Search:Vulnerability:29.02.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

dbus-daemon protection bypass
Published: 29.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8728
Type: local
Level: 5/10
Description: User can bypass security access policy for some methods.

Affected: DBUS : dbus 1.0
CVE: CVE-2008-0595

Original document MANDRIVA, [ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability (29.02.2008)

Discuss: Read or add your comments to this news (0 comments)

VideoLAN VLC media player memory corruption
Published: 29.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8731
Type: client
Level: 5/10
Description: Memory corruption on .MOV MP4 files parsing.

Affected: VLC : VLC 0.8
MICROPLAYER : Miro Player 1.1
CVE: CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.)

Original document CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0130: VLC media player chunk context validation error (29.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Beehive/SendFile.NET - Secure File Transfer Appliance hardcoded credentials
Published: 29.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8735
Type: remote
Level: 5/10
Description: There is hardcoded FTP account sfoutbox/sfoutbox.

Original document Brad Antoniewicz, Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials (29.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Apple Mac OS X Loginwindow.app information leakage
Published: 29.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8734
Type: local
Level: 5/10
Description: Username and password can be found in process memory.

Affected: APPLE : MacOS X 10.4

Original document Jacob Appelbaum, Loginwindow.app and Mac OS X (29.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 29.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8730
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: CACTI : Cacti 0.8
CENTREON : Centreon 1.4
USYSTEMS : Urulu 2.1
CVE: CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.)
CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.)
CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.)
CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login.)
CVE-2008-0385
CVE-2008-0385

Original document Jose Luis Góngora Fernández, Centreon <= 1.4.2.3 (index.php) Remote File Disclosure (29.02.2008)

HACKERS PAL, PHPMyTourney Remote file include Vulnerability (29.02.2008)

vijayv_(at)_cascentral.com, XSS on XRMS- open source CRM (29.02.2008)

research_(at)_procheckup.com, PR07-41: XSS on Juniper Networks Secure Access 2000 (29.02.2008)

document f10_(at)_by-f10.com, 123 Flash Chat Module for phpBB (29.02.2008)

research_(at)_procheckup.com, PR07-42: Webroot disclosure on Juniper Networks Secure Access 2000 (29.02.2008)

no-reply_(at)_aria-security.net, PHP-Nuke My_eGallery "gid" Remote SQL Injection (29.02.2008)

f10_(at)_by-f10.com, 123 Flash Chat Module for phpBB (29.02.2008)

document Daniel Roethlisberger, Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385) (29.02.2008)

Daniel Roethlisberger, Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385) (29.02.2008)

MANDRIVA, [ MDVSA-2008:052 ] - Updated cacti packages fix multiple vulnerabilities (29.02.2008)

Discuss: Read or add your comments to this news (0 comments)

am-utils unauthorized access
Published: 29.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8733
Type: local
Level: 5/10

Original document RPATH, rPSA-2008-0088-1 am-utils (29.02.2008)

Discuss: Read or add your comments to this news (0 comments)

Trend Micro OfficeScan multiple security vulnerabilities
Published: 29.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8729
Type: remote
Level: 6/10
Description: Buffer overflow and DoS conditions.

Affected: TM : OfficeScan Corporate Edition 7.3
TM : OfficeScan Corporate Edition 8.0

Original document Luigi Auriemma, Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products (29.02.2008)

Files: Exploits Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0
Discuss: Read or add your comments to this news (1 comments)

lighthttpd DoS
Published: 29.02.2008
Source: BUGTRAQ
SecurityVulns ID: 8732
Type: remote
Level: 5/10
Description: DoS on large number of connections.

Affected: LIGHTHTTPD : lighttpd 1.4
CVE: CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.)

Original document RPATH, rPSA-2008-0084-1 lighttpd (29.02.2008)

Discuss: Read or add your comments to this news (0 comments)