Published:20.05.2008
Source:
SecurityVulns ID:9010
Type:library
Threat Level:
6/10
Description:Frevulnerabilities on TLS traffic parsing lead to DoS conditions and potential buffer overflow.
Affected:GNUTLS : GnuTLS 2.2
Original documentdocumentCERT-FI, CERT-FI Vulnerability Advisory on GnuTLS (20.05.2008)

Foxit Reader buffer overflow
Published:20.05.2008
Source:
SecurityVulns ID:9011
Type:client
Threat Level:
5/10
Description:util.printf() JavaScript function buffer overflow.
Affected:FOXIT : Foxit Reader 2.3
CVE:CVE-2008-1104
Original documentdocumentSECUNIA, Secunia Research: Foxit Reader "util.printf()" Buffer Overflow (20.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod