 |
|
|
|
| HP OpenView Network Node Manager crossite scripting | | Published: |  | 21.11.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9450 | | Type: |  | remote | | Level: |  | 5/10 |
| Affected: |  | HP : HP OpenView Network Node Manager 7.53 | | CVE: |  | CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.) | | | | CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.) |
| BitDefender antivirus DoS | | Published: | | 21.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9442 | | Type: | | local | | Level: | | 5/10 | | Description: |  | Crash on PDF file check in bdc.exe. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 21.11.2008 | | Source: | | | | SecurityVulns ID: | | 9443 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Webglimpse: crossite scripting.
CimWebCenter: crossite scripting. |
| PHP safe_mode protection bypass | | Published: | | 21.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9444 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to bypass protection with ini_set("error_log", "/hack/"); |
| HPLIP DoS | | Published: | | 21.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9448 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS against hpssd and alerting services. |
| Affected: | | HPLIP : hplip 0.9 | | CVE: | | CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.) | | | | CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to gain privileges and send e-mail messages from the root account via vectors related to the setalerts message, and lack of validation of the device URI associated with an event message.) |
| dovecot protection bypass | | Published: | | 21.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9449 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Ivalid ACL parsing in ACL plugin. Privilege escalations. |
| CVE: | | CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.) | | | | CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.) |
| Sun Java System Identity Manager multiple security vulnerabilities | | Published: | | 21.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9445 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Crossite request forgery, unauthorized access. |
| Streamripper multiple buffer overflows | | Published: | | 21.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9446 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflows on HTTP response headers parsing, .m3u and .pls playlists parsing. |
| Affected: | | STREAMRIPPER : Streamripper 1.63 | | CVE: | | CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.) |
| 3Com AP8760 authentication bypass | | Published: | | 21.11.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9447 | | Type: | | client | | Level: | | 5/10 | | Description: | | After initial password check autnentication is IP-address only. |
|
|
|
|
|
|
|
|
