Computer Security
[EN] securityvulns.ru no-pyccku


PHP multiple security vulnerabilities
Published:08.01.2010
Source:
SecurityVulns ID:10505
Type:remote
Threat Level:
7/10
Description:safe_mode bypass, open_basedir bypass, memory corruption.
Affected:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.)
 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.)
 CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.)
 CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.)
Original documentdocumentPHP, PHP 5.2.12 Release Announcement (08.01.2010)

Microsoft Windows Live Messenger DoS
Published:08.01.2010
Source:
SecurityVulns ID:10506
Type:remote
Threat Level:
5/10
Description:Crash on ActiveX ViewProfile method.
Affected:MICROSOFT : Windows Live Messenger 2009
Original documentdocumentadvisory_(at)_hackattack.com, [HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability (08.01.2010)

Transmission bittorent client directory traversal
Published:08.01.2010
Source:
SecurityVulns ID:10507
Type:client
Threat Level:
5/10
Description:Directory traversal via .torrent files.
Affected:TRANSMISSION : transmission 1.77
CVE:CVE-2010-0012 (Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1967-1] New transmission packages fix directory traversal (08.01.2010)

Novell iManager eDirectory plugin buffer overflow
Published:08.01.2010
Source:
SecurityVulns ID:10508
Type:client
Threat Level:
5/10
Description:Buffer overflow on schema parsing.
Affected:NOVELL : iManager 2.7
CVE:CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema.)
Original documentdocumentZDI, ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability (08.01.2010)

BSD-based systems (FreeBSD, NetBSD, OpenBSD) index array overflow
updated since 27.06.2009
Published:08.01.2010
Source:
SecurityVulns ID:10021
Type:library
Threat Level:
8/10
Description:Index array overflow in libc gdtoa() function (used by printf()).
Affected:MOZILLA : SeaMonkey 1.1
 APPLE : MacOS X 10.5
 FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 7.2
 NETBSD : OpenBSD 4.5
 NETBSD : NetBSD 5.0
 MOZILLA : Firefox 3.5
 KDE : KDE 4.3
 OPERA : Opera 10.01
 KMELEON : K-Meleon 1.5
 FLOCK : Flock 2.5
 CAMINO : Camino 1.6
 APPLE : MacOS X 10.6
CVE:CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.)
Original documentdocumentMaksymilian Arciemowicz, MacOS X 10.5/10.6 libc/strtod(3) buffer overflow (08.01.2010)
 documentMaksymilian Arciemowicz, Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) (15.12.2009)
 documentMaksymilian Arciemowicz, Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) (15.12.2009)
 documentMaksymilian Arciemowicz, K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) (20.11.2009)
 documentMaksymilian Arciemowicz, KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) (20.11.2009)
 documentMaksymilian Arciemowicz, Opera 10.01 Remote Array Overrun (Arbitrary code execution) (20.11.2009)
 documentMaksymilian Arciemowicz, SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) (20.11.2009)
 documentMaksymilian Arciemowicz, Firefox 3.5.3 Remote Array Overrun (UPDATE) (20.11.2009)
 documentMaksymilian Arciemowicz, [Full-disclosure] SecurityReason: Multiple Vendors libc/gdtoa printf(3) Array Overrun (27.06.2009)

Adobe Illustrator buffer overflow
updated since 04.12.2009
Published:08.01.2010
Source:
SecurityVulns ID:10445
Type:remote
Threat Level:
5/10
Description:Buffer overflow on .EPS files parsing.
Affected:ADOBE : Illustrator CS4
Original documentdocumentSECUNIA, Secunia Research: Adobe Illustrator Encapsulated Postscript Parsing Vulnerability (08.01.2010)
 documentrgod, Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) Overlong DSC Comment Buffer Overflow Exploit (04.12.2009)
Files:Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod