Computer Security

Search:Vulnerability:21.01.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.01.2008
Source:
SecurityVulns ID:8590
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: crossite scripting
Affected:KAYAKO : Kayako SupportSuite 3.0
 BOASTMACHINE : boastMachine 3.1
 MYBB : MyBB 1.2
 HORDE : Horde 3.1
 RELAY : Relay 1.0
 BLOOFOX : Bloofox CMS 0.3
 PD9SOFT : MegaBBS 1.5
 BLOGCMS : BLOG:CMS 4.2
CVE:CVE-2007-6018
Original documentdocumentrxhr_(at)_hotmail.com, BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include (21.01.2008)
 documentDEBIAN, [SECURITY] [DSA 1470-1] New horde3 packages fix denial of service (21.01.2008)
 documentJanek Vind, [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01 (21.01.2008)
 documenthadihadi_zedehal_2006_(at)_yahoo.com, boastMachine <=3.1 SQL Injection Vulnerbility (21.01.2008)
 documentgrossman_(at)_yahoo.com, MegaBBS ASP Forum Cross-Site Scripting (21.01.2008)
 documenteffectiveness63_(at)_gmail.com, Php Search Remote Inclusion (21.01.2008)
 documentadmin_(at)_bugreport.ir, Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure (21.01.2008)
 documentMustLive, Vulnerabilities in Relay (21.01.2008)
Discuss:Read or add your comments to this news (0 comments)

Axigen AXImilter format string vulnerability
Published:21.01.2008
Source:BUGTRAQ
SecurityVulns ID:8593
Type:remote
Level:7/10
Description:CNHO header buffer overflow.
Affected:AXIGEN : Axigen 5.0
Original documentdocumenthempel, AXIGEN 5.0.x AXIMilter Format String Exploit (21.01.2008)
Files:AXIGEN 5.0.x AXIMilter format string Exploit
Discuss:Read or add your comments to this news (0 comments)

AliceGate 2 ADSL WiFI routers unauthorized access
Published:21.01.2008
Source:BUGTRAQ
SecurityVulns ID:8594
Type:remote
Level:4/10
Description:It's possible to access few administration pages, including WiFi encryption configuration, without authentication.
Affected:ALICE : Alice gate 2
Original documentdocumentwargame89_(at)_yahoo.it, Flaw in Alice gate2 pluswifi adsl modem (21.01.2008)
Discuss:Read or add your comments to this news (0 comments)

Apache Tomcat multiple security vulnerabilities
updated since 21.01.2008
Published:10.02.2008
Source:CVE
SecurityVulns ID:8591
Type:remote
Level:5/10
Description:Crossite scripting, information disclosure.
Affected:APACHE : Tomcat 4.0
 APACHE : Tomcat 4.1
 APACHE : Tomcat 5.0
 APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2008-0128
 CVE-2008-0002
 CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.)
Original documentdocumentAPACHE, CVE-2008-0002: Tomcat information disclosure vulnerability (10.02.2008)
Discuss:Read or add your comments to this news (0 comments)

Xine / MPlayer / VLC buffer overflow
updated since 21.01.2008
Published:25.03.2008
Source:BUGTRAQ
SecurityVulns ID:8592
Type:library
Level:6/10
Description:Buffer overflows and array overflow on RTSP parsing.
Affected:MPLAYER : MPlayer 1.0
 XINE : xine 1.1
 XINE : xinelib 1.1
 VLC : VLC 0.8
CVE:CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.)
 CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.)
 CVE-2008-0073
Original documentdocumentGuido Landi, [Full-disclosure] CVE-2008-0073 - MPlayer and VLC "sdpplin_parse()" Array Indexing Vulnerability (25.03.2008)
 documentDEBIAN, [SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution (21.01.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server