Computer Security
[EN] securityvulns.ru no-pyccku


Cisco 7600 Series Router Session Border Controller module DoS
Published:09.03.2009
Source:
SecurityVulns ID:9714
Type:remote
Threat Level:
5/10
Description:DoS with crafted TCP/2000 data.
Affected:CISCO : Cisco 7600
CVE:CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets to TCP port 2000.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability (09.03.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.03.2009
Source:
SecurityVulns ID:9715
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting.
Affected:PHPSLIDESHOW : PHPSlideshow 0.9
 CELERBB : CelerBB 0.0
 WILICMS : Wili-CMS 0.4
 UMICMS : UMI.CMS 2.7
 TINX : TinX CMS 3.5
 NFORUM : nForum 1.5
 PHPCOMMUNITY : phpCommunity 2.1
 ZNC : ZNC 0.066
 VBOOK : vBook 4.2
Original documentdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability (09.03.2009)
 documentddivulnalert_(at)_ddifrontline.com, DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability (09.03.2009)
 documentGENTOO, [ GLSA 200903-02 ] ZNC: Privilege escalation (09.03.2009)
 documentSalvatore "drosophila" Fresta, phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS) (09.03.2009)
 documentSalvatore "drosophila" Fresta, nForum 1.5 Multiple SQL Injection (09.03.2009)
 documentaanisimov_(at)_ptsecurity.com, [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability (09.03.2009)
 documentaanisimov_(at)_ptsecurity.com, [Positive Technologies SA:2009-12] UMI.CMS Cross-Site Scripting vulnerability (09.03.2009)
 documentSalvatore "drosophila" Fresta, Wili-CMS 0.4.0 Multiple Vulnerabilities (Remote/Local File Inclusion - Authentication Bypass) (09.03.2009)
 documentSalvatore "drosophila" Fresta, CelerBB 0.0.2 Multiple Vulnerabilities (09.03.2009)
 documentMustLive, New Cross-Site Scripting vulnerability in PHPSlideshow (09.03.2009)

FoxIT Reader multiple security vulnerabilities
Published:09.03.2009
Source:
SecurityVulns ID:9716
Type:client
Threat Level:
5/10
Description:Uninitialized pointer dereference on PDF JBIG2 dictionary parsing, code execution, buffer overflow.
Affected:FOXIT : Foxit Reader 3.0
CVE:CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.)
Original documentdocumentSECUNIA, Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability (09.03.2009)

Apache Tomcat crossite scripting
Published:09.03.2009
Source:
SecurityVulns ID:9717
Type:remote
Threat Level:
4/10
Description:Crossite scriptign in example applications.
CVE:CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML.")
Original documentdocumentAPACHE, [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application (09.03.2009)

Microsoft Internet Explorer DoS
Published:09.03.2009
Source:
SecurityVulns ID:9718
Type:remote
Threat Level:
5/10
Description:DoS with ListWidth property of Forms.ListBox / Forms.ComboBox ActiveX.
Original documentdocumentMustLive, DoS vulnerabilities in Internet Explorer 7 (09.03.2009)
Files:Internet Explorer 7 DoS Exploit - ListBox
 Internet Explorer 7 DoS Exploit - ComboBox

Audacity buffer overflow
Published:09.03.2009
Source:
SecurityVulns ID:9719
Type:local
Threat Level:
4/10
Description:buffer overflow on .gro files parsing.
Affected:AUDACITY : Audacity 1.3
 AUDACITY : Audacity 1.2
CVE:CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.)
Original documentdocumentGENTOO, [ GLSA 200903-03 ] Audacity: User-assisted execution of arbitrary code (09.03.2009)

MPFR library buffer overflow
Published:09.03.2009
Source:
SecurityVulns ID:9720
Type:library
Threat Level:
5/10
Description:mpfr_snprintf() and mpfr_vsnprintf() functions buffer overflow
Affected:GNU : MPFR 2.4
CVE:CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.)
Original documentdocumentGENTOO, [ GLSA 200903-13 ] MPFR: Denial of Service (09.03.2009)

OptiPNG buffer overflow
Published:09.03.2009
Source:
SecurityVulns ID:9721
Type:local
Threat Level:
4/10
Description:Buffer overflow on .GIF files processing.
Affected:OPTIPNG : OptiPNG 0.6
CVE:CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.)
Original documentdocumentGENTOO, [ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code (09.03.2009)

SupportSoft DNA Editor ActiveX unauathorized access
Published:09.03.2009
Source:
SecurityVulns ID:9723
Type:client
Threat Level:
5/10
Description:Multiple unsafe methods.
Original documentdocumentrgod, SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7) (09.03.2009)

libc fts_* functions vulnerabilities
Published:09.03.2009
Source:
SecurityVulns ID:9724
Type:library
Threat Level:
5/10
Description:Invalid exceptional conditions processing on long path.
Affected:MICROSOFT : Windows Vista
 OPENBSD : OpenBSD 4.4
 MICROSOFT : Interix 6.0
CVE:CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.)
Original documentdocumentMaksymilian Arciemowicz, libc:fts_*():multiple vendors, Denial-of-service (09.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod