Computer Security
[EN] securityvulns.ru no-pyccku


Autodesk DWF Viewer ActiveX multiple security vulnerabilities
Published:02.10.2008
Source:
SecurityVulns ID:9325
Type:client
Threat Level:
6/10
Description:Insecure methods allow to save and execute files.
Affected:AUTODESK : Revit Architecture 2009
 AUTODESK : Autodesk Design Review 2009
Original documentdocumentipsdix_(at)_gmail.com, Autodesk DWF Viewer Control / LiveUpdate Module remote code execution exploit (02.10.2008)

Asterisk multiple DoS conditions
Published:02.10.2008
Source:
SecurityVulns ID:9326
Type:remote
Threat Level:
5/10
Description:Application crashes on malformed IAX requests flood.
Original documentdocumentBlake Cornell, Additional Asterisk Resource Exhaustion DoS Vulnerabilities (02.10.2008)
Files:Exploits Asterisk 1.4,1.6 et. al. Resource Exhaustion
 Exploits Asterisk 1.4,1.6 et. al. Resource Exhaustion (2)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.10.2008
Source:
SecurityVulns ID:9324
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MONO : mono 1.2
 PHPMYID : phpMyID 0.9
 RPORTAL : RPortal 1.1
 EFRONT : eFront 3.5
 MOZILO : moziloWiki 1.0
 PRINTLOG : Printlog 0.4
CVE:CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.)
Original documentdocumentRPATH, rPSA-2008-0286-1 mono (02.10.2008)
 documentPepelux, Printlog <= 0.4: Remote File Edition Vulnerability (02.10.2008)
 documentAesthetico, [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues (02.10.2008)
 documentPepelux, Remote File Inclusion Vulnerability (02.10.2008)
 documentkadfrox_(at)_gmail.com, Remote and Local File Inclusion Vulnerability <= 1.1 Rportal (02.10.2008)
 documentRaphael Geissert, phpMyID can act as a redirector and as headers injector (02.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod