Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.03.2008
Published:		22.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8816
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS DataLife Engine - path information leakage.

Affected:		CPANEL : cPanel 11.18
		DOTNETNUKE : DotNetNuke 4.8
		CPANEL : cPanel 11.21

Original document		Zero-X ScriptKiddy, webutil.pl is still vulnerable against Remote Command Execution. (22.03.2008)
		labs_(at)_gdssecurity.com, DotNetNuke Default Machine Key Exposure (22.03.2008)
		KVorb, Баг в модуле CMS DataLife Engine (21.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

PHP integer overflow
Published:		22.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8818
Type:		library
Level:		5/10
Description:		Integer overflow in printf function.

Affected:		PHP : PHP 5.2
CVE:		CVE-2008-1384

Original document

Maksymilian Arciemowicz, {securityreason.com}PHP 5 *printf() - Integer Overflow (22.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Asus Remote Console buffer overflow
Published:		22.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8820
Type:		remote
Level:		5/10
Description:		Buffer overflow on TCP/623 request parsing.

Affected:

ASUS : ASUS Remote Console 2.0

Original document

Luigi Auriemma, Buffer-overflow in ASUS Remote Console 2.0.0.24 (22.03.2008)

Files:		Exploits buffer overflow in ASUS Remote Console 2.0.0.24
Discuss:		Read or add your comments to this news (0 comments)

ZyXel ZyWall unauthorized access
Published:		22.03.2008
Source:		MILW0RM
SecurityVulns ID:		8821
Type:		remote
Level:		7/10
Description:		It's possible to manipulate with routing via RIP and OSPF with default non-changeble account 'zebra'.

Affected:		ZYXEL : ZyWALL 1050
CVE:		CVE-2008-1160

Original document

Pranav Joshi, ZyXEL ZyWALL Quagga/Zebra Remote Root Vulnerability (22.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Internet Explorer 7 request modification
Published:		22.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8817
Type:		client
Level:		6/10
Description:		Headers manipulation and invalid chunked encoding processing allow response splitting.

Affected:		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server
		MICROSOFT : Windows Vista
		MICROSOFT : Windows 2008 Server

Original document		Minded Security Research Labs, [MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling. (22.03.2008)
		Minded Security Research Labs, [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. (22.03.2008)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Office / Excel / Outlook / Web Components multiple security vulnerabilities updated since 12.03.2008
Published:		22.03.2008
Source:		MICROSOFT
SecurityVulns ID:		8773
Type:		client
Level:		8/10
Description:		Microsoft Excel multiple security vulnerabilities, Outlook mailt: URI code execution, multiple Office memory corruptions, Office Web Components multiple security vulnerabilities.

CVE:		CVE-2008-0118
		CVE-2008-0117
		CVE-2008-0116
		CVE-2008-0115
		CVE-2008-0114
		CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability.")
		CVE-2008-0112
		CVE-2008-0111
		CVE-2008-0110
		CVE-2008-0081
		CVE-2007-1201
		CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability.")

Original document		IDEFENSE, [Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Outlook mailto Command Line Switch Injection (12.03.2008)
		IDEFENSE, [Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel 2003 Malformed Formula Memory Corruption Vulnerability (12.03.2008)
		IDEFENSE, [Full-disclosure] iDefense Security Advisory 03.11.08: Microsoft Excel DVAL Heap Corruption Vulnerability (12.03.2008)
		ZDI, ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability (12.03.2008)
		DVLabs, TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability (12.03.2008)
		MICROSOFT, Microsoft Security Bulletin MS08-017 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103) (12.03.2008)
		MICROSOFT, Microsoft Security Bulletin MS08-016 – Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) (12.03.2008)
		MICROSOFT, Microsoft Security Bulletin MS08-015 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031) (12.03.2008)
		MICROSOFT, Microsoft Security Bulletin MS08-014 - Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029) (12.03.2008)

Files:		MS08-014 exploit
		Microsoft Security Bulletin MS08-016 – Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
		Microsoft Security Bulletin MS08-017 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
		Microsoft Security Bulletin MS08-014 - Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
		Microsoft Security Bulletin MS08-015 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
Discuss:		Read or add your comments to this news (0 comments)

Apple Safari for Windows buffer overflow and content spoofing updated since 22.03.2008
Published:		23.03.2008
Source:		BUGTRAQ
SecurityVulns ID:		8819
Type:		client
Level:		5/10
Description:		Buffer overflow on oversized download filename.

Original document		jplopezy_(at)_gmail.com, Safari browser 3.1 (525.13) spoofing (23.03.2008)
		jplopezy_(at)_gmail.com, Safari 3.1 for windows download bug (22.03.2008)

Discuss:

Read or add your comments to this news (0 comments)