SmbClientParser shell characters vulnerability Published: 22.07.2008 Source: BUGTRAQ SecurityVulns ID: 9163 Type: client Level: 5/10 Description: Shell characters vulnerability with shared folder names. Affected: SMBCLIENTPARSER : SmbClientParser 2.7 Original document ISecAuditors Security Advisories , [ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution (22.07.2008 )
EMC Dantz Retrospect backup server and lcient multiple security vulnerabilities Published: 22.07.2008 Source: FULL-DISCLOSURE SecurityVulns ID: 9166 Type: remote Level: 6/10 Description: Password recovery from hash for both server and client, memory corruption, DoS. Affected: EMC : Dantz Retrospect 7 EMC : Dantz Retrospect Backup Server 7.5 EMC : Dantz Retrospect Backup Client 7.5 Original document zhliu_(at)_fortinet.com , [Full-disclosure] EMC Dantz Retrospect 7 backup Client PlainText Password Hash Disclosure Vulnerability (22.07.2008 ) zhliu_(at)_fortinet.com , FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 Remote Memory corruption Vulnerability (22.07.2008 ) zhliu_(at)_fortinet.com , FGA-2008-16: EMC Dantz Retrospect 7 backup Server Authentication Module Weak Password Hash Arithmetic Vulnerability (22.07.2008 ) zhliu_(at)_fortinet.com , FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 NULL-Pointer reference Denial of Service Vulnerability (22.07.2008 )
ZDaemon games server DoS Published: 22.07.2008 Source: BUGTRAQ SecurityVulns ID: 9167 Type: remote Level: 5/10 Description: NULL pointer dereference on malformed network packet. Affected: ZDAEMON : ZDaemon 1.08 Original document Luigi Auriemma , NULL pointer in ZDaemon 1.08.07 (22.07.2008 )
MySQL privilege escalation Published: 22.07.2008 Source: CVE SecurityVulns ID: 9164 Type: local Level: 5/10 Description: It's possible to specify file of different database in CREATE TABLE. Affected: MYSQL : MySQL 4.1 MYSQL : MySQL 5.0 MYSQL : MySQL 5.1 MYSQL : MySQL 6.0 CVE: CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.)
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Published: 22.07.2008 Source: SecurityVulns ID: 9165 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
PostNuke: crossite scripting, automation protection bypass. Affected: POSTNUKE : PostNuke 0.7 MYBLOG : MyBlog 0.9 INTERACT : Interact 2.4 flip : Flip 3.0 EASYPUBLISH : EasyPublish 3.0 EASYCARDS : Easyecards 310 EASYBOKMARKER : Easybookmarker 40 EASYDYNAMICPAGES : Easydynamicpages 30 SOCIALENGINE : SocialEngine 2.82 Original document Peter Wiesen , E-Mail header Injection in HiFriend (22.07.2008 ) tim.loshak_(at)_gmail.com , Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw (22.07.2008 ) Digital Security Research Group [DSecRG] , [DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1 (22.07.2008 ) admin_(at)_bugreport.ir , MyBlog <=0.9.8 Multiple Vulnerabilities (22.07.2008 ) Ghost hacker , EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability (22.07.2008 ) irancrash_(at)_gmail.com , Easydynamicpages 30tr Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) (22.07.2008 ) irancrash_(at)_gmail.com , Maran PHP Blog Xss By Khashayar Fereidani (22.07.2008 ) irancrash_(at)_gmail.com , Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani (22.07.2008 ) irancrash_(at)_gmail.com , Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani (22.07.2008 ) irancrash_(at)_gmail.com , EasyPublish 3.0tr Multiple Vulnerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) (22.07.2008 ) Cru3l.b0y_(at)_gmail.com , Flip V3.0 final (22.07.2008 ) MustLive , Vulnerabilities in PostNuke (22.07.2008 )
