Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.02.2008
Source:
SecurityVulns ID:8721
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DIATHEKE : diatheke 1.5
 NETWINSITE : SurgeMail 38
 NETWINSITE : NetWin WebMail 3.1
CVE:CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.)
Original documentdocumentLuigi Auriemma, Format string and buffer-overflow in SurgeMail 38k4 (27.02.2008)
 documentlovebug_(at)_hotmail.it, php-nuke sql injection reportaj [secid] (27.02.2008)
 documentDEBIAN, [SECURITY] [DSA 1508-1] New diatheke packages fix arbirary shell command execution (27.02.2008)
Files:SurgeMail <= 38k4 multiple vulnerabilities

SurgeFTP FTP server DoS
Published:27.02.2008
Source:
SecurityVulns ID:8722
Type:remote
Threat Level:
4/10
Description:Administration web interface Content-Length memory consumption.
Affected:NETWINSITE : SurgeFTP 2.3
Original documentdocumentLuigi Auriemma, NULL pointer in SurgeFTP 2.3a2 (27.02.2008)

Nortel IP Phone DoS
Published:27.02.2008
Source:
SecurityVulns ID:8723
Type:remote
Threat Level:
5/10
Description:Large fragmented ICMP packet causes device to crash.
Original documentdocumentDerek striemer, Nortel IP Phone DoS (27.02.2008)

Cups multiple security vulnerabilities
Published:27.02.2008
Source:
SecurityVulns ID:8724
Type:remote
Threat Level:
5/10
Description:Code execution on URI handling, multiple DoS conditions.
Affected:CUPS : cups 1.1
 CUPS : cups 1.2
CVE:CVE-2008-0886
 CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.)
 CVE-2008-0597
 CVE-2008-0596
 CVE-2008-0047
 CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:050 ] - Updated cups packages fix multiple vulnerabilities (27.02.2008)

Symantec antiviral engine API multiple security vulnerabilities
Published:27.02.2008
Source:
SecurityVulns ID:8725
Type:library
Threat Level:
6/10
Description:Multiple DoS conditions and buffer overflow on RAR archives parsing.
Affected:SYMANTEC : Symantec Scan Engine 5.1
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability (27.02.2008)
 documentIDEFENSE, iDefense Security Advisory 02.26.08: Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability (27.02.2008)

Ghostscript buffer overflow
updated since 27.02.2008
Published:27.02.2008
Source:
SecurityVulns ID:8726
Type:local
Threat Level:
4/10
CVE:CVE-2008-0411
Original documentdocumentDEBIAN, [SECURITY] [DSA 1510-1] New ghostscript packages fix arbitrary code execution (27.02.2008)

Mozilla Thunderbird buffer overflow
Published:27.02.2008
Source:
SecurityVulns ID:8727
Type:client
Threat Level:
8/10
Description:Buffer overflow on external-body MIME type parsing.
Affected:MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
CVE:CVE-2008-0304
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2008-12 (27.02.2008)
 documentIDEFENSE, iDefense Security Advisory 02.26.08: Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability (27.02.2008)

Mozilla Firefox / Opera information leak
updated since 16.02.2008
Published:27.02.2008
Source:
SecurityVulns ID:8697
Type:client
Threat Level:
5/10
Description:Error on BMP files displaying allows to read content of heap memory.
Affected:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
 OPERA : Opera 9.50
CVE:CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2008-07 (27.02.2008)
 documentGynvael Coldwind, [HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service (16.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod