 |
|
|
|
| Microsoft Internet Explorer DoS | | Published: |  | 09.11.2009 | | Source: |  | MustLive | | SecurityVulns ID: |  | 10384 | | Type: |  | client | | Level: |  | 4/10 | | Description: |  | Unremovable dialog with cycled setHomePage. |
Pidgin DoS
updated since 09.11.2009 | | Published: | | 09.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10386 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on OSCAR protocol contact list parsing (ICQ and AIM). |
| CVE: |  | CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.) |
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 09.11.2009 | | Published: | | 09.11.2009 | | Source: | | | | SecurityVulns ID: | | 10385 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Apple Safari buffer overflow | | Published: | | 09.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10387 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow on oversized CSS background attribute. |
| Apache Tomcat for Windows backdoor account | | Published: | | 09.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10389 | | Type: | | remote | | Level: | | 6/10 | | Description: | | admin account with empty password is created during installation. |
| Affected: |  | APACHE : Tomcat 5.5 | | | | APACHE : Tomcat 6.0 | | CVE: | | CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.) |
SSL data injection
updated since 09.11.2009 | | Published: | | 10.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10388 | | Type: | | m-i-t-m | | Level: | | 8/10 | | Description: | | Data injection possibility connected with SSL in-session renegotiation. |
| Affected: | | OPENSSL : OpenSSL 0.9 | | | | PROFTPD : ProFTPD 1.3 | | | | APACHE : Apache 2.2 | | | | ARUBANETWORKS : ArubaOS 2.4 | | | | ARUBANETWORKS : ArubaOS 2.5 | | | | ARUBANETWORKS : ArubaOS 3.1 | | | | ARUBANETWORKS : ArubaOS 3.3 | | | | GNU : GnuTLS 2.8 | | | | ARUBANETWORKS : ArubaOS 3.4 | | | | MOZILLA : Mozilla Network Security Services 3.12 | | CVE: | | CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.) |
|
|
|
|
|
|
|
|
