Computer Security
[EN] securityvulns.ru no-pyccku


BitDefender antivirus DoS
Published:21.11.2008
Source:
SecurityVulns ID:9442
Type:local
Threat Level:
5/10
Description:Crash on PDF file check in bdc.exe.
Original documentdocumentProTeuS, Fwd: Deny Of Service and infinite loop in BitDefender (module pdf.xmd) (21.11.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.11.2008
Source:
SecurityVulns ID:9443
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Webglimpse: crossite scripting. CimWebCenter: crossite scripting.
Affected:BOASTMACHINE : boastMachine 3.1
 VBULLETIN : vBulletin 3.7
 WEBGLIMPSE : Webglimpse 2.18
 SOCIALENGINE : Social Engine 2.7
Original documentdocumentMustLive, Cross-Site Scripting vulnerabilities in Webglimpse (21.11.2008)
 documentr3d.w0rm_(at)_yahoo.com, boastMachine v3.1 Remote Sql Injection (21.11.2008)
 documentoffice_(at)_hackattack.at, Social Engine 2.7 CRLF Injection + SQL injection (21.11.2008)
 documentMaximize Designs, vBulletin 3.7.3 Visitor Messages XSS/XSRF + worm (21.11.2008)
Files:vBulletin 3.7.3 Visitor Messages worm

PHP safe_mode protection bypass
Published:21.11.2008
Source:
SecurityVulns ID:9444
Type:local
Threat Level:
5/10
Description:It's possible to bypass protection with ini_set("error_log", "/hack/");
Affected:PHP : PHP 5.2
Original documentdocumentMaksymilian Arciemowicz, SecurityReason : PHP 5.2.6 (error_log) safe_mode bypass (21.11.2008)

Sun Java System Identity Manager multiple security vulnerabilities
Published:21.11.2008
Source:
SecurityVulns ID:9445
Type:remote
Threat Level:
6/10
Description:Crossite request forgery, unauthorized access.
Affected:SUN : Java System Identity Manager 6.0
Original documentdocumentProCheckUp Research, PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager "ext" parameter (21.11.2008)
 documentProCheckUp Research, PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager (21.11.2008)

Streamripper multiple buffer overflows
Published:21.11.2008
Source:
SecurityVulns ID:9446
Type:client
Threat Level:
5/10
Description:Buffer overflows on HTTP response headers parsing, .m3u and .pls playlists parsing.
Affected:STREAMRIPPER : Streamripper 1.63
CVE:CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.)
Original documentdocumentSECUNIA, Secunia Research: Streamripper Multiple Buffer Overflows (21.11.2008)

3Com AP8760 authentication bypass
Published:21.11.2008
Source:
SecurityVulns ID:9447
Type:client
Threat Level:
5/10
Description:After initial password check autnentication is IP-address only.
Affected:3COM : 3Com AP8760
Original documentdocumentProCheckUp Research, PR07-40: Authentication Bypass, Passwords Leakage and SNMP Injection on 3Com AP 8760 (21.11.2008)

HPLIP DoS
Published:21.11.2008
Source:
SecurityVulns ID:9448
Type:remote
Threat Level:
5/10
Description:DoS against hpssd and alerting services.
Affected:HPLIP : hplip 0.9
CVE:CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.)
 CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.)
Original documentdocumentUBUNTU, [USN-674-1] HPLIP vulnerabilities (21.11.2008)

dovecot protection bypass
Published:21.11.2008
Source:
SecurityVulns ID:9449
Type:remote
Threat Level:
5/10
Description:Ivalid ACL parsing in ACL plugin. Privilege escalations.
CVE:CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.)
 CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:232 ] dovecot (21.11.2008)

HP OpenView Network Node Manager crossite scripting
Published:21.11.2008
Source:
SecurityVulns ID:9450
Type:remote
Threat Level:
5/10
Affected:HP : HP OpenView Network Node Manager 7.53
CVE:CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS) (21.11.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod