 |
|
|
|
| Linux kernel multiple security vulnerabilities | | Published: |  | 12.03.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9731 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Unauthorized skfp_ioctl statistics reset, getsockopt() information leak. |
| Affected: |  | LINUX : kernel 2.6 | | CVE: |  | CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.) | | | | CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.) |
| Adonics NAS Adapter DoS | | Published: | | 12.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9732 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Multiple DoS conditions on HTTP requests processing after authentication. |
| PCTools iAntivirus multiple security vulnerabilities | | Published: | | 12.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9733 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Protection bypass, invalid behaviour in multiuser environment. |
| wesnoth game multiple security vulnerabilities | | Published: | | 12.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9740 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS, code execution. |
| Affected: | | WESNOTH : Wesnoth 1.4 | | | | WESNOTH : Wesnoth 1.5 | | CVE: | | CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.) | | | | CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.) |
| IBM Director CIM Server multiple security vulnerabilities | | Published: | | 12.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9734 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS, privilege escalation. |
| HP Systems Insight Manager unauthorized access | | Published: | | 12.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9730 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Unaurhorized access via WMI interface (WMI Mapper). |
| Affected: | | HP : Systems Insight Manager 2.5 | | CVE: | | CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors.) | | | | CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows local users to gain privileges via unknown vectors.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 12.03.2009 | | Source: | | | | SecurityVulns ID: | | 9736 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
PHPSlideshow: crossite scripting.
Athree CMS: information leak, SQL injection, DoS.
|
| Affected: | | WEBSVN : WebSVN 2.1 | | | | ARYANIC : HighPortal 10 | | | | ARYANIC : HighCMS 10 | | | | WEBID : WeBid 0.7 | | | | WORDPRESS : WordPress MU 2.6 | | | | MAHARA : mahara 1.0 | | | | NEXTAPP : NextApp Echo 2.1 | | | | TRELLISDESK : Trellis Desk 1.0 | | | | TIKIWIKI : TikiWiki 2.2 | | CVE: | | CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.) | | | | CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.) | | | | CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.) | | | | CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.) | | | | CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.) | | | | CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.) |
| Original document |  | iliz-z_(at)_yandex.ru, TikiWiki 2.2 XSS Vulnerability in URI (12.03.2009) |
| | | larry_(at)_jlogica.com, Trellis Desk v1.0 XSS Vulnerability (12.03.2009) |
| | | MustLive, Multiple vulnerabilities in Athree CMS (12.03.2009) |
| | | Daniel Fabian, SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability (12.03.2009) |
| | | sosoblood_(at)_hotmail.com, Sun Java System Communications Express [HTML Injection] (12.03.2009) |
| | | DEBIAN, [SECURITY] [DSA 1736-1] New mahara packages fix cross-site scripting (12.03.2009) |
| | | ISecAuditors Security Advisories, [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability (12.03.2009) |
| | | vuln_(at)_e-rdc.org, [ECHO_ADV_104$2009] WeBid <= 0.7.3 RC9 Multiple Remote File Inclution Vulnerabilities (12.03.2009) |
| | | mr.faghani_(at)_gmail.com, Aryanic HighCMS and HighPortal multiple Vulnerabilities (12.03.2009) |
| | | GENTOO, [ GLSA 200903-20 ] WebSVN: Multiple vulnerabilities (12.03.2009) |
| dash privilege esclation | | Published: | | 12.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9737 | | Type: | | local | | Level: | | 5/10 | | Description: | | privilege esccalation with .profile |
| Affected: | | DASH : dash 0.5 | | CVE: | | CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.) |
| POP Peeper buffer overflow | | Published: | | 12.03.2009 | | Source: | | KRAKOWLABS | | SecurityVulns ID: | | 9738 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow with Date: header. |
| Cisco CallManager / Unified Communications Manager privilege escalation | | Published: | | 12.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9739 | | Type: | | remote | | Level: | | 6/10 | | Description: | | During authentication process for address book synchronization, full access account credentials are leaked to client. |
| Belkin Bulldog UPS management software buffer overflow | | Published: | | 12.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9735 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Buffer overflow in built-in web server. |
|
|
|
|
|
|
|
|
