 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 20.09.2008 | | Source: |  | | | SecurityVulns ID: |  | 9298 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| Original document |  | VMWARE, VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address critical security issue in openwsman (20.09.2008) |
| | | JeiAr, Advanced Electron Forum <= 1.0.6 Remote Code Execution (20.09.2008) |
| | | sn0oPy.team_(at)_gmail.com, Annuaire Téléphonique v1.0 Sensetive Files (MDP) (20.09.2008) |
| | | Jan van Niekerk, PHP pro bid v 6.04 SQL injection (20.09.2008) |
| | | xsp, LooYu Web IM 2008 Cross-Site Scripting Vulnerabilities (20.09.2008) |
| | | xuanmumu_(at)_gmail.com, cyask 3.x Local File Inclusion Vulnerability (20.09.2008) |
| | | Lagon666_(at)_Yahoo.com, Sama XSS Bug (20.09.2008) |
| | | Hanno Bock, menalto gallery: Session hijacking vulnerability, CVE-2008-3662 (20.09.2008) |
| | | adv_(at)_e-rdc.org, [ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities (20.09.2008) |
| | | John Cobb, [NOBYTES.COM: #13] Quick.Cart v3.1 Freeware - Cross Site Scripting (20.09.2008) |
| | | John Cobb, [NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting (20.09.2008) |
| | | John Cobb, [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure (20.09.2008) |
| | | Alemin_Krali Krali, DUgallery - ALL VERSIONS (Upload/SQL/) Multiple Remote Vulnerabilities (20.09.2008) |
| | | MustLive, SQL Injection vulnerability in Simple Download Counter (20.09.2008) |
| | | MustLive, SQL Injection vulnerability in myPHPNuke (20.09.2008) |
| Surgemail IMAP server DoS | | Published: | | 20.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9300 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on APPEND command processing. |
| Microsoft Outlook Express / Microsoft Outlook DoS | | Published: | | 20.09.2008 | | Source: | | MustLive | | SecurityVulns ID: | | 9297 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Crash on
<style>*{position:relative}</style>
<table>DoS</table>
in HTML content. |
| Wireshark / TShark multiple security vulnerabilities | | Published: | | 20.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9299 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple DoS conditions on different protocols parsing. |
| Affected: |  | WIRESHARK : Wireshark 1.0 | | CVE: |  | CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.) | | | | CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.) | | | | CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.) | | | | CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.) |
| R symbolic links security vulnerability | | Published: | | 20.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9301 | | Type: | | remote | | Level: | | 5/10 | | Description: | | javareconf script insecure temporary fiels creation. |
| Affected: | | R : R 2.7 | | CVE: | | CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.) |
|
|
|
|
|
|
|
|
