Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.10.2009
Source:
SecurityVulns ID:10292
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPENX : OpenX 2.6
 OPENX : OpenX 2.8
 HYPERIC : Hyperic HQ 3.2
 SPRINGSOURCE : Hyperic HQ 4.0
 SPRINGSOURCE : Hyperic HQ 4.1
 PBBOARD : PBBoard 2.0
CVE:CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.)
 CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information.)
Original documentdocumentadmin_(at)_sec-area.com, [Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic (06.10.2009)
 documentadmin_(at)_sec-area.com, [Advisory]PBBoard <=2.0.2 Full Path Disclosure (06.10.2009)
 documentpalmprehacker_(at)_gmail.com, Palm Pre WebOS <=1.1 Remote File Access Vulnerability (06.10.2009)
 documentMustLive, New vulnerabilities in OpenX (06.10.2009)
 documentSpringSource Security Team, CVE-2009-2898: Hyperic HQ - Stored XSS in alerts list (06.10.2009)
 documentSpringSource Security Team, CVE-2009-2897: Hyperic HQ - Reflected XSS in stack trace (06.10.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0812-Hyperic HQ Multiple XSS (06.10.2009)

Google Android multiple security vulnerabilities
Published:06.10.2009
Source:
SecurityVulns ID:10293
Type:remote
Threat Level:
5/10
Description:DoS via SMS, DoS via Dalvik API.
Affected:ANDROID : Android 1.5
CVE:CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656.)
Original documentdocumentAndrea Barisani, [oCERT-2009-014] Android denial-of-service issues (06.10.2009)

AlleyCode HTML editor buffer overflow
Published:06.10.2009
Source:
SecurityVulns ID:10294
Type:local
Threat Level:
4/10
Description:Buffer overflow on oversized TITLE.
Affected:ALLEYCODE : AlleyCode 2.21
Original documentdocumentrafa.de.sousa_(at)_hotmail.com, AlleyCode SEH overflow POC‏‏ (06.10.2009)

Palm Pre unauthorized access
updated since 09.08.2009
Published:06.10.2009
Source:
SecurityVulns ID:10133
Type:remote
Threat Level:
6/10
Description:Multiple HTML injection conditions, including e-mail.
Affected:PALM : WebOS 1.0
 PALM : WebOS 1.1
Original documentdocumentpalmprehacker_(at)_gmail.com, Palm Pre WebOS <=1.1 Remote File Access Vulnerability (06.10.2009)
 documentpalmprehacker_(at)_gmail.com, Palm Pre WebOS 1.0.4 Remote execution of arbitrary HTML code vulnerability (09.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod