Computer Security
[EN] securityvulns.ru no-pyccku


Asterisk multiple security vulnerabilities
updated since 19.03.2008
Published:21.03.2008
Source:
SecurityVulns ID:8802
Type:remote
Threat Level:
8/10
Description:Multiple format string vulnerabilities, buffer overflow on RTP handling, HTTP interface sessions spoofing, unauthorized SIP calls.
Affected:ASTERISK : Asterisk 1.6
CVE:CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.)
 CVE-2008-1333
 CVE-2008-1332
 CVE-2008-1289
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200803-01] Multiple buffer overflows in Asterisk (21.03.2008)
 documentASTERISK, AST-2008-004: Format String Vulnerability in Logger and Manager (19.03.2008)
 documentASTERISK, AST-2008-002: Two buffer overflows in RTP Codec Payload Handling (19.03.2008)
 documentASTERISK, AST-2008-003: Unauthenticated calls allowed from SIP channel driver (19.03.2008)
 documentASTERISK, AST-2008-005: HTTP Manager ID is predictable (19.03.2008)

Multiple xinelib / Xine media player security vulnerabilities
Published:21.03.2008
Source:
SecurityVulns ID:8813
Type:client
Threat Level:
6/10
Description:Multiple buffer overflows on different media formats parsing.
Affected:XINE : xine 1.1
 XINE : xinelib 1.1
Original documentdocumentLuigi Auriemma, Multiple heap overflows in xine-lib 1.1.11 (21.03.2008)
Files:Exploits xine-lib <= 1.1.11 multiple heap overflows

Linux kernel information leak
Published:21.03.2008
Source:
SecurityVulns ID:8814
Type:local
Threat Level:
6/10
Description:Kernel memory access with fault handlers.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-0007
Original documentdocumentMANDRIVA, [ MDVSA-2008:072 ] - Updated kernel packages fix vulnerability (21.03.2008)

SurgeMail buffer overflow
Published:21.03.2008
Source:
SecurityVulns ID:8815
Type:remote
Threat Level:
6/10
Description:Buffer overflow in LSUB IMAP command.
Affected:NETWINSITE : Surgemail 38k4
Original documentdocumentinfocus, [Full-disclosure] [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow (21.03.2008)
Files:Surgemail stack overflow PoC exploit

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.03.2008
Published:22.03.2008
Source:
SecurityVulns ID:8816
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS DataLife Engine - path information leakage.
Affected:CPANEL : cPanel 11.18
 DOTNETNUKE : DotNetNuke 4.8
 CPANEL : cPanel 11.21
Original documentdocumentZero-X ScriptKiddy, webutil.pl is still vulnerable against Remote Command Execution. (22.03.2008)
 documentlabs_(at)_gdssecurity.com, DotNetNuke Default Machine Key Exposure (22.03.2008)
 documentKVorb, Баг в модуле CMS DataLife Engine (21.03.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod