Computer Security
[EN] securityvulns.ru no-pyccku


dbus-daemon protection bypass
Published:29.02.2008
Source:
SecurityVulns ID:8728
Type:local
Threat Level:
5/10
Description:User can bypass security access policy for some methods.
Affected:DBUS : dbus 1.0
CVE:CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability (29.02.2008)

Trend Micro OfficeScan multiple security vulnerabilities
Published:29.02.2008
Source:
SecurityVulns ID:8729
Type:remote
Threat Level:
6/10
Description:Buffer overflow and DoS conditions.
Affected:TM : OfficeScan Corporate Edition 7.3
 TM : OfficeScan Corporate Edition 8.0
Original documentdocumentLuigi Auriemma, Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products (29.02.2008)
Files:Exploits Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.02.2008
Source:
SecurityVulns ID:8730
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 MERETHIS : Centreon 1.4
 USYSTEMS : Urulu 2.1
CVE:CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.)
 CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.)
 CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.)
 CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via the (1) view_type parameter to graph.php, (2) filter parameter to graph_view.php, and (3) action and login_username parameters to index.php/login.)
 CVE-2008-0385
 CVE-2008-0385
Original documentdocumentJose Luis Góngora Fernández, Centreon <= 1.4.2.3 (index.php) Remote File Disclosure (29.02.2008)
 documentHACKERS PAL, PHPMyTourney Remote file include Vulnerability (29.02.2008)
 documentvijayv_(at)_cascentral.com, XSS on XRMS- open source CRM (29.02.2008)
 documentProCheckUp Research, PR07-41: XSS on Juniper Networks Secure Access 2000 (29.02.2008)
 documentf10_(at)_by-f10.com, 123 Flash Chat Module for phpBB (29.02.2008)
 documentProCheckUp Research, PR07-42: Webroot disclosure on Juniper Networks Secure Access 2000 (29.02.2008)
 documentno-reply_(at)_aria-security.net, PHP-Nuke My_eGallery "gid" Remote SQL Injection (29.02.2008)
 documentf10_(at)_by-f10.com, 123 Flash Chat Module for phpBB (29.02.2008)
 documentDaniel Roethlisberger, Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385) (29.02.2008)
 documentDaniel Roethlisberger, Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385) (29.02.2008)
 documentMANDRIVA, [ MDVSA-2008:052 ] - Updated cacti packages fix multiple vulnerabilities (29.02.2008)

VideoLAN VLC media player memory corruption
Published:29.02.2008
Source:
SecurityVulns ID:8731
Type:client
Threat Level:
5/10
Description:Memory corruption on .MOV MP4 files parsing.
Affected:VLC : VLC 0.8
 MICROPLAYER : Miro Player 1.1
CVE:CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0130: VLC media player chunk context validation error (29.02.2008)

lighthttpd DoS
Published:29.02.2008
Source:
SecurityVulns ID:8732
Type:remote
Threat Level:
5/10
Description:DoS on large number of connections.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.)
Original documentdocumentRPATH, rPSA-2008-0084-1 lighttpd (29.02.2008)

am-utils unauthorized access
Published:29.02.2008
Source:
SecurityVulns ID:8733
Type:local
Threat Level:
5/10
Original documentdocumentRPATH, rPSA-2008-0088-1 am-utils (29.02.2008)

Apple Mac OS X Loginwindow.app information leakage
Published:29.02.2008
Source:
SecurityVulns ID:8734
Type:local
Threat Level:
5/10
Description:Username and password can be found in process memory.
Affected:APPLE : MacOS X 10.4
Original documentdocumentJacob Appelbaum, Loginwindow.app and Mac OS X (29.02.2008)

Beehive/SendFile.NET - Secure File Transfer Appliance hardcoded credentials
Published:29.02.2008
Source:
SecurityVulns ID:8735
Type:remote
Threat Level:
5/10
Description:There is hardcoded FTP account sfoutbox/sfoutbox.
Original documentdocumentBrad Antoniewicz, Beehive/SendFile.NET - Secure File Transfer Appliance Hardcoded Credentials (29.02.2008)

Canon Multi Function Devices FTP bounce attack
Published:29.02.2008
Source:
SecurityVulns ID:8736
Type:remote
Threat Level:
3/10
Description:Device can be used for network attacks bouncing.
Affected:CANON : imageRUNNER C3220
 CANON : imageRUNNER 9070
 CANON : imageRUNNER C6800
 CANON : imageRUNNER 2230
 CANON : imageRUNNER 2830
 CANON : imageRUNNER 3530
 CANON : imageRUNNER 3025
 CANON : imageRUNNER 3030
 CANON : imageRUNNER 3035
 CANON : imageRUNNER 3045
 CANON : imageRUNNER 2270
 CANON : imageRUNNER 2870
 CANON : imageRUNNER 3570
 CANON : imageRUNNER 4570
 CANON : imageRUNNER 5070
 CANON : imageRUNNER 5570
 CANON : imageRUNNER 6570
 CANON : imageRUNNER 5050
 CANON : imageRUNNER 5055
 CANON : imageRUNNER 5065
 CANON : imageRUNNER 5075
 CANON : imageRUNNER 8070
 CANON : imageRUNNER 85+
 CANON : imageRUNNER 105+
 CANON : imageRUNNER 7086
 CANON : imageRUNNER 7095
 CANON : imageRUNNER 7105
 CANON : imageRUNNER C2620
 CANON : imageRUNNER C2880
 CANON : imageRUNNER C3380
 CANON : imageRUNNER C2550
 CANON : imageRUNNER C4080
 CANON : imageRUNNER C4580
 CANON : imageRUNNER C5180
 CANON : imageRUNNER C5185
 CANON : imageRUNNER LBP5960
 CANON : imageRUNNER LBP5360
 CANON : imageRUNNER C3170
 CANON : imageRUNNER C5800
 CANON : imageRUNNER C5870U
 CANON : imageRUNNER C6870U
 CANON : imageRUNNER C5058
 CANON : imageRUNNER C5068
 CANON : imageRUNNER LBP3460
 CANON : imageRUNNER C7000VP
 CANON : imageRUNNER C1
CVE:CVE-2008-0303
Original documentdocumentNate Johnson, [Full-disclosure] Canon Multi Function Devices vulnerable to FTP bounce attack (29.02.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod