Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Flash Player multiple security vulnerabilities
updated since 20.12.2007
Published:03.01.2008
Source:
SecurityVulns ID:8479
Type:client
Threat Level:
8/10
Description:Heap buffer overflow on JPEG processing, universal crossite scripting, information leak.
Affected:ADOBE : Flash Player 7.0
 ADOBE : Flash Player 8.0
 ADOBE : Flash Player 9.0
CVE:CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.)
 CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors.")
Original documentdocumentrich cannings, XSS Vulnerabilities in Common Shockwave Flash Files (03.01.2008)
 documentSECURITEAM, [EXPL] Socket Connection Timing Can Reveal Information About Network Configuration (Exploit) (24.12.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-355A -- Adobe Updates for Multiple Vulnerabilities (21.12.2007)
 documentCollin Jackson, [Full-disclosure] CVE-2007-6244: Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability (20.12.2007)
 document3COM, [Full-disclosure] TPTI-07-21: Adobe Flash Player JPG Processing Heap Overflow Vulnerability (20.12.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.01.2008
Source:
SecurityVulns ID:8516
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. AwesomeTemplateEngine: crossite scripting.
Affected:PHPBB : phpBB2 2.0
Original documentdocumentvivek_infosec_(at)_yahoo.com, xss in w3-msql error page (03.01.2008)
 documentbugtraq_(at)_opencosmo.com, phpBB2 2.0.22 Cross Site Scripting Vulnerability (03.01.2008)
 documentMustLive, Cross-Site Scripting vulnerabilities in AwesomeTemplateEngine (03.01.2008)

Georgia SoftWorks SSH server multiple security vulnerabilities
Published:03.01.2008
Source:
SecurityVulns ID:8517
Type:remote
Threat Level:
6/10
Description:Format string vulnerabilities and buffer overflows.
Affected:GEORGIASOFTWORKS : Georgia SoftWorks Secure Shell Server 7.01
Original documentdocumentLuigi Auriemma, Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 (03.01.2008)
Files:Exploits Georgia SoftWorks SSH2 Server <= 7.01.0003 multiple vulnerabilities

White_Dune VRML editor multiple security vulnerabilities
Published:03.01.2008
Source:
SecurityVulns ID:8518
Type:local
Threat Level:
5/10
Description:Buffer overflow and format string vulnerability on WRL files parsing.
Affected:WHITEDUNE : White_Dune 0.29
Original documentdocumentLuigi Auriemma, Buffer-overflow and format string in White_Dune 0.29beta791 (03.01.2008)

Asterisk SIP Also transfer DoS
Published:03.01.2008
Source:
SecurityVulns ID:8519
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on BYE message parsing.
Affected:DIGIUM : Asterisk 1.4
Original documentdocumentASTERISK, AST-2008-001: Crash from transfer using BYE with Also header (03.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod