 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 04.03.2009 | | Source: |  | | | SecurityVulns ID: |  | 9707 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| libsndfile / WinAmp integer overflow | | Published: | | 04.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9708 | | Type: | | library | | Level: | | 5/10 | | Description: | | Integer overflow on .CAF format parsing. |
| curl protection bypass | | Published: | | 04.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9710 | | Type: | | client | | Level: | | 4/10 | | Description: | | Access restrictons can be bypassed with redirections. |
| Affected: |  | CURL : curl 7.15 | | | | CURL : libcurl 7.15 | | CVE: |  | CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.) |
Gnome network-manager-applet unauthorized access
updated since 04.03.2009 | | Published: | | 17.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9709 | | Type: | | m-i-t-m | | Level: | | 5/10 | | Description: | | Unauthorized access to network connections through dbus, WPA certificate spoofing. |
| Affected: | | GNOME : network-manager-applet 0.6 | | CVE: | | CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.) | | | | CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.) | | | | CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors.) | | | | CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors.) | | | | CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2) NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not properly verify privileges, which allows local users to discover (a) network connection passwords and (b) pre-shared keys via unspecified queries.) | | | | CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2) NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not properly verify privileges, which allows local users to discover (a) network connection passwords and (b) pre-shared keys via unspecified queries.) |
|
|
|
|
|
|
|
|
