Computer Security
[EN] securityvulns.ru no-pyccku


Wireshark multiple security vulnerabilities
Published:02.03.2009
Source:
SecurityVulns ID:9702
Type:local
Threat Level:
4/10
Description:Vulnerabilities on different capture files format parsing.
Affected:WIRESHARK : Wireshark 1.0
CVE:CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.)
 CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame.)
 CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file.)
 CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability.")
 CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability.")
Original documentdocumentMANDRIVA, [email protected] (02.03.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.03.2009
Source:
SecurityVulns ID:9703
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cetera CMS: crossite scripting
Affected:DRUPAL : Drupal 6.9
 DRUPAL : Drupal 5.15
 YEKTAWEB : Academic Web Tools 1.5
 BLOGMAN : BlogMan 0.45
 EZBLOG : EZ-Blog 1
Original documentdocumentMustLive, Cross-Site Scripting vulnerability in Cetera CMS (02.03.2009)
 documentSalvatore "drosophila" Fresta, EZ-Blog Beta 1 Multiple SQL Injection (02.03.2009)
 documentSalvatore "drosophila" Fresta, BlogMan 0.45 Multiple Vulnerabilities (02.03.2009)
 documentmr.faghani_(at)_gmail.com, YEKTA WEB Academic Web Tools CMS Multiple XSS (02.03.2009)
 documentcontact_(at)_vnbrain.net, Afian Document Manager Local File Inclusion (02.03.2009)
 documentBogdan Calin, Drupal Local File Inclusion Vulnerability (Windows) (02.03.2009)

Hex Workshop buffer overflows
Published:02.03.2009
Source:
SecurityVulns ID:9704
Type:local
Threat Level:
5/10
Description:Buffer overflow on .cmap and .hex files parsing.
Affected:BREAKPOINT : Hex Workshop 5.1
 BREAKPOINT : Hex Workshop 6.0
CVE:CVE-2008-5756 (Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.)
Original documentdocumentxhakerman2008_(at)_hotmail.com, Hex Workshop <= v6 (.hex) File Local Code (02.03.2009)

HTC Touch DoS
Published:02.03.2009
Source:
SecurityVulns ID:9705
Type:remote
Threat Level:
5/10
Description:vCard files are accepted and imported without user intervation .
Affected:HTC : HTC Touch
Original documentdocumentMobile Security Lab, HTC Touch vCard over IP Denial of Service PoC Code (02.03.2009)
Files:MSL-2008-002 PoC for HTC Touch

dkim-milter Domain Keys authentication filter DoS
Published:02.03.2009
Source:
SecurityVulns ID:9706
Type:remote
Threat Level:
5/10
Description:Crash on invalid DNS kay.
Affected:DKIMMILTER : dkim-milter 2.6
Original documentdocumentDEBIAN, [SECURITY] [DSA 1728-1] New dkim-milter packages fix denial of service (02.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod