snort TCP options DoS updated since 27.12.2004
Published:		27.12.2004
Source:		SECURITEAM
SecurityVulns ID:		4318
Type:		remote
Level:		5/10
Description:		Invalid set of TCP options causes program to crash.

Affected:

SNORT : snort 2.3

Original document

SECURITEAM, [EXPL] Snort Malformed TCP Options DoS (27.12.2004)

Files:		Snort Malformed TCP Options DoS
Discuss:		Read or add your comments to this news (0 comments)

CleanCache protection bypass
Published:		27.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4313
Type:		local
Level:		5/10
Description:		"Secure file deletion" feature doesn't data wiping.

Affected:

BUTTUGLYSOFTWARE : CleanCache 2.19

Original document

WBG Links , CleanCache v2.19: False Sense of Security (27.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

Linux kernel S/390 plafrom privilege escalation
Published:		27.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4316
Type:		remote
Level:		5/10
Description:		SACF instruction usage is not limited to user.

Original document

SECUNIA, [SA13654] Linux Kernel SACF Instruction Privilege Escalation Vulnerability (27.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

Crystal Enterprise report file crossite scripting
Published:		27.12.2004
Source:		SECUNIA
SecurityVulns ID:		4317
Type:		remote
Level:		5/10
Description:		Crossite scripting with report files.

Affected:		BUSINESSOBJECTS : Crystal Enterprise 8.5
		BUSINESSOBJECTS : Crystal Enterprise 9
		BUSINESSOBJECTS : Crystal Enterprise 10

Original document

SECUNIA, [SA13644] Crystal Enterprise Report File Cross-Site Scripting Vulnerability (27.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

CGI bugs updated since 27.12.2004
Published:		02.01.2005
Source:
SecurityVulns ID:		4315
Type:		remote
Level:		5/10

Affected:		MOODLE : Moodle 1.4
		WHMAUTOPILOT : WHM AutoPilot 2.4
		SUGARCRM : SugarCRM 1.1
		VIEWCVS : ViewCVS 0.9
		ASP-RIDER : ASP-rider
		E107 : E107 0.617
		HELPCENTERLIVE : Help Center Live 1.2
		PHPROXY : PHProxy 0.3
		CODEGRRL : PHPCalendar 0.9
		KORWEBLOG : KorWeblog 1.6
		DTHEATRE : Jacks FormMail.php 5.0
		OWL : OWL 0.7
		OWL : OWL 0.8
		MYSQL : MySQL Eventum 1.3

Original document		SECUNIA, [SA13677] MySQL Eventum Multiple Vulnerabilities (02.01.2005)
		gnaa/rkz, [Full-Disclosure] Xanga Login Cookie stealing Vunerability - GNAA Security Center (02.01.2005)
		Jose Antonio, Two Vulnerabilities in ViewCVS (02.01.2005)
		Jose Antonio, Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM (02.01.2005)
		Jose Antonio, Various Vulnerabilities in OWL Intranet Engine (02.01.2005)
		Hack Hawk, Jacks FormMail.php remote file access vulnerability (02.01.2005)
		mike bailey, SQL Injection Vulnerability In IBProArcade (02.01.2005)
		Min-sung Choi, KorWeblog php injection Vulnerability (02.01.2005)
		JeiAr, php-Calendar File Include Vulnerability [ Command Exec ] (30.12.2004)
		JeiAr, Multiple WHM Autopilot Vulnerabilities (28.12.2004)
		SECUNIA, [SA13660] PHProjekt "path_pre" Parameter Arbitrary File Inclusion Vulnerability (28.12.2004)
		Bartek Nowotarski, Multiple Vulnerabilities in Moodle (28.12.2004)
		SECURITEAM, [UNIX] PHProxy Cross Site Scripting (27.12.2004)
		SECUNIA, [SA13470] ASP-rider "username" SQL Injection Vulnerability (27.12.2004)
		SECUNIA, [SA13652] Help Center Live Multiple Vulnerabilities (27.12.2004)
		SECUNIA, [SA13657] e107 Image Manager File Upload Vulnerability (27.12.2004)

Files:		e107 v0.x to v0617 exploit
Discuss:		Read or add your comments to this news (0 comments)

Perl symbolic links race conditions updated since 27.12.2004
Published:		04.12.2008
Source:		SECUNIA
SecurityVulns ID:		4314
Type:		local
Level:		5/10
Description:		File::Path::rmtree unsecurely changes file permissions, creating race condiotns for symbolic links manipulation.

Affected:		PERL : perl 5.8
		PERL : Perl 5.9
CVE:		CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.)
		CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.)
		CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.)
		CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.)

Original document		DEBIAN, [SECURITY] [DSA 1678-1] New perl packages fix privilege escalation (04.12.2008)
		SECUNIA, [SA13643] Perl "File::Path::rmtree" Race Condition (27.12.2004)

Discuss:

Read or add your comments to this news (0 comments)