CVE-2008-1771
Product:
fireflymediaserver: fireflymediaserver 0.2.4.1
Severity: High (7.5)
CVSS vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Potential loss type: Gain user access, Integrity, Confidentiality, Availability
Vulnerability description:
Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length.
Patch available: No
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476241
CiscoCisco Security Advisory: Cisco Network Admission Control Shared Secret Vulnerability
A vulnerability exists in the Cisco Network Admission Control (NAC) Appliance that can allow an atta …
17 april, 2008
Cisco Security Advisory: Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability
A remote, unauthenticated user could exploit this vulnerability to execute arbitrary commands that m …
04 april, 2008
Cisco Security Advisory: Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point …
27 march, 2008
Microsoft(MS08-025) Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
A local attacker who successfully exploited this vulnerability could take complete control of an aff …
08 april, 2008
(MS08-024) Cumulative Security Update for Internet Explorer (947864)
The vulnerability could allow remote code execution if a user viewed a specially crafted Web page us …
08 april, 2008
(MS08-023) Security Update of ActiveX Kill Bits (948881)
The vulnerability could allow remote code execution if a user viewed a specially crafted Web page us …
08 april, 2008
Vulnerability Database
CVE-2008-1786
Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute abritrary code via crafted function arguments.
National Vulnerability Database 16 april, 2008 CVE-2008-1771
Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length.
National Vulnerability Database 16 april, 2008 CVE-2008-1387
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
National Vulnerability Database 16 april, 2008 CVE-2008-1155
Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server (CAS) and Clean Access Manager (CAM) by sniffing error logs.
National Vulnerability Database 16 april, 2008 CVE-2008-0893
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.
National Vulnerability Database 16 april, 2008 CVE-2008-0892
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
National Vulnerability Database 16 april, 2008 CVE-2008-0314
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
National Vulnerability Database 16 april, 2008 CVE-2008-0068
Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.
National Vulnerability Database 16 april, 2008 CVE-2007-6713
Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files.
National Vulnerability Database 16 april, 2008 CVE-2007-5758
Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.
National Vulnerability Database 16 april, 2008 CVE-2007-5664
db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.
National Vulnerability Database 16 april, 2008 CVE-2008-1859
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
National Vulnerability Database 16 april, 2008 CVE-2008-1858
SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
National Vulnerability Database 16 april, 2008 CVE-2008-1857
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
National Vulnerability Database 16 april, 2008 CVE-2008-1856
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
National Vulnerability Database 16 april, 2008 SearchSUN Microsysytem A Security Vulnerability in the Handling of Self Encapsulated IP Packets may Lead to a Denial of Service (DOS) Condition.
A Security vulnerability in Solaris, related to the handling of self encapsulated IP packets, may a …
14 april, 2008
A Security Vulnerability in The N1 Grid Engine 6.1 Qmaster Daemon May Lead to a Denial of Service (DoS)
A security vulnerability in the Qmaster daemon shipped with N1 Grid Engine 6.1, may allow a local un …
14 april, 2008
Security Vulnerabilities in the GNU Zebra and Quagga BGP Routing Daemon May Allow for Denial of Service
Multiple security vulnerabilities in the Quagga and GNU Zebra routing software shipped with Solaris …
11 april, 2008
Red Hat[RHSA-2008:0240-01] Important: xpdf security update
Red Hat Security Advisory - Important: xpdf security update
17 april, 2008
[RHSA-2008:0239-01] Important: poppler security update
Red Hat Security Advisory - Important: poppler security update
17 april, 2008
[RHSA-2008:0238-01] Important: kdegraphics security update
Red Hat Security Advisory - Important: kdegraphics security update
17 april, 2008
РоСMicrosoft Works 7 WkImgSrv.dll ActiveX Denial of Service PoC
Target: Microsoft Works 7
Impact: Denial of service
Intel Centrino ipw2200BG Wireless Driver Remote BOF Exploit (meta)
Target: Intel Centrino ipw2200BG Wireless Driver
Impact: Code execution
xine-lib
Объявления по теме:
Руль Logitech Momo Racing Feedback Wheel Крылатское
Аудио/видео техника в Одессе !
Kaiser PBF 4VQ 034 GEO