CVE-2008-1382
Product:
libpng: libpng 1.0.10
libpng: libpng 1.0.10
libpng: libpng 1.0.11
libpng: libpng 1.0.12
libpng: libpng 1.0.13
libpng: libpng 1.0.14
libpng: libpng 1.0.15
libpng: libpng 1.0.16
libpng: libpng 1.0.17
libpng: libpng 1.0.18
libpng: libpng 1.0.19
libpng: libpng 1.0.20
libpng: libpng 1.0.21
libpng: libpng 1.0.22
libpng: libpng 1.0.23
libpng: libpng 1.0.24
libpng: libpng 1.0.25
libpng: libpng 1.0.26
libpng: libpng 1.0.27
libpng: libpng 1.0.28
libpng: libpng 1.0.29
libpng: libpng 1.0.30
libpng: libpng 1.0.31
libpng: libpng 1.0.32
libpng: libpng 1.0.6
libpng: libpng 1.0.7
libpng: libpng 1.0.8
libpng: libpng 1.0.9
libpng: libpng 1.2.0
libpng: libpng 1.2.1
libpng: libpng 1.2.10
libpng: libpng 1.2.11
libpng: libpng 1.2.13
libpng: libpng 1.2.14
libpng: libpng 1.2.15
libpng: libpng 1.2.16
libpng: libpng 1.2.17
libpng: libpng 1.2.18
libpng: libpng 1.2.19
libpng: libpng 1.2.2
libpng: libpng 1.2.20
libpng: libpng 1.2.21
libpng: libpng 1.2.22
libpng: libpng 1.2.23
libpng: libpng 1.2.24
libpng: libpng 1.2.25
libpng: libpng 1.2.26
libpng: libpng 1.2.3
libpng: libpng 1.2.4
libpng: libpng 1.2.5
libpng: libpng 1.2.6
libpng: libpng 1.2.7
libpng: libpng 1.2.8
libpng: libpng 1.2.9
libpng: libpng 1.4
libpng: libpng 1.0.11
libpng: libpng 1.0.11
libpng: libpng 1.0.11
libpng: libpng 1.0.12
libpng: libpng 1.0.12
libpng: libpng 1.0.15
libpng: libpng 1.0.15
libpng: libpng 1.0.15
libpng: libpng 1.0.19
libpng: libpng 1.0.19
libpng: libpng 1.0.19
libpng: libpng 1.0.19
libpng: libpng 1.0.21
libpng: libpng 1.0.21
libpng: libpng 1.0.22
libpng: libpng 1.0.23
libpng: libpng 1.0.23
libpng: libpng 1.0.23
libpng: libpng 1.0.23
libpng: libpng 1.0.23
libpng: libpng 1.0.24
libpng: libpng 1.0.25
libpng: libpng 1.0.25
libpng: libpng 1.0.27
libpng: libpng 1.0.27
libpng: libpng 1.0.27
libpng: libpng 1.0.27
libpng: libpng 1.0.27
libpng: libpng 1.0.27
libpng: libpng 1.0.28
libpng: libpng 1.0.28
libpng: libpng 1.0.28
libpng: libpng 1.0.28
libpng: libpng 1.0.28
libpng: libpng 1.0.29
libpng: libpng 1.0.29
libpng: libpng 1.0.29
libpng: libpng 1.0.29
libpng: libpng 1.0.30
libpng: libpng 1.0.31
libpng: libpng 1.0.6
libpng: libpng 1.0.6
libpng: libpng 1.0.6
libpng: libpng 1.0.6
libpng: libpng 1.0.6
libpng: libpng 1.0.6
libpng: libpng 1.0.6
libpng: libpng 1.0.7
libpng: libpng 1.0.7
libpng: libpng 1.0.7
libpng: libpng 1.0.7
libpng: libpng 1.0.7
libpng: libpng 1.0.7
libpng: libpng 1.0.7
libpng: libpng 1.0.7
libpng: libpng 1.0.7
libpng: libpng 1.0.8
libpng: libpng 1.0.8
libpng: libpng 1.0.8
libpng: libpng 1.0.8
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
libpng: libpng 1.0.9
Severity: High (7.5)
CVSS vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Potential loss type: Gain other access, Integrity, Confidentiality, Availability
Vulnerability description:
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length”unknown”chunks, which trigger an access of uninitialized memory.
Patch available: No
References:
http://www.ocert.org/advisories/ocert-2008-003.html
http://libpng.sourceforge.net/Advisory-1.2.26.txt
SECUNIA: http://secunia.com/advisories/29792
CiscoCisco Security Advisory: Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability
A remote, unauthenticated user could exploit this vulnerability to execute arbitrary commands that m …
04 april, 2008
Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point …
27 march, 2008
Cisco Security Advisory: Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subje …
27 march, 2008
Microsoft(MS08-025) Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
A local attacker who successfully exploited this vulnerability could take complete control of an aff …
08 april, 2008
(MS08-024) Cumulative Security Update for Internet Explorer (947864)
The vulnerability could allow remote code execution if a user viewed a specially crafted Web page us …
08 april, 2008
(MS08-023) Security Update of ActiveX Kill Bits (948881)
The vulnerability could allow remote code execution if a user viewed a specially crafted Web page us …
08 april, 2008
Vulnerability Database
CVE-2008-1382
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length”unknown”chunks, which trigger an access of uninitialized memory.
National Vulnerability Database 14 april, 2008 CVE-2008-1100
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
National Vulnerability Database 14 april, 2008 CVE-2008-0963
Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface.
National Vulnerability Database 14 april, 2008 CVE-2008-0962
Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface.
National Vulnerability Database 14 april, 2008 CVE-2008-0961
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.
National Vulnerability Database 14 april, 2008 CVE-2008-0927
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via crafted Connection: HTTP headers. NOTE: this might be similar to CVE-2008-1777.
National Vulnerability Database 14 april, 2008 CVE-2008-1780
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors.
National Vulnerability Database 14 april, 2008 CVE-2008-1779
Sun Solaris 8, 9, and 10 allows”remote privileged”users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets.
National Vulnerability Database 14 april, 2008 CVE-2008-1778
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
National Vulnerability Database 14 april, 2008 CVE-2008-1777
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028.
National Vulnerability Database 14 april, 2008 CVE-2008-1776
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
National Vulnerability Database 14 april, 2008 CVE-2008-1775
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
National Vulnerability Database 14 april, 2008 CVE-2008-1774
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
National Vulnerability Database 14 april, 2008 CVE-2008-1773
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
National Vulnerability Database 14 april, 2008 CVE-2008-1772
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
National Vulnerability Database 14 april, 2008 SearchSUN Microsysytem A Security Vulnerability in the Handling of Self Encapsulated IP Packets may Lead to a Denial of Service (DOS) Condition.
A Security vulnerability in Solaris, related to the handling of self encapsulated IP packets, may a …
14 april, 2008
A Security Vulnerability in The N1 Grid Engine 6.1 Qmaster Daemon May Lead to a Denial of Service (DoS)
A security vulnerability in the Qmaster daemon shipped with N1 Grid Engine 6.1, may allow a local un …
14 april, 2008
Security Vulnerabilities in the GNU Zebra and Quagga BGP Routing Daemon May Allow for Denial of Service
Multiple security vulnerabilities in the Quagga and GNU Zebra routing software shipped with Solaris …
11 april, 2008
Red Hat[RHSA-2008:0221-01] Critical: flash-plugin security update
Red Hat Security Advisory - Critical: flash-plugin security update
09 april, 2008
[RHSA-2008:0214-01] Moderate: squid security update
Red Hat Security Advisory - Moderate: squid security update
09 april, 2008
[RHSA-2008:0218-01] Moderate: gnome-screensaver security update
Red Hat Security Advisory - Moderate: gnome-screensaver security update
03 april, 2008
РоСMS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021)
Target: MS Windows GDI
Impact: Code execution
Mumbo Jumbo Media OP4 Remote Blind SQL Injection Exploit
Target: Mumbo Jumbo Media OP4
Impact: SQL injection
XM Easy Personal FTP Server 5.4.0 (XCWD) Denial of Service Exploit
Target: XM Easy Personal FTP Server 5.4.0
Impact: Denial of service
Объявления по теме:
Hp Pavilion dv9790er P-C Duo T7500 (2.2ghz), 17 Wxga+ Bv, 4gb (2×2GB), 320GB (2 Москва
РЕМОНТ КОМПЬЮТЕРОВ В КИЕВЕ (044) 227-25-79
Объявления о поиске людей Ц родственников, друзей, случайных попутчиков Москва