Computer Security
[EN] securityvulns.ru no-pyccku


Roxio Creator integer overflow
Published:02.12.2009
Source:
SecurityVulns ID:10435
Type:client
Threat Level:
4/10
Description:Integer overflow via image dimensions.
Affected:ROXIO : Roxio Easy Media Creator 9.0
 ROXIO : Roxio Creator 2010
CVE:CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creator 2010 before SP1, might allow remote attackers to execute arbitrary code via an image with crafted dimensions.)
Original documentdocumentSECUNIA, Secunia Research: Roxio Creator Image Rendering Integer Overflow Vulnerability (02.12.2009)

Lateral Arts Photobox ActiveX buffer overflows
Published:02.12.2009
Source:
SecurityVulns ID:10437
Type:client
Threat Level:
5/10
Description:Buffer overflows in different object's properties.
Affected:LATERALARTS : Photobox 2.2
Original documentdocumentSECUNIA, Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow (02.12.2009)

Crossite scripting in multiple SSL VPN applications
Published:02.12.2009
Source:
SecurityVulns ID:10436
Type:remote
Threat Level:
6/10
CVE:CVE-2009-2631 (Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design)
Original documentdocumentCERT, Vulnerability Note VU#261869 (02.12.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.12.2009
Source:
SecurityVulns ID:10438
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SMF : Simple Machines Forum 1.1
 SIMPLEMACHINES : Simple Machines Forum 2.0
Original documentdocumentsmf2.review_(at)_gmail.com, 40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit) (02.12.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod