 |
|
|
|
| dnsmasq TFTP server multiple security vulnerabilities | | Published: |  | 10.09.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10222 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Heap buffer overrun, NULL pointer dereference. |
| Affected: |  | DNSMASQ : dnsmasq 2.49 | | CVE: |  | CVE-2009-2958 (The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.) | | | | CVE-2009-2957 (Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.) |
| gcc-xml symlink vulnerability | | Published: | | 10.09.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10225 | | Type: | | local | | Level: | | 5/10 | | Description: | | Symbolic links vulnerability on insecure temporary files creation. |
| Affected: | | GCCXML : gcc-xml 0.9 | | CVE: | | CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.) |
| cmus symbolic links vulnerability | | Published: | | 10.09.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10228 | | Type: | | local | | Level: | | 5/10 | | Description: | | Insecure creation of /tmp/cmus-status file. |
| LMBench symbolic links vulnerability | | Published: | | 10.09.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10226 | | Type: | | local | | Level: | | 5/10 | | Description: | | Insecure temporary files creation. |
| Affected: | | LMBENCH : LMBench 3 | | CVE: | | CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file.) |
| TkMan symbolic links vulnerability | | Published: | | 10.09.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10229 | | Type: | | local | | Level: | | 5/10 | | Description: | | Different symbolic links vulnerabilities on temporary files handling. |
| aria2 download manager buffer overflow | | Published: | | 10.09.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10223 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on DHT parsing. |
| Affected: | | ARIA2 : aria2 0.15 | | CVE: | | CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.) |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 10.09.2009 | | Source: | | | | SecurityVulns ID: | | 10224 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| screenie symbolic links vulnerabilities | | Published: | | 10.09.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10227 | | Type: | | local | | Level: | | 5/10 | | Description: | | Temporary file /tmp/.screenie.##### is created in insecure way. |
| Affected: | | SCREENIE : screenie 1.30 | | CVE: | | CVE-2008-5371 (screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.) |
| FreeRADIUS RADIUS server DoS | | Published: | | 10.09.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10230 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on zero-length Tunnel-Password attribute. |
| Affected: | | FREERADIUS : FreeRADIUS 1.1 | | CVE: | | CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967.) |
Mozilla Firefox multiple security vulnerabilities
updated since 10.09.2009 | | Published: | | 11.09.2009 | | Source: | | MOZILLA | | SecurityVulns ID: | | 10231 | | Type: | | client | | Level: | | 7/10 | | Description: | | Code execution, memory corruptions, address spoofing, hidden certificate installation. |
| Affected: | | MOZILLA : Firefox 3.0 | | | | MOZILLA : Firefox 3.5 | | CVE: | | CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.) | | | | CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.) | | | | CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability.") | | | | CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.) | | | | CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.) | | | | CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.) | | | | CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.) | | | | CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.) | | | | CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.) | | | | CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.) | | | | CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.) |
|
|
|
|
|
|
|
|
