Computer Security

Search:Vulnerability:09.09.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



D-Link DIR-100 URL filtering bypass
Published:09.09.2008
Source:BUGTRAQ
SecurityVulns ID:9274
Type:remote
Level:4/10
Description:Filtering doesn't work for oversized URLs.
Affected:DLINK : D-Link DIR-100
Original documentdocumentMarc Ruef, [scip_Advisory 3808] D-Link DIR-100 long url filter evasion (09.09.2008)
Discuss:Read or add your comments to this news (0 comments)

VLC Media Player integer overflow
updated since 03.07.2008
Published:09.09.2008
Source:BUGTRAQ
SecurityVulns ID:9123
Type:client
Level:6/10
Description:Integer overflow on WAV and TTA files parsing.
Affected:VLC : VLC Media Player 0.8
CVE:CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.)
 CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
 CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.)
Original documentdocumentGENTOO, [ GLSA 200809-06 ] VLC: Multiple vulnerabilities (09.09.2008)
 documentSECUNIA, Secunia Research: VLC Media Player WAV Processing Integer Overflow (03.07.2008)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.09.2008
Source:
SecurityVulns ID:9273
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection.
Affected:XOOPS : xoops 1.3
Original documentdocumentSmOk3, phpAdultSite CMS flaws (09.09.2008)
 documentgeinblues_(at)_gmail.com, xoops-1.3.10 shell command execute vulnerability ( causing snoopy class ) (09.09.2008)
Discuss:Read or add your comments to this news (0 comments)

Sagem F@ST 2404 router DoS
updated since 09.09.2008
Published:18.01.2009
Source:BUGTRAQ
SecurityVulns ID:9275
Type:remote
Level:5/10
Description:Device crash on oversized Web interface URL string. Unauthorized access to router reset Web page.
Affected:SAGEM : F@ST 2404
Original documentdocumentalphanix00_(at)_gmail.com, Sagem router f@st 2404 remote reset poc (18.01.2009)
 documentzigma_(at)_underz0ne.net, Sagem Router F@ST 2404 Remote Denial Of Service Exploit (09.09.2008)
Files:sagemreset.pl
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server