Computer Security
[EN] securityvulns.ru no-pyccku


Goodtech sshd buffer overflow
Published:26.10.2008
Source:
SecurityVulns ID:9383
Type:remote
Threat Level:
5/10
Description:Buffer overflow in sftp implementation.
Original documentdocumentwrit3r_(at)_gmail.com, GoodTech SSH Remote Buffer Overflow Exploit (26.10.2008)
Files:GoodTech SSH Remote Buffer Overflow Exploit

FireGPG multiple security vulnerabilities
Published:26.10.2008
Source:
SecurityVulns ID:9384
Type:local
Threat Level:
5/10
Description:Information leakage with temporary files, insecure temporary files creation.
Affected:FIREGPG : FireGPG 0.5
Original documentdocumentMike Benham, FireGPG Passphrase And Cleartext Vulnerability (26.10.2008)

HP SiteScope crossite scripting
Published:26.10.2008
Source:
SecurityVulns ID:9385
Type:remote
Threat Level:
5/10
Description:Script injections with SNMP traps.
Affected:HP : SiteScope 9.0
CVE:CVE-2007-4350
Original documentdocumentSECUNIA, Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability (26.10.2008)

Symantec Veritas Storage Foundation unauthorized access
updated since 23.10.2008
Published:26.10.2008
Source:
SecurityVulns ID:9376
Type:local
Threat Level:
5/10
Description:qioadmin utility allows local files read access. qiomkfile allows memory content reading.
Affected:SYMANTEC : Veritas Storage Foundation 5.0
CVE:CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.)
 CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.)
Original documentdocumentSecurity Objectives Corporation, SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability (26.10.2008)
 documentSecurity Objectives Corporation, SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability (23.10.2008)

Opera crossite scripting
updated since 26.10.2008
Published:26.10.2008
Source:
SecurityVulns ID:9381
Type:client
Threat Level:
4/10
Description:Crossite scripting with opera:historysearch.
Affected:OPERA : Opera 9.60
Original documentdocumentMustLive, Information Leakage in Opera (26.10.2008)
 documentRoberto Suggi, Opera Stored Cross Site Scripting Vulnerability (26.10.2008)
Files:Opera Information Leakage Exploit

Sun Java WebStart multiple security vulnerabilities
updated since 18.07.2008
Published:26.10.2008
Source:
SecurityVulns ID:9155
Type:remote
Threat Level:
6/10
Description:Sandbox limitation bypass, buffer overflow.
Original documentdocumentvarun.srivastav_(at)_gmail.com, Java Web start vulnerability (26.10.2008)
 documentZDI, ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow (18.07.2008)
 documentZDI, ZDI-08-042: Sun Java Web Start Sandbox Bypass Vulnerability (18.07.2008)

Oracle multiple security vulnerabilities
updated since 26.10.2008
Published:14.11.2008
Source:
SecurityVulns ID:9382
Type:remote
Threat Level:
8/10
Description:New quarterly updated fixes different types of security vulnerabilities.
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 8i
 ORACLE : Oracle 10g
 ORACLE : Oracle 11g
CVE:CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue allows bypass of the lockout mechanism using brute force guessing of credentials and a response discrepancy information leak when the password is correct.)
 CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.)
 CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.)
 CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.)
 CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.)
 CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode.)
Original documentdocumentSHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database multiple SQL Injection vulnerabilities in Workspace Manager (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE (14.11.2008)
 documentSHATTER, Team SHATTER Security Advisory: Oracle Database Multiple SQL Injection vulnerabilities in LTADM (14.11.2008)
 documentpete_(at)_petefinnigan.com, Advisory for Oracle CPU October 2008 - APEX Flows excessive privileges (26.10.2008)
 documentAmichai Shulman, CVE-2008-4000: Oracle PeopleTools – Authentication Weakness (26.10.2008)
 documentAmichai Shulman, CVE-2008-2625: Oracle DBMS – Proxy Authentication Vulnerability (26.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod