Computer Security
[EN] securityvulns.ru no-pyccku


libxslt memory corruption
Published:04.06.2008
Source:
SecurityVulns ID:9046
Type:library
Threat Level:
6/10
Description:XSL file parsing memory corruption.
Affected:LIBXSLT : libxslt 1.1
CVE:CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.)
Original documentdocumentGENTOO, [ GLSA 200806-02 ] libxslt: Execution of arbitrary code (04.06.2008)

C6 Messenger Installation Url Downloader ActiveX code execution
Published:04.06.2008
Source:
SecurityVulns ID:9047
Type:client
Threat Level:
6/10
Description:It's possible to download and execute file. Vulnerability is used in-the-wild for hidden trojan code installation.
Original documentdocumentipsdix_(at)_gmail.com, [NSG 03-06-2008] C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit (04.06.2008)

Linux kernel multiple security vulnerabilities
Published:04.06.2008
Source:
SecurityVulns ID:9048
Type:local
Threat Level:
5/10
Description:fcntl() race conditions, tehuti driver privilege escalation.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.)
 CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table.")
 CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.)
Original documentdocumentUBUNTU, [USN-614-1] Linux kernel vulnerabilities (04.06.2008)

libvorbis multiple security vulnerabilities
updated since 04.06.2008
Published:25.08.2009
Source:
SecurityVulns ID:9045
Type:library
Threat Level:
6/10
Description:Multiple integer overflows and denial of service.
Affected:LIBVORBIS : libvorbis 1.1
CVE:CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.)
 CVE-2008-1423
 CVE-2008-1420
 CVE-2008-1419
Original documentdocumentUBUNTU, [USN-825-1] libvorbis vulnerability (25.08.2009)
 documentDEBIAN, [SECURITY] [DSA 1591-1] New libvorbis packages fix several vulnerabilities (04.06.2008)

Apache Tomcat crossite scripting
updated since 04.06.2008
Published:25.02.2010
Source:
SecurityVulns ID:9044
Type:remote
Threat Level:
5/10
Description:host-manager username crossite scripting.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 CA : CA Service Desk 12.1
CVE:CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.)
Original documentdocumentCA, CA20100222-01: Security Notice for CA Service Desk (25.02.2010)
 documentAPACHE, [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability (04.06.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod