Computer Security
[EN] no-pyccku

Microsoft Outlook Express / Microsoft Outlook DoS
updated since 20.09.2008
SecurityVulns ID:9297
Threat Level:
Description:Crash on <style>*{position:relative}</style> <table>DoS</table> in HTML content.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
Original documentdocumentMustLive, DoS vulnerability in Outlook (20.09.2008)
 documentMustLive, DoS vulnerability in Outlook Express (20.09.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:9298
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYPHPNUKE : myPHPNuke 1.8
 OSCOMMERCE : osCommerce 2.2
 SIMPLEDOWNLOADCO : Simple Download Counter 1.0
 QUICKCMS : Quick.Cms.Lite 2.1
 QUICKCART : Quick.Cart 3.1
 ATTACHMAX : Attachmax Dolphin 2.1
 MENALTO : menalto gallery 2.2
 CYASK : cyask 3.0
 LOOYU : LooYu Web IM 2008
 PHPPROBID : PHP pro bid 6.04
 ANNUTEL : Annuaire Téléphonique 1.0
 OPENWSMAN : Openwsman 1.5
CVE:CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.)
 CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.)
 CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/
 CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.)
 CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.)
Original documentdocumentVMWARE, VMSA-2008-0015 Updated ESXi and ESX 3.5 packages address critical security issue in openwsman (20.09.2008)
 documentJeiAr, Advanced Electron Forum <= 1.0.6 Remote Code Execution (20.09.2008)
 documentsn0oPy.team_(at), Annuaire Téléphonique v1.0 Sensetive Files (MDP) (20.09.2008)
 documentJan van Niekerk, PHP pro bid v 6.04 SQL injection (20.09.2008)
 documentxsp, LooYu Web IM 2008 Cross-Site Scripting Vulnerabilities (20.09.2008)
 documentxuanmumu_(at), cyask 3.x Local File Inclusion Vulnerability (20.09.2008)
 documentLagon666_(at), Sama XSS Bug (20.09.2008)
 documentHanno Bock, menalto gallery: Session hijacking vulnerability, CVE-2008-3662 (20.09.2008)
 documentadv_(at), [ECHO_ADV_101$2008] Attachmax Dolphin <= 2.1.0 Multiple Vulnerabilities (20.09.2008)
 documentJohn Cobb, [NOBYTES.COM: #13] Quick.Cart v3.1 Freeware - Cross Site Scripting (20.09.2008)
 documentJohn Cobb, [NOBYTES.COM: #14] Quick.Cms.Lite v2.1 Freeware - Cross Site Scripting (20.09.2008)
 documentJohn Cobb, [NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure (20.09.2008)
 documentAlemin_Krali Krali, DUgallery - ALL VERSIONS (Upload/SQL/) Multiple Remote Vulnerabilities (20.09.2008)
 documentMustLive, SQL Injection vulnerability in Simple Download Counter (20.09.2008)
 documentMustLive, SQL Injection vulnerability in myPHPNuke (20.09.2008)

Wireshark / TShark multiple security vulnerabilities
SecurityVulns ID:9299
Threat Level:
Description:Multiple DoS conditions on different protocols parsing.
Affected:WIRESHARK : Wireshark 1.0
CVE:CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.)
 CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.)
 CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.)
 CVE-2008-3146 (Multiple buffer overflows in in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:199 ] wireshark (20.09.2008)

Surgemail IMAP server DoS
SecurityVulns ID:9300
Threat Level:
Description:Crash on APPEND command processing.
Affected:NETWIN : SurgeMail Mail Server 3.9
Original documentdocumentJoгo Antunes, [AJECT] SurgeMail IMAP 3.9e vulnerability (20.09.2008)

R symbolic links security vulnerability
SecurityVulns ID:9301
Threat Level:
Description:javareconf script insecure temporary fiels creation.
Affected:R : R 2.7
CVE:CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:198 ] R-base (20.09.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod