 |
|
|
|
| FreeBSD IPv6 Neighbor Discovery Protocol security vulnerability | | Published: |  | 03.10.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9327 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | A malicious IPv6 node sharing a common router but on a different physical segment from another node may be able to spoof Neighbor Discovery messages, allowing it to update router information for the victim node. |
| CVE: |  | CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 03.10.2008 | | Source: | | | | SecurityVulns ID: | | 9329 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
Multiple OpenSSH security vulnerabilities
updated since 28.09.2006 | | Published: | | 03.10.2008 | | Source: | | OPENSSH | | SecurityVulns ID: | | 6657 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple different DoS conditions. |
| Affected: |  | OPENSSH : OpenSSH 4.3 | | | | OPENSSH : OpenSSH 4.6 | | CVE: | | CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.) | | | | CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.) |
| Adobe Flash Player Plugin DoS | | Published: | | 03.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9328 | | Type: | | client | | Level: | | 4/10 | | Description: | | NULL pointer dereferencecauses browser to crash. |
| Juniper Netscreen Firewall ScreenOS crossite scripting | | Published: | | 03.10.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9331 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Persistant crossite scripting with username stored in logs. |
Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS
updated since 03.10.2008 | | Published: | | 14.11.2008 | | Source: | | MustLive | | SecurityVulns ID: | | 9330 | | Type: | | remote | | Level: | | 4/10 | | Description: | | window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript. |
|
|
|
|
|
|
|
|
