Computer Security
[EN] securityvulns.ru no-pyccku


SonicWALL format string vulnerability
updated since 27.05.2009
Published:01.06.2009
Source:
SecurityVulns ID:9942
Type:remote
Threat Level:
7/10
Description:Format stirng vulnerability on server log parsing and during authentication.
Affected:SONICWALL : SonicOS 4.0
 SONICWALL : SonicWALL SSL-VPN 2000
 SONICWALL : SonicWALL SSL-VPN 4000
 SONICWALL : SonicWALL SSL-VPN 200
Original documentdocumentPatrick Webster, SonicWALL SSL-VPN Appliance Format String Vulnerability (01.06.2009)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20090525-4 :: SonicOS Format String Vulnerability (27.05.2009)

Wireshark DoS
Published:01.06.2009
Source:
SecurityVulns ID:9948
Type:remote
Threat Level:
5/10
Description:Crash on PCNFSD packet parsing.
CVE:CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:125 ] wireshark (01.06.2009)

Linksys WAG54G2 commands injection
Published:01.06.2009
Source:
SecurityVulns ID:9949
Type:remote
Threat Level:
3/10
Description:It's possible to inject command via Web interface.
Affected:CISCO : Linksys WAG54G2
Original documentdocumentmichal.sajdak_(at)_securitum.pl, Linksys WAG54G2 Web Management Console Local Arbitrary Shell Command Injection Vulnerability (01.06.2009)

VMWare DoS
Published:01.06.2009
Source:
SecurityVulns ID:9950
Type:local
Threat Level:
3/10
Description:DoS from virtual machine if Descheduled Time Accounting Service is installed.
Affected:VMWARE : VMware Workstation 6.5
 VMWARE : VMware Player 2.5
 VMWARE : VMware ACE 2.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Fusion 2.0
CVE:CVE-2009-1805 (Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.)
Original documentdocumentVMWARE, VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues (01.06.2009)

Apache protection bypass
Published:01.06.2009
Source:
SecurityVulns ID:9951
Type:local
Threat Level:
4/10
Description:Invalid IncludesNOEXEC option processing allows code execution via included .shtml files.
Affected:APACHE : Apache 2.2
CVE:CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:124 ] apache (01.06.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:01.06.2009
Source:
SecurityVulns ID:9952
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
Affected:MYPHPNUKE : myPHPNuke 1.8
 ONLINEGRADES : Online Grades & Attendance 3.2
 OCSINVENTORY : OCS Inventory NG 1.02
Original documentdocumenty3nh4ck3r_(at)_gmail.com, MULTIPLE SQL INJECTION VULNERABILITIES -- Online Grades & Attendance v-3.2.6 --> (01.06.2009)
 documentNico Leidecker, OCS Inventory NG 1.02 - Multiple SQL Injections (01.06.2009)
 documenty3nh4ck3r_(at)_gmail.com, (Post Form --> Parent Register (name)) Credentials Changer (SQLi) EXPLOIT -- Online Grades & Attendance v-3.2.6--> (01.06.2009)
 documentMustLive, SQL Injection vulnerability in myPHPNuke (01.06.2009)
Files:EXPLOIT Online Grades & Attendance v-3.2.6

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod