Securityvulns news channel

Securityvulns news channel http://securityvulns.com/ en securityvulns.com vulnerabilities newsline security, computers, news 3APA3A RSS generator v1.4.2 3APA3A@security.nnov.ru 3APA3A@security.nnov.ru Sun, 21 Mar 2010 00:14:00 GMT 2003-2007 Securityvulns, All rights reserved http://securityvulns.com/images/banners/b88x31e.jpg Securityvulns news channel http://securityvulns.com/ libpng DoS library http://securityvulns.com/news/libpng/1003.html Resources exhaustion on data decompression in png_decompress_chunk(). Applications: libpng 1.2, libpng 1.0, libpng 1.4 (18.03.2010) 10699.libpng/1003.18.03.2010. QuickZip buffer overflow local http://securityvulns.com/news/QuickZip/BO.html Buffer overflow on .zip files parsing. (18.03.2010) 10700.QuickZip/BO.18.03.2010. SAP MaxDB code execution remote http://securityvulns.com/news/SAP/MaxDB/1003.html Buffer overflow on TCP/7210 request parsing. (18.03.2010) 10698.SAP/MaxDB/1003.18.03.2010. MediaCoder buffer overflow local http://securityvulns.com/news/MediaCoder/lst.html Buffer overflow on .lst files parsing. Applications: MediaCoder 0.7 (18.03.2010) 10702.MediaCoder/lst.18.03.2010. httpdx DoS remote http://securityvulns.com/news/httpdx/DoS.html Crash on malformed HTTP request. Applications: httpdx 1.5 (18.03.2010) 10701.httpdx/DoS.18.03.2010. Microsoft Virtual PC protection bypass local http://securityvulns.com/news/Microsoft/VirtualPC/MP.html Invalid memory regions protection for memory >2GB allows to bypass Windows memory protection techniques for guest system. Applications: Virtual Server 2005, Virtual PC 2007, Windows 7 (18.03.2010) 10697.Microsoft/VirtualPC/MP.18.03.2010. Windisc buffer overflow local http://securityvulns.com/news/Windisc/BO.html Buffer overflow on Banzhaf (.bnz) files parsing. Applications: Windisc 1.3 (18.03.2010) 10696.Windisc/BO.18.03.2010. Miranda IM TLS encryption vulnerability m-i-t-m http://securityvulns.com/news/Miranda/IM/TLS.html Under some conditions TLS is not used for Jabber server connection regradless of settings. Applications: Miranda IM 0.8 (18.03.2010) 10695.Miranda/IM/TLS.18.03.2010. Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) remote http://securityvulns.com/news/CGI/2010.03.18.html PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Applications: eFront 3.5, Nensor CMS 2.01, Quicksilver Forums 1.4, PowerDNS Administrator 1.1, QSF Portal 1.4, Sahana 0.6, SOFTSAURUS 2.01, Dojo Toolkit SDK 1.4 (18.03.2010) 10694.CGI/2010.03.18.18.03.2010. WebKit / Apple Safari / Google Chrome multiple security vulnerabilities, updated since 15.03.2010 library http://securityvulns.com/news/WebKit/1003.html Use-after-free, integer overflow, clickjacking. Applications: Safari 4.0, Chrome 3.0 (17.03.2010) 10692.WebKit/1003.17.03.2010.15.03.2010 bind DNS server cache poisoning, updated since 01.12.2009 remote http://securityvulns.com/news/bind/0912.html It's possible to inject cache record during DNSSEC request processing. Applications: bind 9.4, bind 9.5, bind 9.6, bind 9.7 (17.03.2010) 10431.bind/0912.17.03.2010.01.12.2009