Computer Security
[EN] securityvulns.ru
no-pyccku

  

UltraVNC / TightVnc multiple integer overflows
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9647
Type:remote
Level:7/10
Affected:ULTRAVNC : UltraVNC 1.0
 TIGHTVNC : TightVnc 1.3
CVE:CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-1009 - VNC Multiple Integer Overflows (05.02.2009)

Nokia Multimedia Player buffer overflow
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9650
Type:local
Level:5/10
Description:Heap buffer overflow on .pls parsing.
Affected:NOKIA : Nokia Multimedia Player 1.1
Original documentdocument0in.email_(at)_gmail.com, Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit (05.02.2009)
Files:Nokia Multimedia Player version 1.1 .m3u Heap Overflow PoC exploit

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9653
Type:client
Level:8/10
Description:Memory corruption, crossite scripting, local files access, HTTP-only cookie leakage, caching for no-cache files.
CVE:CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.)
 CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.)
 CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582.)
 CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.)
 CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.)
 CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.)
 CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2009-06 (05.02.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-05 (05.02.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-04 (05.02.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-03 (05.02.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-02 (05.02.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-01 (05.02.2009)

FeedDemon buffer overflow
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9655
Type:remote
Level:5/10
Description:Buffer overflow on OPML files parsing.
Affected:FEEDDEMON : FeedDemon 2.7
Original documentdocumentSecurity Vulnerability Research Team, [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability (05.02.2009)

AREVA T&D e-terrahabitat multiple security vulnerabilities
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9656
Type:remote
Level:6/10
Affected:AREVATD : e-terrahabitat 5.5
 AREVATD : e-terrahabitat 5.6
 AREVATD : e-terrahabitat 5.7
CVE:CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022.)
 CVE-2009-0213 (Unspecified vulnerability in the NETIO application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32021.)
 CVE-2009-0212 (Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32020.)
 CVE-2009-0211 (Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to cause a denial of service (system crash) via unknown vectors, aka PD32018.)
Original documentdocumentEyal Udassin, C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities (05.02.2009)

Mozilla / Firefox / Firebird / Netscape array overflow
updated since 31.05.2006
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:6204
Type:client
Level:7/10
Description:Array ovrflow on high marquee tag recursion level.
Affected:MOZILLA : Mozilla 1.7
 MOZILLA : Firefox 1.0
 NETSCAPE : Netscape 8.1
 MOZILLA : Firefox 1.5
 NOKIA : Nokia N95
 MOZILLA : Firefox 3.06
Original documentdocumentThierry Zoller, Re: Nokia N95-8 browser denial of service (05.02.2009)
 documentjplopezy_(at)_gmail.com, Nokia N95-8 browser denial of service (05.02.2009)
 documentco296_(at)_aol.com, Fire fox dos exploit (31.05.2006)

NaviCopa HTTP Server buffer overflow
updated since 28.03.2007
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:7481
Type:remote
Level:6/10
Description:Stack buffer overflow (stack overrun) on oversized request to cgi-bin directory. Script content leak with "." added to path.
Affected:INTERVATIONS : NaviCopa 2.01
 INTERVATIONS : NaviCopa 3.01
CVE:CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.)
Original documentdocumentew1zz_(at)_hotmail.com, NaviCopa webserver 3.01 Multiple Vulnerabilities (05.02.2009)
 documentskillTube.com, Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01 (28.03.2007)
Files:Exploits Buffer Overflow in NaviCopa HTTP server 2.01 (cgi-bin)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.02.2009
Source:
SecurityVulns ID:9649
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPSLASH : phpslash 0.8
 BUGZILLA : Bugzilla 3.0
 MOZILLA : Bugzilla 3.2
 BUGZILLA : Bugzilla 3.3
 SIMPLEMACHINES : Simple Machines Forum 1.17
 RGBOARD : rgboard 4
 METABBS : Metabbs 0.11
Original documentdocumentblabla-34, flatnux Flatnux-2009-01-27 Remote File Include (05.02.2009)
 documentmake0day_(at)_gmail.com, metabbs 0.11 Change admin password vulnerability (05.02.2009)
 documentgmdarkfig_(at)_gmail.com, phpslash <= 0.8.1.1 Remote Code Execution Exploit (05.02.2009)
 documentmake0day_(at)_gmail.com, rgboard v4 (07.07.27) Multiple Vulnerability (05.02.2009)
 documentEduardo Vela, SMF 1.1.7 Persistent XSS (requires permision to edit censor) (05.02.2009)
 documentBUGZILLA, Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2 (05.02.2009)
Files:phpslash <= 0.8.1.1 Remote Code Execution Exploit
 Exploits metabbs 0.11 Change admin password vulnerability

QiP DoS
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9654
Type:remote
Level:6/10
Description:Crash on RTF message parsing.
Affected:qip : QIP 2005
Original documentdocumentShineShadow, QIP 2005 Denial of Service Vulnerability (05.02.2009)

HP-UX IPv6 multiple security vulnerabilities
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9646
Type:remote
Level:7/10
Description:Unauthorized access, Denial of Service.
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
CVE:CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.)
 CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).)
Original documentdocumentHP, [security bulletin] HPSBUX02407 SSRT080107 rev.1 - HP-UX Running IPv6, Remote Denial of Service (DoS) and Unauthorized Access (05.02.2009)

Cisco IOS crossite scripting
updated since 16.01.2009
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9592
Type:remote
Level:5/10
Description:Crossite scripting in different scripts.
Affected:CISCO : Cisco IOS 12.0
 CISCO : Cisco IOS 12.1
 CISCO : Cisco IOS 12.2
 CISCO : Cisco IOS 12.3
 CISCO : Cisco IOS 12.4
CVE:CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.)
Original documentdocumentazask2_(at)_gmail.com, Cisco IOS XSS/CSRF Vulnerability (05.02.2009)
 documentCISCO, Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities (16.01.2009)
 documentProCheckUp Research, PR08-19: XSS on Cisco IOS HTTP Server (16.01.2009)
Files:Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities

Novell Netware GWIA buffer overflow
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9645
Type:remote
Level:7/10
Description:Off-by-one on oversized SMTP RCPT TO: command.
Original documentdocumentZDI, ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability (05.02.2009)

LCPlayer buffer overflow
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9652
Type:local
Level:4/10
Description:Buffer overflow on .qt files parsing.
Original documentdocumentdarkb0x97_(at)_googlemail.com, LCPlayer (.qt file) EOP change PoC (app crash) (05.02.2009)
Files:LCPlayer (.qt file) EOP change PoC (app crash)

Cisco Wireless LAN Controller multiple security vulnerabilities
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9648
Type:remote
Level:6/10
Description:Multiple DoS conditions, privilege escalation.
Affected:CISCO : Catalyst 6500
 CISCO : Cisco 4400
 CISCO : Cisco 4100
 CISCO : Catalyst 7600
 CISCO : Catalyst 3750
CVE:CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.)
 CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets.)
 CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.2.x before 5.2.157.0 allow remote attackers to cause a denial of service (device reload) via a web authentication (aka WebAuth) session that includes a malformed POST request to login.html.)
 CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers (05.02.2009)

Euphonics Audio Player buffer overflow
Published:05.02.2009
Source:BUGTRAQ
SecurityVulns ID:9651
Type:local
Level:4/10
Description:Buffer overflow on .pls files parsing.
Original documentdocumentdarkb0x97_(at)_googlemail.com, Euphonics Audio Player v1.0 (.pls) Local BOF POC (05.02.2009)
Files:Euphonics Audio Player v1.0 (.pls) Local BOF POC

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru