Computer Security
[EN] no-pyccku

Axigen AXImilter format string vulnerability
SecurityVulns ID:8593
Threat Level:
Description:CNHO header buffer overflow.
Affected:AXIGEN : Axigen 5.0
Original documentdocumenthempel, AXIGEN 5.0.x AXIMilter Format String Exploit (21.01.2008)
Files:AXIGEN 5.0.x AXIMilter format string Exploit

AliceGate 2 ADSL WiFI routers unauthorized access
SecurityVulns ID:8594
Threat Level:
Description:It's possible to access few administration pages, including WiFi encryption configuration, without authentication.
Affected:ALICE : Alice gate 2
Original documentdocumentwargame89_(at), Flaw in Alice gate2 pluswifi adsl modem (21.01.2008)

Apache Tomcat multiple security vulnerabilities
updated since 21.01.2008
SecurityVulns ID:8591
Threat Level:
Description:Crossite scripting, information disclosure.
Affected:APACHE : Tomcat 4.0
 APACHE : Tomcat 4.1
 APACHE : Tomcat 5.0
 APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.)
 CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.)
Original documentdocumentAPACHE, CVE-2008-0002: Tomcat information disclosure vulnerability (10.02.2008)

Xine / MPlayer / VLC buffer overflow
updated since 21.01.2008
SecurityVulns ID:8592
Threat Level:
Description:Buffer overflows and array overflow on RTSP parsing.
Affected:MPLAYER : MPlayer 1.0
 XINE : xine 1.1
 XINE : xinelib 1.1
 VLC : VLC 0.8
CVE:CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.)
 CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.)
Original documentdocumentGuido Landi, [Full-disclosure] CVE-2008-0073 - MPlayer and VLC "sdpplin_parse()" Array Indexing Vulnerability (25.03.2008)
 documentDEBIAN, [SECURITY] [DSA 1472-1] New xine-lib packages fix arbitrary code execution (21.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod