Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD IPv6 Neighbor Discovery Protocol security vulnerability
Published:03.10.2008
Source:
SecurityVulns ID:9327
Type:remote
Threat Level:
5/10
Description:A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowing it to update router information for the victim node.
CVE:CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:10.nd6 (03.10.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.10.2008
Source:
SecurityVulns ID:9329
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DREAMCOST : HostAdmin 3.1
 PHPMYID : phpMyID 0.9
Original documentdocumentAdmin_(at)_irist.ir, HostAdmin Cross-Site Scripting Vulnerabilities (03.10.2008)
 documentRaphael Geissert, XSS vulnerability in phpMyID (03.10.2008)

Multiple OpenSSH security vulnerabilities
updated since 28.09.2006
Published:03.10.2008
Source:
SecurityVulns ID:6657
Type:remote
Threat Level:
6/10
Description:Multiple different DoS conditions.
Affected:OPENSSH : OpenSSH 4.3
 OPENSSH : OpenSSH 4.6
CVE:CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.)
 CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.)
Original documentdocumentUBUNTU, [USN-649-1] OpenSSH vulnerabilities (03.10.2008)
 documentDEBIAN, [SECURITY] [DSA 1638-1] New openssh packages fix denial of service (20.09.2008)
 documentOPENSSH, OpenSSH 4.4 is available (28.09.2006)
Files:OpenSSH CRC compensation attack detection DoS PoC

Adobe Flash Player Plugin DoS
Published:03.10.2008
Source:
SecurityVulns ID:9328
Type:client
Threat Level:
4/10
Description:NULL pointer dereferencecauses browser to crash.
Affected:ADOBE : Flash Player 9.0
 ADOBE : Flash Player 10.0
Original documentdocumentMatthew Dempsky, Adobe Flash Player plug-in null pointer dereference and browser crash (03.10.2008)

Juniper Netscreen Firewall ScreenOS crossite scripting
Published:03.10.2008
Source:
SecurityVulns ID:9331
Type:remote
Threat Level:
5/10
Description:Persistant crossite scripting with username stored in logs.
Affected:JUNIPER : ScreenOS 5.4
Original documentdocumentDeral Heiland, Layered Defense Research Advisory: Juniper Netscreen Firewall Cross-Site-Scripting (XSS) event log injection (03.10.2008)

Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS
updated since 03.10.2008
Published:14.11.2008
Source:
SecurityVulns ID:9330
Type:remote
Threat Level:
4/10
Description:window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Mozilla 1.7
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MOZILLA : Firefox 3.0
 GOOGLE : Chrome 0.2
 OPERA : Opera 9.52
 GOOGLE : Chrome 0.3
Original documentdocumentMustLive, DoS vulnerabilities in Internet Explorer and Google Chrome (14.11.2008)
 documentMustLive, DoS vulnerability in Mozilla Firefox (06.10.2008)
 documentMustLive, DoS vulnerability in Internet Explorer (06.10.2008)
 documentMustLive, DoS vulnerability in Opera (06.10.2008)
 documentMustLive, DoS vulnerability in Mozilla, Internet Explorer, Google Chrome and Opera (03.10.2008)
Files:close.html

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod