Computer Security
[EN] securityvulns.ru no-pyccku


SmbClientParser shell characters vulnerability
Published:22.07.2008
Source:
SecurityVulns ID:9163
Type:client
Threat Level:
5/10
Description:Shell characters vulnerability with shared folder names.
Affected:SMBCLIENTPARSER : SmbClientParser 2.7
Original documentdocumentISecAuditors Security Advisories, [ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution (22.07.2008)

ZDaemon games server DoS
Published:22.07.2008
Source:
SecurityVulns ID:9167
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on malformed network packet.
Affected:ZDAEMON : ZDaemon 1.08
Original documentdocumentLuigi Auriemma, NULL pointer in ZDaemon 1.08.07 (22.07.2008)
Files:Exploits ZDaemon <= 1.08.07 NULL pointer

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.07.2008
Source:
SecurityVulns ID:9165
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PostNuke: crossite scripting, automation protection bypass.
Affected:POSTNUKE : PostNuke 0.7
 MYBLOG : MyBlog 0.9
 INTERACT : Interact 2.4
 flip : Flip 3.0
 EASYPUBLISH : EasyPublish 3.0
 EASYCARDS : Easyecards 310
 EASYBOKMARKER : Easybookmarker 40
 EASYDYNAMICPAGES : Easydynamicpages 30
 SOCIALENGINE : SocialEngine 2.82
Original documentdocumentPeter Wiesen, E-Mail header Injection in HiFriend (22.07.2008)
 documenttim.loshak_(at)_gmail.com, Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw (22.07.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1 (22.07.2008)
 documentadmin_(at)_bugreport.ir, MyBlog <=0.9.8 Multiple Vulnerabilities (22.07.2008)
 documentGhost hacker, EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability (22.07.2008)
 documentirancrash_(at)_gmail.com, Easydynamicpages 30tr Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) (22.07.2008)
 documentirancrash_(at)_gmail.com, Maran PHP Blog Xss By Khashayar Fereidani (22.07.2008)
 documentirancrash_(at)_gmail.com, Easybookmarker 40tr Xss Vulnerability By Khashayar Fereidani (22.07.2008)
 documentirancrash_(at)_gmail.com, Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani (22.07.2008)
 documentirancrash_(at)_gmail.com, EasyPublish 3.0tr Multiple Vulnerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) (22.07.2008)
 documentCru3l.b0y, Flip V3.0 final (22.07.2008)
 documentMustLive, Vulnerabilities in PostNuke (22.07.2008)
Files:EasyPublish 3.0tr Exploit
 Easyecards 310a Exploit
 Easydynamicpages 30tr Exploit

MySQL privilege escalation
updated since 22.07.2008
Published:10.11.2008
Source:
SecurityVulns ID:9164
Type:local
Threat Level:
5/10
Description:It's possible to specify file of different database in CREATE TABLE.
Affected:MYSQL : MySQL 4.1
 ORACLE : MySQL 5.0
 ORACLE : MySQL 5.1
 MYSQL : MySQL 6.0
CVE:CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.)
 CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079.)
 CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1662-1] New mysql-dfsg-5.0 packages fix authorization bypass (10.11.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod