Computer Security
[EN] securityvulns.ru no-pyccku


Pidgin instant messenger DoS
Published:07.07.2009
Source:
SecurityVulns ID:10047
Type:remote
Threat Level:
5/10
Description:Memory exhaustion on OSCAR (ICQ) ICQWebMessage message processing.
Affected:PIDGIN : Pidgin 2.5
CVE:CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.)
Original documentdocumentUBUNTU, [USN-796-1] Pidgin vulnerability (07.07.2009)

TekRADIUS privilege escalation
Published:07.07.2009
Source:
SecurityVulns ID:10049
Type:local
Threat Level:
5/10
Original documentdocumentTim Brown, Medium security hole in TekRADIUS (07.07.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 07.07.2009
Published:07.07.2009
Source:
SecurityVulns ID:10050
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:NULLLOGIC : NullLogic Groupware 1.3
 NULLLOGIC : NullLogic Groupware 1.2
Original documentdocumentTim Brown, High security hole in NullLogic Groupware (07.07.2009)

Photo DVD Maker buffer overflow
Published:07.07.2009
Source:
SecurityVulns ID:10051
Type:local
Threat Level:
3/10
Description:Buffer overflow on .PDM files parsing.
Original documentdocumentSecurity Vulnerability Research Team, [Bkis-10-2009] Photo DVD Maker Professional Buffer Overflow Vulnerability (07.07.2009)

Avax Vector ActiveX buffer overflow
Published:07.07.2009
Source:
SecurityVulns ID:10052
Type:client
Threat Level:
5/10
Description:Heap buffer overflow via PrinterName property.
Affected:AVAXSOFTWARE : Avax Vector ActiveX 1.3
Original documentdocumentSatan_HackerS_(at)_Yahoo.com, Avax Vector ActiveX 1.3 (avPreview.ocx) Denial of Service Exploit (07.07.2009)

libtiff multiple security vulnerabilities
updated since 07.07.2009
Published:14.07.2009
Source:
SecurityVulns ID:10048
Type:library
Threat Level:
6/10
Description:Crash on LZWDecodeCompat. Potantial integer overflows in tiff2rgba and rgb2ycbcr.
Affected:LIBTIFF : libtiff 3.8
CVE:CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.)
 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.)
Original documentdocumentAndrea Barisani, [oCERT-2009-012] libtiff tools integer overflows (14.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod