Computer Security
[EN] securityvulns.ru no-pyccku


D-Link DIR-100 URL filtering bypass
Published:09.09.2008
Source:
SecurityVulns ID:9274
Type:remote
Threat Level:
4/10
Description:Filtering doesn't work for oversized URLs.
Affected:DLINK : D-Link DIR-100
Original documentdocumentMarc Ruef, [scip_Advisory 3808] D-Link DIR-100 long url filter evasion (09.09.2008)

VLC Media Player integer overflow
updated since 03.07.2008
Published:09.09.2008
Source:
SecurityVulns ID:9123
Type:client
Threat Level:
6/10
Description:Integer overflow on WAV and TTA files parsing.
Affected:VLC : VLC Media Player 0.8
CVE:CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.)
 CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
 CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.)
Original documentdocumentGENTOO, [ GLSA 200809-06 ] VLC: Multiple vulnerabilities (09.09.2008)
 documentSECUNIA, Secunia Research: VLC Media Player WAV Processing Integer Overflow (03.07.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.09.2008
Source:
SecurityVulns ID:9273
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
Affected:XOOPS : xoops 1.3
Original documentdocumentSmOk3, phpAdultSite CMS flaws (09.09.2008)
 documentgeinblues_(at)_gmail.com, xoops-1.3.10 shell command execute vulnerability ( causing snoopy class ) (09.09.2008)

Sagem [email protected] 2404 router DoS
updated since 09.09.2008
Published:18.01.2009
Source:
SecurityVulns ID:9275
Type:remote
Threat Level:
5/10
Description:Device crash on oversized Web interface URL string. Unauthorized access to router reset Web page.
Affected:SAGEM : [email protected] 2404
Original documentdocumentalphanix00_(at)_gmail.com, Sagem router [email protected] 2404 remote reset poc (18.01.2009)
 documentzigma_(at)_underz0ne.net, Sagem Router [email protected] 2404 Remote Denial Of Service Exploit (09.09.2008)
Files:sagemreset.pl

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod