 |
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
|  | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
E107: обход CAPTCHA, межсайтовый скриптинг. |
|
| Linux syscall filtering bypass
|  | | 32 bit application can use 64 bit syscall and vice versa to bypass syscall filtering, because syscall numbers are different. |
|
21.01.2009 Detailed |
| | Microsoft Windows fails to disable autorun
|  | | None of documented methods to disable autorun does it completely. This way of distribution is actively used by malware. CERT advises to add next record into registry (@ means default value for key).
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
|
| |
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 20.01.2009
|  | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Power Phlogger: SQL injection, DoS. |
| | |
18.01.2009 Detailed |
| 6! | Cisco ONS TCP DoS
|  | | Crash on TCP connection establishing. |
6! | Cusci IronPort Encryption Appliance / PostX multiple security vulnerabilities
|  | | Unauthorized access to encrypted messages, unauthorized access to administration interface. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
|  | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
|
13.01.2009 Detailed |
| | DevIL library buffer overflow
|  | | Buffer overflow in iGetHdrHeader() function on Radiance RGBE files processing. |
| PDFBuilderX ActiveX unauthorized filesystem access
|  | | Unsafe methods are available. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
|  | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
FCKeditor: crossite scripting, information leak.
WOSendNews: crossite scripting, information leak.
|
| |
|
|
|
|
|
|
|
|