Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:9038
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke AutoHTML Module 2.0 - crossite scripting.
Affected:PHPNUKE : AutoHTML 2.0 module for PHP-Nuke
 XEROX : DocuShare 6
 DOTNETNUKE : Dot Net Nuke 4.8
Original documentdocumentadmin_(at), Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability (30.05.2008)
 documentHackers Center Security Group, XEROX DocuShare URL XSS Injection Vulnerabilities (30.05.2008)
 documentMustLive, Cross-Site Scripting vulnerability in AutoHTML for PHP-Nuke (30.05.2008)

Apple Mac OS X multiple security vulnerabilities
SecurityVulns ID:9039
Threat Level:
Description:AFP server directory traversal, Apache updates, AppKit memory corruption, Apple Pixlet Video multiple memory corruptions, Apple Type Services PDF printing fonts memory corruption, SSL information leak, multiple vulnerabilities in Graphics and Image engines on different filetypes and multimedia formats, Help Viewer buffer overflow, Unicode content filtering bypass, Image Capture directory traversal, DoS через IPv6, SMTP client buffer overflow, etc.
Affected:APPLE : Mac OS X 10.4
 CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.)
 CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.)
 CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.)
 CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.)
 CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables.")
 CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.)
Original documentdocumentAPPLE, About the security content of Security Update 2008-003 / Mac OS X 10.5.3 (30.05.2008)

Opera buffer overflow
SecurityVulns ID:9040
Threat Level:
Description:Buffer overflow on TLS certificate parsing.
Affected:OPERA : Opera 9.24
CVE:CVE-2007-6521 (Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.)
Original documentdocumentAlexander Klink, [Full-disclosure] Opera - heap based buffer overflow (CVE-2007-6521) (30.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod