 |
|
|
|
CA Service Desk crossite scripting
updated since 30.09.2008 | | Published: |  | 30.09.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9314 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Multiple crossite scripting vulnerabilities. |
| Novell ZenWorks ActiveX buffer overflow | | Published: | | 30.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9322 | | Type: | | client | | Level: | | 6/10 | | Description: | | CanUninstall method buffer overflow. |
| MPlayer buffer overflow | | Published: | | 30.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9319 | | Type: | | client | | Level: | | 6/10 | | Description: | | Three integer overflows on video files parsing lead to buffer overflow. |
| Affected: |  | MPLAYER : MPlayer 1.0 | | CVE: |  | CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.) |
| HP Insight Diagnostics unauthorized files access | | Published: | | 30.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9323 | | Type: | | remote | | Level: | | 6/10 |
| Linksys WRT350N unauthorized access | | Published: | | 30.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9315 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Outdated SAMBA version is used, default admin:admin account is present and default guest account. |
| DATAC RealWin buffer overflow | | Published: | | 30.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9316 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on TCP/910 network packet reading. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 30.09.2008 | | Source: | | | | SecurityVulns ID: | | 9320 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | Ghost hacker, ASP News Remote Password Disclouse Vulnerability (30.09.2008) |
| | | Ghost hacker, csphonebook 1.02 Remote XSS Vulnerabilitiy (30.09.2008) |
| | | Ghost hacker, shoutbox Remote Password Disclouse Vulnerability (30.09.2008) |
| | | Ghost hacker, hyBook Remote Password Disclouse Vulnerability (30.09.2008) |
| | | Ghost hacker, Login Password Sample Remote Password Disclouse Vulnerability (30.09.2008) |
| | | tan_prathan_(at)_hotmail.com, PHP Calendar Script Remote XSS (Permanent) Vulnerabilities (30.09.2008) |
| | | admin_(at)_bugreport.ir, ParsaWeb CMS SQL Injection (30.09.2008) |
| | | biglowbird_(at)_googlemail.com, FtitzBox (30.09.2008) |
| | | Pepelux, Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability (30.09.2008) |
| | | Pepelux, The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability (30.09.2008) |
| | | Guns_(at)_0x90.com.ar, RPG.Board <= 0.0.8Beta2 Remote SQL Injection (30.09.2008) |
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 29.09.2008 | | Published: | | 30.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9310 | | Type: | | client | | Level: | | 7/10 | | Description: | | Memory corruptions, privilege escalation, crossite scripting, DoS, buffer overflow |
| Affected: | | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | | | MOZILLA : Firefox 3.0 | | CVE: | | CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages.") | | | | CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.) | | | | CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.) | | | | CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.) | | | | CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug.") | | | | CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug.") | | | | CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.) | | | | CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.) | | | | CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.) | | | | CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.) | | | | CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.) | | | | CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.) | | | | CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.) | | | | CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.) | | | | CVE-2008-0016 |
| Original document | | Aditya K Sood, Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. (30.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-37 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-38 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-39 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-40 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-41 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-42 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-43 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-44 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-45 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-46 (29.09.2008) |
| Checkpoint ZoneAlarm DoS | | Published: | | 30.09.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9321 | | Type: | | remote | | Level: | | 6/10 | | Description: | | HTTP traffic parsing DoS. |
Multiple FTP servers unsafe fgets() vulnerability
updated since 30.09.2008 | | Published: | | 11.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9317 | | Type: | | remote | | Level: | | 5/10 | | Description: | | It's possible to embed additional commands into URLs. |
| Affected: | | FREEBSD : FreeBSD 7.0 | | | | NETBSD : NetBSD 4.0 | | | | OPENBSD : OpenBSD 4.3 | | CVE: | | CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.) |
Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS
updated since 30.09.2008 | | Published: | | 12.02.2009 | | Source: | | | | SecurityVulns ID: | | 9318 | | Type: | | client | | Level: | | 5/10 | | Description: | | Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval. |
| Original document | | MustLive, DoS vulnerability in Internet Explorer 7 (12.02.2009) |
| | | MustLive, DoS vulnerability in Mozilla, Opera and Google Chrome (01.11.2008) |
| | | MustLive, DoS vulnerability in Firefox, Internet Explorer and Google Chrome (01.11.2008) |
| | | Aditya K Sood, Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability. (26.10.2008) |
| | | MustLive, DoS vulnerabilities in Mozilla, Internet Explorer, Google Chrome and Opera (24.10.2008) |
| | | MustLive, DoS vulnerability in Internet Explorer (01.10.2008) |
| | | UniquE_(at)_UniquE-Key.Org, MS Internet Explorer 7 Denial Of Service Exploit (30.09.2008) |
| | | Aditya K Sood, Advisory: Google Chrome Window Object Suppressing Remote Denial of Service. (30.09.2008) |
| | | Aditya K Sood, Advisory : Opera Window Object Suppressing Remote Denial of Service (30.09.2008) |
| | | Aditya K Sood, Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. (30.09.2008) |
| | | MustLive, DoS vulnerability in Google Chrome (30.09.2008) |
| | | MustLive, DoS vulnerability in Opera (30.09.2008) |
| | | MustLive, DoS vulnerability in Firefox (30.09.2008) |
|
|
|
|
|
|
|
|
