Search:Vulnerability:03.07.2009 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Artofdefence Hyperguard Web Application Firewall DoS
Published: 03.07.2009
Source: BUGTRAQ
SecurityVulns ID: 10030
Type: remote
Level: 5/10
Description: Denial of service via memory exhaustion.

Affected: ARTOFDEFENCE : Hyperguard 3.1
ARTOFDEFENCE : Hyperguard 3.0
ARTOFDEFENCE : Hyperguard 2.5

Original document Kirchner Michael, Artofdefence Hyperguard Web Application Firewall: Remote Denial of Service (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)

phion airlock Web Application Firewall multiple security vulnerabilities
Published: 03.07.2009
Source: BUGTRAQ
SecurityVulns ID: 10031
Type: remote
Level: 6/10
Description: DoS, code execution.

Affected: PHION : airlock 10.41

Original document Kirchner Michael, phion airlock Web Application Firewall: Remote Denial of Service via Management Interface (unauthenticated) and Command Execution (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)

ModSecurity multiple security vulnerabilities
Published: 03.07.2009
Source: BUGTRAQ
SecurityVulns ID: 10033
Type: remote
Level: 5/10
Description: Few denial of service conditions.

CVE: CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.)
CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.)

Original document GENTOO, [ GLSA 200907-02 ] ModSecurity: Denial of Service (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 03.07.2009
Source:
SecurityVulns ID: 10034
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: FCKEDITOR : FCKeditor 2.6
JOOMLA : Joomla! 1.5
NAGIOS : Nagios 3.1
CVE: CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.)
CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.)

Original document Andrea Barisani, [oCERT-2009-007] FCKeditor input sanitization errors (03.07.2009)

linuxrootkit2008_(at)_gmail.com, eAccelerator encoder files backup Vulnerability (03.07.2009)

ISecAuditors Security Advisories, [ISecAuditors Security Advisories] Joomla! < 1.5.12 Multiple XSS vulnerabilities in HTTP Headers (03.07.2009)

document UBUNTU, [USN-795-1] Nagios vulnerability (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)

HP-UX nfs utilities DoS
Published: 03.07.2009
Source: BUGTRAQ
SecurityVulns ID: 10038
Type: local
Level: 5/10

CVE: CVE-2009-1421

Original document HP, [security bulletin] HPSBUX02440 SSRT090106 rev.1 - HP-UX Running NFS/ONCplus, Local Denial of Service (DoS) (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)

FreeBSD multiple security vulnerabilities
updated since 07.09.2008
Published: 03.07.2009
Source: BUGTRAQ
SecurityVulns ID: 9267
Type: remote
Level: 7/10
Description: mount / nmount syscall implementcation buffer overflow. amd64 CPU registers privilege escalation. DoS �� ICMPv6.

Affected: FREEBSD : FreeBSD 7.0
FREEBSD : FreeBSD 6.3
FREEBSD : FreeBSD 7.1
FREEBSD : FreeBSD 6.4
CVE: CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.)
CVE-2008-3531
CVE-2008-3530

Original document FREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:08.nmount (07.09.2008)

Files: Privilege escalation exploit for the FreeBSD-SA-08:08.nmount
Discuss: Read or add your comments to this news (0 comments)

Soulseek buffer overflow
Published: 03.07.2009
Source: BUGTRAQ
SecurityVulns ID: 10039
Type: remote
Level: 6/10
Description: Buffer overflow on file search functionality.

Affected: SOULSEEK : Soulseek 157

Original document laurent gaffie, [Full-disclosure] Soulseek 157 NS < 13e & 156.* Remote Direct Peer Search Code Execution (03.07.2009)

Files: Soulseek 157 NS < 13e & 156.* Remote Direct Peer Search Code Execution
Discuss: Read or add your comments to this news (0 comments)

Multiple Axesstel MV 410R wireless router security vulnerabilities
Published: 03.07.2009
Source: BUGTRAQ
SecurityVulns ID: 10032
Type: remote
Level: 5/10
Description: Crossite scripting, devica access from WAN, default account.

Affected: AXESSTEL : Axesstel MV 410R

Original document filip.palian_(at)_pjwstk.edu.pl, Multiple Flaws in Axesstel MV 410R (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)

Sourcefire 3D Sensor / Sourcefire Defense Center privilege escalation
Published: 03.07.2009
Source: BUGTRAQ
SecurityVulns ID: 10037
Type: local
Level: 5/10
Description: Web interface privilege escalation.

Affected: SOURCEFIRE : Sourcefire 3D Sensor 2500
SOURCEFIRE : Sourcefire Defense Center 1000

Original document c3rb3r_(at)_videotron.ca, Sourcefire 3D Sensor and DC, privilege escalation vulnerability (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)

perl DoS
updated since 03.07.2009
Published: 20.08.2009
Source: BUGTRAQ
SecurityVulns ID: 10035
Type: library
Level: 5/10
Description: Crash on processing zlib stream via Compress::Raw::Zlib and bzip2 stream in Compress-Raw-Bzip2.

Affected: PERL : perl 5.10
CVE: CVE-2009-1884
CVE-2009-1391

Original document MANDRIVA, [ MDVSA-2009:207 ] perl-Compress-Raw-Bzip2 (20.08.2009)

UBUNTU, [USN-794-1] Perl vulnerability (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)

CamlImages library integer overflows
updated since 03.07.2009
Published: 26.10.2009
Source: BUGTRAQ
SecurityVulns ID: 10036
Type: library
Level: 6/10
Description: Multiple overflows on PNG, TIFF, GIF, JPEG processing.

Affected: CAMLIMAGES : CamlImages 2.2
ADVI : advi 1.6
CVE: CVE-2009-3296
CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.)
CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.)

Original document DEBIAN, [SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution (26.10.2009)

Andrea Barisani, [oCERT-2009-009] CamlImages integer overflows (03.07.2009)

Discuss: Read or add your comments to this news (0 comments)