 |
|
|
|
Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 26.03.2008 | | Published: |  | 28.03.2008 | | Source: |  | MOZILLA | | SecurityVulns ID: |  | 8838 | | Type: |  | client | | Level: |  | 8/10 | | Description: |  | Javascript privilege esccalation and code execution, crossite scripting, multiple DoS conditions, URI and dialogs spoofing, local ports access from Java, privacy problems on SSL authentication. |
| Affected: |  | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 2.0 | | CVE: |  | CVE-2008-1241 | | | | CVE-2008-1240 | | | | CVE-2008-1238 | | | | CVE-2008-1237 | | | | CVE-2008-1236 | | | | CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals.") | | | | CVE-2008-1234 | | | | CVE-2008-1233 | | | | CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.) | | | | CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.) | | | | CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client certificates withminimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.) |
CISCO routers IOS multiple security vulnerabilities
updated since 26.03.2008 | | Published: | | 28.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8837 | | Type: | | remote | | Level: | | 8/10 | | Description: | | MVPN information leak, UDP DoS, multiple VPDN and DLSw DoS, multiple OSPF and MPLS vulnerabilities. |
| Original document |  | CERT, US-CERT Technical Cyber Security Alert TA08-087B -- Cisco Updates for Multiple Vulnerabilities (28.03.2008) |
| | | CISCO, Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak (26.03.2008) |
| | | CISCO, Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers (26.03.2008) |
| | | CISCO, Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability (26.03.2008) |
| | | CISCO, Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720 (26.03.2008) |
| | | CISCO, Cisco Security Advisory: Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS (26.03.2008) |
Novell eDirectory buffer overflow
updated since 26.03.2008 | | Published: | | 28.03.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8839 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow on oversized LDAP delRequest. |
| CVE: | | CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.) |
|
|
|
|
|
|
|
|
