Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		09.10.2009
Source:
SecurityVulns ID:		10301
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		VBULLETIN : vBulletin 3.6
		VBULLETIN : vBulletin 3.7
		VBULLETIN : vBulletin 3.8
		DREAMPOLL : DreamPoll 3.1
		DOCEBO : Docebo 3.6

Original document		Andrea Fabrizi, Docebo Multiple SQL-Injection Vulnerabilities (09.10.2009)
		advisories_(at)_intern0t.net, vBulletin - Multiple Versions - Cross Site Script Redirection (09.10.2009)
		mark_(at)_infosecstuff.com, DreamPoll 3.1 Vulnerabilities (09.10.2009)
		Dazz.band_(at)_hotmail.com, BMW 'inventory.php"<= SQL Injection Vulnerability (09.10.2009)
		Paweі Јaskarzewski, QuickCart Multiple vlunerabilities (09.10.2009)

Discuss:

Read or add your comments to this news (0 comments)

FreeBSd race conditions (devfs) updated since 03.10.2009
Published:		09.10.2009
Source:		BUGTRAQ
SecurityVulns ID:		10282
Type:		local
Level:		6/10
Description:		Race conditions between devfs and VFS allow code execution.

Affected:		FREEBSD : FreeBSD 6.4
		FREEBSD : FreeBSD 7.2

Original document		Przemyslaw Frasunek, FreeBSD 7.2 VFS/devfs race condition exploit (09.10.2009)
		FREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:14.devfs (03.10.2009)

Files:		FreeBSD 7.2 devfs kevent() race condition exploit
Discuss:		Read or add your comments to this news (0 comments)

httpdx Web server buffer overflow
Published:		09.10.2009
Source:		BUGTRAQ
SecurityVulns ID:		10302
Type:		remote
Level:		5/10
Description:		Buffer overflow on GET response parsing.

Affected:

HTTPDX : httpdx 1.4

Original document

pankaj208_(at)_gmail.com, Remote buffer overflow in httpdx (09.10.2009)

Discuss:

Read or add your comments to this news (0 comments)

NetPBM DoS
Published:		09.10.2009
Source:		BUGTRAQ
SecurityVulns ID:		10304
Type:		library
Level:		5/10
Description:		Crash on displaying image with large height.

Affected:		NETPBM : Netpbm 10.35
CVE:		CVE-2008-4799 (pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.)

Original document

MANDRIVA, [ MDVSA-2009:262 ] netpbm (09.10.2009)

Discuss:

Read or add your comments to this news (0 comments)

HP printers crossite scripting updated since 07.10.2009
Published:		09.10.2009
Source:		BUGTRAQ
SecurityVulns ID:		10296
Type:		remote
Level:		4/10
Description:		Crossite scripting in Jetdirect web interface for LaserJet and Color LaserJet printers.

CVE:

CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.)

Original document		DSecRG, [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities (09.10.2009)
		HP, [security bulletin] HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS) (07.10.2009)

Discuss:

Read or add your comments to this news (0 comments)

FreeBSd race conditions (pipe) updated since 03.10.2009
Published:		09.10.2009
Source:		BUGTRAQ
SecurityVulns ID:		10281
Type:		local
Level:		6/10
Description:		Race conditions in pipes close() call allow code execution in kernel context.

Affected:

FREEBSD : FreeBSD 6.4

Original document		Przemyslaw Frasunek, FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit (09.10.2009)
		FREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:13.pipe (03.10.2009)

Files:		Exploits FreeBSD <= 6.4 pipeclose()/knlist_cleardel() race condition
Discuss:		Read or add your comments to this news (0 comments)

CA Anti-Virus multiple security vulnerabilities updated since 09.10.2009
Published:		13.10.2009
Source:		BUGTRAQ
SecurityVulns ID:		10305
Type:		remote
Level:		6/10
Description:		Multiple vulnerabilities on RAR archives parsing.

Affected:		CA : eTrust Intrusion Detection 3.0
		CA : CA Internet Security Suite 2007
		CA : ARCserve Backup 11.5
		CA : CA Internet Security Suite 2008
		CA : CA Protection Suites 3.1
		CA : CA Anti-Virus 7.1
		CA : CA Anti-Virus 8.1
		CA : CA Anti-Virus 2007
		CA : CA Anti-Virus 2008
		CA : CA Network and Systems Management 11.1
		CA : CA Anti-Virus 2009
		CA : CA Internet Security Suite 2009
		CA : CA Threat Manager 8.1
		CA : CA Secure Content Manager 8.0
		CA : ARCserve Backup 12.5
		CA : CA Common Services 11.1
CVE:		CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.)
		CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.)

Original document		Thierry Zoller, [G-SEC 46-2009] Computer Associates multiple products arbritary code execution (13.10.2009)
		CA, CA20091008-01: Security Notice for CA Anti-Virus Engine (09.10.2009)

Discuss:

Read or add your comments to this news (0 comments)

IBM AIX rpc.cmsd buffer overflow updated since 09.10.2009
Published:		02.02.2010
Source:		BUGTRAQ
SecurityVulns ID:		10303
Type:		remote
Level:		6/10
Description:		Buffer overflow on RPC request parsing.

Affected:		IBM : AIX 5.3
		IBM : AIX 6.1
		IBM : VIOS 1.4
		IBM : VIOS 1.5
		IBM : VIOS 2.1

Original document		Rodrigo Rubira Branco (BSDaemon), Remote Vulnerability in AIX RPC.cmsd released by iDefense (02.02.2010)
		IDEFENSE, iDefense Security Advisory 10.07.09: IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability (09.10.2009)

Files:		RPC.cmsd remote PoC for AIX 6.1 and lower
Discuss:		Read or add your comments to this news (0 comments)