 |
|
|
|
| freebsd-update weak permissions | | Published: |  | 04.12.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10442 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Read permission is always set for updated files. |
PHP multiple security vulnerabilities
updated since 24.11.2009 | | Published: | | 04.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10417 | | Type: | | local | | Level: | | 5/10 | | Description: | | safe_mode bypass via different functions. |
| Affected: |  | PHP : PHP 5.3 | | CVE: |  | CVE-2009-3559 (** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.) | | | | CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.) | | | | CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.) |
| DAZ Studio code execution | | Published: | | 04.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10439 | | Type: | | local | | Level: | | 3/10 | | Description: | | Code execution via .ds, .dsa, .dse, .dsb. |
| Affected: | | DAZ3D : DAZ Studio 3.0 | | | | DAZ3D : DAZ Studio 2.3 | | CVE: | | CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability.") |
| QEMU virtual machines DoS | | Published: | | 04.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10440 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Invalid configuration of virtio network. |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 04.12.2009 | | Source: | | | | SecurityVulns ID: | | 10443 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| DevIL library buffer overflow | | Published: | | 04.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10444 | | Type: | | library | | Level: | | 5/10 | | Description: | | Buffer overflow in GetUID() function on DICOM image format parsing. |
FreeBSD privilege escalation
updated since 01.12.2009 | | Published: | | 04.12.2009 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 10429 | | Type: | | local | | Level: | | 7/10 | | Description: | | It's possible to bypass environment variables filtering on suid program execution. |
| Affected: | | FREEBSD : FreeBSD 7.1 | | | | FREEBSD : FreeBSD 7.2 | | | | FREEBSD : FreeBSD 8.0 | | CVE: | | CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146.) | | | | CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.) |
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
updated since 04.12.2009 | | Published: | | 09.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10441 | | Type: | | local | | Level: | | 5/10 | | Description: | | Application executes all executables with predefined names found in system. |
Adobe Illustrator buffer overflow
updated since 04.12.2009 | | Published: | | 08.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10445 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on .EPS files parsing. |
|
|
|
|
|
|
|
|
