Security-Database Alerts Monitor : Last 100 Alerts

High - RHSA-2008:0607-01 - Problem Description: Updated kernel packages...

Wed, 23 Jul 2008 00:00:00 +0200

Problem Description: Updated kernel packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important...

High - USN-627-1 - Dnsmasq vulnerability

Tue, 22 Jul 2008 00:00:00 +0200

A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be...

High - RHSA-2008:0582-01 - Problem Description: Updated PHP packages...

Tue, 22 Jul 2008 00:00:00 +0200

Problem Description: Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1. This update has been rated as having moderate security impact...

Low - MDVSA-2008:152 - Updated wireshark packages fix denial of service vulnerability

Tue, 22 Jul 2008 00:00:00 +0200

Problem Description: A vulnerability was found in Wireshark, that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.2, which is not...

Medium - DSA-1613 - libgd2 -- multiple vulnerabilities

Tue, 22 Jul 2008 00:00:00 +0200

Multiple vulnerabilities have been identified in libgd2, a libraryfor programmatic graphics creation and manipulation. The CommonVulnerabilities and Exposures project identifies the following...

NA - CVE-2008-3263 - Asterisk allows remote attackers to cause a...

Tue, 22 Jul 2008 00:00:00 +0200

Asterisk allows remote attackers to cause a denial of service (CPU consumption) by quickly sending a large number of IAX POKE requests.

NA - CVE-2008-3262 - Cross-site request forgery (CSRF) vulnerability...

Tue, 22 Jul 2008 00:00:00 +0200

Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.

NA - CVE-2008-3261 - Open redirect vulnerability in...

Tue, 22 Jul 2008 00:00:00 +0200

Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url...

NA - CVE-2008-3260 - Multiple cross-site scripting (XSS)...

Tue, 22 Jul 2008 00:00:00 +0200

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to...

NA - CVE-2008-3259 - OpenSSH before 5.1 sets the SO_REUSEADDR socket...

Tue, 22 Jul 2008 00:00:00 +0200

OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a...

NA - CVE-2008-3258 - Multiple SQL injection vulnerabilities in Zoph...

Tue, 22 Jul 2008 00:00:00 +0200

Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

NA - CVE-2008-3257 - Stack-based buffer overflow in the Apache...

Tue, 22 Jul 2008 00:00:00 +0200

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long...

NA - CVE-2008-3256 - SQL injection vulnerability in folder.php in...

Tue, 22 Jul 2008 00:00:00 +0200

SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.

NA - CVE-2008-3255 - Cross-site scripting (XSS) vulnerability in...

Tue, 22 Jul 2008 00:00:00 +0200

Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Medium - CVE-2008-3254 - SQL injection vulnerability in index.php in...

Tue, 22 Jul 2008 00:00:00 +0200

SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.

Medium - CVE-2008-3253 - Cross-site scripting (XSS) vulnerability in the...

Tue, 22 Jul 2008 00:00:00 +0200

Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise)...

Medium - CVE-2008-3188 - libxcrypt in SUSE openSUSE 11.0 uses the DES...

Tue, 22 Jul 2008 00:00:00 +0200

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

NA - SUN-239907 - Sun Alert 239907 SUN ALERT WEEKLY SUMMARY REPORT - Week of 13-Jul-2008 to 19-Jul-2008

Mon, 21 Jul 2008 00:00:00 +0200

<div class="product"><b>Product:</b></div><div class="state"><b>State:</b> Workaround</div><div...

High - RHSA-2008:0641-02 - Problem Description: Updated acroread...

Mon, 21 Jul 2008 00:00:00 +0200

Problem Description: Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been...

High - MDVSA-2008:151 - Updated libxslt packages fix buffer overflow vulnerability

Mon, 21 Jul 2008 00:00:00 +0200

Problem Description: A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to...

High - GLSA-200807-12 - BitchX: Multiple vulnerabilities

Mon, 21 Jul 2008 00:00:00 +0200

Synopsis ======== Multiple vulnerabilities in BitchX may allow for the remote execution of arbitrary code or symlink attacks. Background ========== BitchX is an IRC client. Affected...

High - GLSA-200807-11 - PeerCast: Buffer overflow

Mon, 21 Jul 2008 00:00:00 +0200

Synopsis ======== A buffer overflow vulnerability in PeerCast may allow for the remote execution of arbitrary code. Background ========== PeerCast is a client and server for P2P-radio...

Low - GLSA-200807-10 - Bacula: Information disclosure

Mon, 21 Jul 2008 00:00:00 +0200

Synopsis ======== A vulnerability in Bacula may allow local attackers to obtain sensitive information. Background ========== Bacula is a network based backup suite. Affected packages...

High - DSA-1612 - ruby1.8 -- several vulnerabilities

Mon, 21 Jul 2008 00:00:00 +0200

Several vulnerabilities have been discovered in the interpreter forthe Ruby language, which may lead to denial of service or theexecution of arbitrary code. The Common Vulnerabilities and...

High - CVE-2008-3252 - Stack-based buffer overflow in the read_article...

Mon, 21 Jul 2008 00:00:00 +0200

Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines...

High - CVE-2008-3251 - Multiple SQL injection vulnerabilities in...

Mon, 21 Jul 2008 00:00:00 +0200

Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to...

High - CVE-2008-3250 - SQL injection vulnerability in index.php in...

Mon, 21 Jul 2008 00:00:00 +0200

SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

Medium - CVE-2008-3249 - The client in Lenovo System Update before 3.14...

Mon, 21 Jul 2008 00:00:00 +0200

The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL...

High - CVE-2008-3246 - Unspecified vulnerability in the PDF distiller...

Mon, 21 Jul 2008 00:00:00 +0200

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3)...

High - CVE-2008-3245 - SQL injection vulnerability in phpHoo3.php in...

Mon, 21 Jul 2008 00:00:00 +0200

SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.

Medium - CVE-2008-3244 - The scanning engine before 4.4.4 in F-Prot...

Mon, 21 Jul 2008 00:00:00 +0200

The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an...

Medium - CVE-2008-3243 - Multiple unspecified vulnerabilities in the...

Mon, 21 Jul 2008 00:00:00 +0200

Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed...

High - CVE-2008-3242 - Heap-based buffer overflow in the PPMedia Class...

Mon, 21 Jul 2008 00:00:00 +0200

Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method....

High - CVE-2008-3241 - SQL injection vulnerability in...

Mon, 21 Jul 2008 00:00:00 +0200

SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.

High - CVE-2008-3240 - SQL injection vulnerability in index.php in...

Mon, 21 Jul 2008 00:00:00 +0200

SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.

High - CVE-2008-3239 - Unrestricted file upload vulnerability in the...

Mon, 21 Jul 2008 00:00:00 +0200

Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and...

High - CVE-2008-3238 - Multiple SQL injection vulnerabilities in...

Mon, 21 Jul 2008 00:00:00 +0200

Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid...

Medium - CVE-2008-3237 - Cross-site scripting (XSS) vulnerability in...

Mon, 21 Jul 2008 00:00:00 +0200

Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.

Medium - CVE-2008-3236 - Unspecified vulnerability in Wsadmin in the...

Mon, 21 Jul 2008 00:00:00 +0200

Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via...

High - CVE-2008-3235 - Unspecified vulnerability in the...

Mon, 21 Jul 2008 00:00:00 +0200

Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.

Medium - CVE-2008-3187 - zypp-refresh-patches in zypper in SUSE openSUSE...

Mon, 21 Jul 2008 00:00:00 +0200

zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package...

High - MDVSA-2008:150 - Updated mysql packages fix vulnerabilities

Sat, 19 Jul 2008 00:00:00 +0200

Problem Description: Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code (CVE-2008-0226) or cause a denial of service via a...

Medium - MDVSA-2008:149 - Updated mysql packages fix vulnerabilities

Sat, 19 Jul 2008 00:00:00 +0200

Problem Description: Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under...

High - VU#289235 - BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code execution