Computer Security

Search:Vulnerability:22.05.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Alcatel OmniPCX cpmmands execution
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9016
Type:remote
Level:6/10
Description:/cgi-data/FastJSData.cgi web interface command execution.
Affected:ALCATEL : OmniPCX Office
CVE:CVE-2008-1331
Original documentdocumentDigital Security Research Group [DSecRG], [DSECRG-08-020] Alcatel OmniPCX Office Remote Comand Execution (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

HP-UX useradd privilege escalation
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9012
Type:local
Level:6/10
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
CVE:CVE-2008-1660
Original documentdocumentHP, [security bulletin] HPSBUX02335 SSRT071454 rev.1 - HP-UX Running useradd(1M), Local Unauthorized Access (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9013
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MANTISBT : Mantis Bug Tracker 1.1
 BMFORUM : BMForum 5.6
 PHPFREEFORUM : PHPFreeForum 1.0
 PHPSQLITECMS : phpSQLiteCMS 1
 WWWFILESHAREPRO : www file share pro 5.30
CVE:CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows remote attackers to create new administrative users via user_create.)
Original documentdocumentoutput_(at)_email.it, www file share pro 5.30 insecure multiple (22.05.2008)
 documenttan_prathan_(at)_hotmail.com, phpSQLiteCMS Multiple Remote XSS Vulnerability (22.05.2008)
 documenttan_prathan_(at)_hotmail.com, Exteen Blog XSS Remote Cookie Disclosure Exploit (22.05.2008)
 documenttan_prathan_(at)_hotmail.com, PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability (22.05.2008)
 documenttan_prathan_(at)_hotmail.com, BMForum Remote 5.6 Miltiple XSS Vulnerability (22.05.2008)
 documentascii, Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

Borland Interbase integer overflow
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9014
Type:remote
Level:6/10
Description:Integer overflow on TCP/3050 traffic parsing leads to stack based buffer overflow.
Affected:BORLAND : Interbase 2007
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0415: Borland Interbase 2007 Integer Overflow (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

SAP Web Application Server crossite scripting
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9015
Type:remote
Level:5/10
Description:Crossite scripting with /sap/bc/gui/sap/its/webgui/
Original documentdocumentDigital Security Research Group [DSecRG], [DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

Cisco IOS ssh DoS
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9017
Type:remote
Level:6/10
Description:Multiple vulnerabilities leading to device crash.
Affected:CISCO : IOS 12.4
CVE:CVE-2008-1159
Original documentdocumentCISCO, Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

Apple iCAL multiple security vulnerabilities
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9019
Type:client
Level:5/10
Description:Multiple vulnerabilities on .ics files parsing.
Affected:APPLE : MacOS X 10.5
CVE:CVE-2008-2007
 CVE-2008-2006
 CVE-2008-1035
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0126: Multiple vulnerabilities in iCal (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

libfishsound library integer overflow
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9020
Type:library
Level:5/10
Affected:LIBFISHSOUND : libfishsound 0.9
CVE:CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

snort IDS protection bypass
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9021
Type:remote
Level:5/10
Description:Packet's fragments with significant TTL difference are ignored.
Affected:SNORT : snort 2.8
CVE:CVE-2008-1804
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.21.08: Multiple Vendor Snort IP Fragment TTL Evasion Vulnerability (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

Cisco Voice Portal privilege escalation
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9018
Type:remote
Level:5/10
Description:User granted administrator privileges can modify accounts of superusers.
Affected:CISCO : Cisco Unified Customer Voice Portal 4.0
 CISCO : Cisco Unified Customer Voice Portal 4.1
CVE:CVE-2008-2053
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Voice Portal Privilege Escalation Vulnerability (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

Trillian instant messenger multiple security vulnerabilities
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:9022
Type:remote
Level:7/10
Description:Buffer overflows and memory corruptions in AIM/ICQ, MSN and XML-based protocols parsing.
Affected:TRILLIAN : Trillian 3.1
Original documentdocumentZDI, ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability (22.05.2008)
 documentZDI, ZDI-08-030: Trillian Multiple Protocol XML Parsing Memory Corruption Vulnerability (22.05.2008)
 documentZDI, ZDI-08-031: Trillian MSN MIME Header Stack-Based Overflow Vulnerability (22.05.2008)
Discuss:Read or add your comments to this news (0 comments)

BT Home Hub router multiple security vulnerabilities
updated since 09.10.2007
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:8226
Type:remote
Level:6/10
Description:Authentication bypass, crossite scripting, privilege escalation.
Affected:BT : Home Hub
Original documentdocumentAdrian Pastor, MDAP ANTs PWNAGE: dumping the admin password of the BT Home Hub (22.05.2008)
 documentpagvacito, BT Home Flub: Pwnin the BT Home Hub (09.10.2007)
Discuss:Read or add your comments to this news (0 comments)

Peercast buffer overflow
updated since 18.12.2007
Published:22.05.2008
Source:BUGTRAQ
SecurityVulns ID:8460
Type:remote
Level:6/10
Description:Buffer overflow in HTTP Basic authentication and on SOURCE header parsing.
Affected:PEERCAST : PeerCast 0.1218
CVE:CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication string with a long (1) username or (2) password.)
 CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.)
Original documentdocumentDEB IAN, [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities (22.05.2008)
 documentDEBIAN, [SECURITY] [DSA 1582-1] New peercast packages fix arbitrary code execution (22.05.2008)
 documentLuigi Auriemma, Heap overflow in PeerCast 0.1217 (18.12.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server