Computer Security
[EN] securityvulns.ru no-pyccku


Mita Scanner File Utility multiple security vulnerabilities
Published:01.09.2008
Source:
SecurityVulns ID:9248
Type:remote
Threat Level:
5/10
Description:Directory traversal, unauthorized access.
Affected:KYOCERA : Mita Scanner File Utility 3.3
Original documentdocumentSeth Fogie, White Wolf Labs #080826-1: Kyocera Mita Scanner File Utility (Multiple) (01.09.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:01.09.2008
Source:
SecurityVulns ID:9249
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. FeedBurner FeedSmith: crossite scripting, information leak. myPHPNuke: crossite scripting, SQL injection.
Affected:MYPHPNUKE : myPHPNuke 1.8
 INVISION : Invision Power Board 2.3
 FEEDBURNER : FeedBurner FeedSmith 2.3
 PHPCART : PHPCart 4.6
 PHPCART : PHPCart 3.4
Original documentdocumentvaibhav aher, XSS and Data Manipulation attacks found in CMS PHPCart. (01.09.2008)
 documentgmdarkfig_(at)_gmail.com, [Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities (01.09.2008)
 documentgmdarkfig_(at)_gmail.com, [Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass (01.09.2008)
 documentMustLive, Vulnerabilities in FeedBurner FeedSmith for WordPress (01.09.2008)
 documentMustLive, XSS and SQL Injection vulnerabilities in myPHPNuke (01.09.2008)
Files:[Exploit] Invision Power Board <= 2.3.5 Multiple Vulnerabilities

ipsec-tools / racoon IPSec DoS
Published:01.09.2008
Source:
SecurityVulns ID:9251
Type:remote
Threat Level:
7/10
Description:DoS attack with memory exhaustion.
CVE:CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).)
 CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.)
Original documentdocumentMANDRIVA, [email protected] (01.09.2008)

libpurple / Pidgin buffer overflow
updated since 01.09.2008
Published:09.06.2009
Source:
SecurityVulns ID:9250
Type:library
Threat Level:
6/10
Description:Buffer overflow on MSN SLP messages parsing.
Affected:PIDGIN : Pidgin 2.4
CVE:CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.)
 CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.)
Original documentdocumentZDI, ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (09.06.2009)
 documentZDI, ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (01.09.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod