Computer Security
[EN] securityvulns.ru no-pyccku


IBM AIX pioout utility buffer overflow
Published:25.01.2008
Source:
SecurityVulns ID:8606
Type:local
Threat Level:
5/10
Affected:IBM : AIX 5.2
 IBM : AIX 5.3
CVE:CVE-2007-5764
Original documentdocumentIDEFENSE, iDefense Security Advisory 01.23.08: IBM AIX pioout BSS Buffer Overflow Vulnerability (25.01.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.01.2008
Source:
SecurityVulns ID:8607
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Relay: SQL injection and crossite scripting.
Affected:PHPBB : phpBB 2.0
 CHERRYPY : CherryPy 3.0
 CANDYPRESS : CandyPress 4.1
CVE:CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.)
Original documentdocumentadmin_(at)_bugreport.ir, [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure) (25.01.2008)
 documentmilad_sa2007_(at)_yahoo.com, Pre Dynamic Institution bypass (25.01.2008)
 documentmilad_sa2007_(at)_yahoo.com, Pre Hotel and Resorts reservation portal login bypass (25.01.2008)
 documentmilad_sa2007_(at)_yahoo.com, E-SMART CART bypass (25.01.2008)
 documentnbbn_(at)_gmx.net, phpBB 2.0.22 Remote PM Delete XSRF Vulnerability (25.01.2008)
 documentRPATH, rPSA-2008-0030-1 CherryPy (25.01.2008)

IBM Tivoli Provisioning Manager for OS Deployment buffer overflow
Published:25.01.2008
Source:
SecurityVulns ID:8608
Type:remote
Threat Level:
6/10
Description:Buffer overflow on oversized HTTP request.
Affected:IBM : Tivoli Provisioning Manager for OS Deployment 5.1
Original documentdocumentIDEFENSE, iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability (25.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod