Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.01.2009
Source:
SecurityVulns ID:9556
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting
Affected:POLLPRO : PollPro 3.0
Original documentdocumentEhsan_Hp200_(at)_hotmail.com, SolucionWeb (main.php?id_area) Remote SQL injection Vulnerability (05.01.2009)
 documentb4DchiLd_(at)_msn.Com, PollPro 3.0 XSRF VuLn. (05.01.2009)
 documentMustLive, Cross-Site Scripting vulnerability in PHPSlideshow (05.01.2009)

Destiny Media Player buffer overflow
Published:05.01.2009
Source:
SecurityVulns ID:9557
Type:client
Threat Level:
5/10
Description:Buffer overflow on .lst files parsing.
Affected:Destiny : Destiny Media Player 1.61
Original documentdocumentcrimson.loyd_(at)_gmail.com, Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit (05.01.2009)
Files:Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit

Walusoft TFTPServer2000 directory traversal
Published:05.01.2009
Source:
SecurityVulns ID:9558
Type:remote
Threat Level:
5/10
Description:Directory traversal in GET command.
Affected:WALUSOFT : TFTPServer2000 3.6
Original documentdocumentvuln_research_(at)_princeofnigeria.org, Walusoft TFTPServer2000 Version 3.6.1 Directory Traversal (05.01.2009)

Multiple FTP clients FTP bounce attack
updated since 05.03.2007
Published:05.01.2009
Source:
SecurityVulns ID:7348
Type:client
Threat Level:
5/10
Description:Passive FTP implementation in multiple client allows to use FTP bounce attack for port scanning.
Affected:KDE : KDE 3.5
 MOZILLA : Firefox 1.5
 MOZILLA : Firefox 2.0
 OPERA : Opera 9.10
 DEV0 : 0irc 1.3
 GOOGLE : Chrome 1.0
CVE:CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.)
 CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.)
 CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.)
 CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.)
 CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.)
Original documentdocumentAditya K Sood, Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability. (05.01.2009)
 documentmark, [Full-disclosure] Konqueror DoS Via JavaScript Read Of FTP Iframe (05.03.2007)
 documentmark, [Full-disclosure] Extending JavaScript Portscanning to Include Banner Grabbing (05.03.2007)
Files:Manipulating FTP Clients Using The PASV Command PoC
 Demo of how to make Konqueror 3.5.5 crash
 Manipulating FTP Clients Using The PASV Command

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod