Computer Security

Search:Vulnerability:09.03.2009
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Cisco 7600 Series Router Session Border Controller module DoS
Published:09.03.2009
Source:BUGTRAQ
SecurityVulns ID:9714
Type:remote
Level:5/10
Description:DoS with crafted TCP/2000 data.
Affected:CISCO : Cisco 7600
CVE:CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC) before 3.0(2) for Cisco 7600 series routers allows remote attackers to cause a denial of service (SBC card reload) via crafted packets to TCP port 2000.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)

FoxIT Reader multiple security vulnerabilities
Published:09.03.2009
Source:BUGTRAQ
SecurityVulns ID:9716
Type:client
Level:5/10
Description:Uninitialized pointer dereference on PDF JBIG2 dictionary parsing, code execution, buffer overflow.
Affected:FOXIT : Foxit Reader 3.0
CVE:CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.)
Original documentdocumentSECUNIA, Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Internet Explorer DoS
Published:09.03.2009
Source:MustLive
SecurityVulns ID:9718
Type:remote
Level:5/10
Description:DoS with ListWidth property of Forms.ListBox / Forms.ComboBox ActiveX.
Original documentdocumentMustLive, DoS vulnerabilities in Internet Explorer 7 (09.03.2009)
Files:Internet Explorer 7 DoS Exploit - ListBox
 Internet Explorer 7 DoS Exploit - ComboBox
Discuss:Read or add your comments to this news (0 comments)

Audacity buffer overflow
Published:09.03.2009
Source:BUGTRAQ
SecurityVulns ID:9719
Type:local
Level:4/10
Description:buffer overflow on .gro files parsing.
Affected:AUDACITY : Audacity 1.3
 AUDACITY : Audacity 1.2
CVE:CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.)
Original documentdocumentGENTOO, [ GLSA 200903-03 ] Audacity: User-assisted execution of arbitrary code (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)

libc fts_* functions vulnerabilities
Published:09.03.2009
Source:BUGTRAQ
SecurityVulns ID:9724
Type:library
Level:5/10
Description:Invalid exceptional conditions processing on long path.
Affected:MICROSOFT : Windows Vista
 OPENBSD : OpenBSD 4.4
 MICROSOFT : Interix 6.0
CVE:CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.)
Original documentdocumentMaksymilian Arciemowicz, libc:fts_*():multiple vendors, Denial-of-service (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)

SupportSoft DNA Editor ActiveX unauathorized access
Published:09.03.2009
Source:BUGTRAQ
SecurityVulns ID:9723
Type:client
Level:5/10
Description:Multiple unsafe methods.
Original documentdocumentrgod, SupportSoft DNA Editor Module (dnaedit.dll v6.9.2205) remote code execution exploit (IE6/7) (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)

Apache Tomcat crossite scripting
Published:09.03.2009
Source:BUGTRAQ
SecurityVulns ID:9717
Type:remote
Level:4/10
Description:Crossite scriptign in example applications.
CVE:CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML.")
Original documentdocumentAPACHE, [SECURITY] CVE-2009-0781 XSS in Apache Tomcat examples web application (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)

OptiPNG buffer overflow
Published:09.03.2009
Source:BUGTRAQ
SecurityVulns ID:9721
Type:local
Level:4/10
Description:Buffer overflow on .GIF files processing.
Affected:OPTIPNG : OptiPNG 0.6
CVE:CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.)
Original documentdocumentGENTOO, [ GLSA 200903-12 ] OptiPNG: User-assisted execution of arbitrary code (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.03.2009
Source:
SecurityVulns ID:9715
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHPSlideshow: crossite scripting.
Affected:PHPSLIDESHOW : PHPSlideshow 0.9
 CELERBB : CelerBB 0.0
 WILICMS : Wili-CMS 0.4
 UMICMS : UMI.CMS 2.7
 TINX : TinX CMS 3.5
 NFORUM : nForum 1.5
 PHPCOMMUNITY : phpCommunity 2.1
 ZNC : ZNC 0.066
 VBOOK : vBook 4.2
Original documentdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability (09.03.2009)
 documentddivulnalert_(at)_ddifrontline.com, DDIVRT-2009-22 SMART Board Whiteboard Directory Traversal Vulnerability (09.03.2009)
 documentGENTOO, [ GLSA 200903-02 ] ZNC: Privilege escalation (09.03.2009)
 documentSalvatore "drosophila" Fresta, phpCommunity 2 2.1.8 Multiple Vulnerabilities (SQL Injection / Directory Traversal / XSS) (09.03.2009)
 documentSalvatore "drosophila" Fresta, nForum 1.5 Multiple SQL Injection (09.03.2009)
 documentaanisimov_(at)_ptsecurity.com, [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability (09.03.2009)
 documentaanisimov_(at)_ptsecurity.com, [Positive Technologies SA:2009-12] UMI.CMS Cross-Site Scripting vulnerability (09.03.2009)
 documentSalvatore "drosophila" Fresta, Wili-CMS 0.4.0 Multiple Vulnerabilities (Remote/Local File Inclusion - Authentication Bypass) (09.03.2009)
 documentSalvatore "drosophila" Fresta, CelerBB 0.0.2 Multiple Vulnerabilities (09.03.2009)
 documentMustLive, New Cross-Site Scripting vulnerability in PHPSlideshow (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)

MPFR library buffer overflow
Published:09.03.2009
Source:BUGTRAQ
SecurityVulns ID:9720
Type:library
Level:5/10
Description:mpfr_snprintf() and mpfr_vsnprintf() functions buffer overflow
Affected:GNU : MPFR 2.4
CVE:CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.)
Original documentdocumentGENTOO, [ GLSA 200903-13 ] MPFR: Denial of Service (09.03.2009)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server