Multiple xinelib / Xine media player security vulnerabilities
Published:		21.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8813
Type:		client
Level:		6/10
Description:		Multiple buffer overflows on different media formats parsing.

Affected:		XINE : xine 1.1
		XINE : xinelib 1.1

Original document

Luigi Auriemma, Multiple heap overflows in xine-lib 1.1.11 (21.03.2008)

Files:		Exploits xine-lib <= 1.1.11 multiple heap overflows
Discuss:		Read or add your comments to this news (0 comments)

SurgeMail buffer overflow
Published:		21.03.2008
Source:		FULL-DISCLOSURE
SecurityVulns ID:		8815
Type:		remote
Level:		6/10
Description:		Buffer overflow in LSUB IMAP command.

Affected:

NETWINSITE : Surgemail 38k4

Original document

infocus, [Full-disclosure] [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow (21.03.2008)

Files:		Surgemail stack overflow PoC exploit
Discuss:		Read or add your comments to this news (0 comments)

Linux kernel information leak
Published:		21.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8814
Type:		local
Level:		6/10
Description:		Kernel memory access with fault handlers.

Affected:		LINUX : kernel 2.6
CVE:		CVE-2008-0007

Original document

MANDRIVA, [ MDVSA-2008:072 ] - Updated kernel packages fix vulnerability (21.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Asterisk multiple security vulnerabilities updated since 19.03.2008
Published:		21.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8802
Type:		remote
Level:		8/10
Description:		Multiple format string vulnerabilities, buffer overflow on RTP handling, HTTP interface sessions spoofing, unauthorized SIP calls.

Affected:		ASTERISK : Asterisk 1.6
CVE:		CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.)
		CVE-2008-1333
		CVE-2008-1332
		CVE-2008-1289

Original document		noreply_(at)_musecurity.com, [Full-disclosure] [MU-200803-01] Multiple buffer overflows in Asterisk (21.03.2008)
		ASTERISK, AST-2008-004: Format String Vulnerability in Logger and Manager (19.03.2008)
		ASTERISK, AST-2008-002: Two buffer overflows in RTP Codec Payload Handling (19.03.2008)
		ASTERISK, AST-2008-003: Unauthenticated calls allowed from SIP channel driver (19.03.2008)
		ASTERISK, AST-2008-005: HTTP Manager ID is predictable (19.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.03.2008
Published:		22.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8816
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS DataLife Engine - path information leakage.

Affected:		CPANEL : cPanel 11.18
		DOTNETNUKE : DotNetNuke 4.8
		CPANEL : cPanel 11.21

Original document		Zero-X ScriptKiddy, webutil.pl is still vulnerable against Remote Command Execution. (22.03.2008)
		labs_(at)_gdssecurity.com, DotNetNuke Default Machine Key Exposure (22.03.2008)
		KVorb, Баг в модуле CMS DataLife Engine (21.03.2008)

Discuss:

Read or add your comments to this news (0 comments)