Computer Security
[EN] securityvulns.ru no-pyccku


wget certificate spoofing
Published:07.10.2009
Source:
SecurityVulns ID:10295
Type:client
Threat Level:
5/10
Description:It's possible to spoof ceritificate by using NULL character in the Common Name.
Affected:GNU : wget 1.11
CVE:CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Original documentdocumentUBUNTU, [USN-842-1] Wget vulnerability (07.10.2009)

Bulletproof FTP client buffer overflow
Published:07.10.2009
Source:
SecurityVulns ID:10297
Type:local
Threat Level:
4/10
Description:Buffer overflow on .bps files parsing.
Affected:BULLETPROOF : BulletProof FTP Client 2.63
Original documentdocumentrafa.de.sousa_(at)_hotmail.com, BulletProof FTP Client Buffer Overflow (SEH) (07.10.2009)
Files:BulletProof FTP Client Buffer Overflow (SEH) exploit

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:07.10.2009
Source:
SecurityVulns ID:10298
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JETTY : Jetty 6.1
 AIOCP : Aiocp 1.4
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application (07.10.2009)
 documenthadikiamarsi_(at)_hotmail.com, Remote File Inclusion In AIOCP (07.10.2009)

Dopewars game server DoS
Published:07.10.2009
Source:
SecurityVulns ID:10299
Type:remote
Threat Level:
5/10
Description:Crash on parsing TCP/7902 data.
Affected:DOPEWARS : Dopewars 1.5
Original documentdocumentdougtko_(at)_gmail.com, Dopewars 1.5.12 Server Denial of Service (07.10.2009)

XLPD LPD server DoS
Published:07.10.2009
Source:
SecurityVulns ID:10300
Type:remote
Threat Level:
5/10
Description:Crash on invalid LPR request.
Affected:XLPD : XLPD 3.0
Original documentdocumentProtek Research Lab, {PRL} XLPD 3.0 Remote DoS (07.10.2009)

HP printers crossite scripting
updated since 07.10.2009
Published:09.10.2009
Source:
SecurityVulns ID:10296
Type:remote
Threat Level:
4/10
Description:Crossite scripting in Jetdirect web interface for LaserJet and Color LaserJet printers.
CVE:CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.)
Original documentdocumentDSecRG, [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities (09.10.2009)
 documentHP, [security bulletin] HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS) (07.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod