Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.01.2008
Source:
SecurityVulns ID:8560
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch: crossite scripting
Affected:RISEARCH : RiSearch 0.99
Original documentdocumentMustLive, Cross-Site Scripting vulnerability in RiSearch (13.01.2008)

libxml DoS
updated since 13.01.2008
Published:13.01.2008
Source:
SecurityVulns ID:8561
Type:library
Threat Level:
5/10
Description:Hanging on XML parsing.
Affected:LIBXML : libxml 2.6
CVE:CVE-2007-6284

autofs privilege escalation
Published:13.01.2008
Source:
SecurityVulns ID:8562
Type:local
Threat Level:
5/10
Description:nosuid and nodev flags are not specified for NFS.
Affected:AUTOFS : autofs 5.0
CVE:CVE-2007-6285 (The default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server.)
 CVE-2007-5964

Linux kernel multiple security vulnrabilities
Published:13.01.2008
Source:
SecurityVulns ID:8563
Type:remote
Threat Level:
6/10
Description:unask is not correctly applied on CIFS filesystem, DoS via hugetlb_vmtruncate_list and hugetlb_vmtruncate, IA32 emulation subsystem processor registors access, ieee80211_rx integer overflow, Philips USB Webcam driver DoS, wait_task_stopped DoS.
CVE:CVE-2007-4997
 CVE-2007-4573
 CVE-2007-4133
 CVE-2007-3740 (The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.)
Original documentdocumentMANDRIVA, [ MDVSA-2008:008 ] - Updated kernel packages fix multiple vulnerabilities and bugs (13.01.2008)

StreamAudio ChainCast ProxyManager ActiveX buffer overflow
Published:13.01.2008
Source:
SecurityVulns ID:8564
Type:client
Threat Level:
5/10
Description:Buffer overflow in InternalTuneIn().
Original documentdocumentElazar Broad, [Full-disclosure] StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow (13.01.2008)

Sun Solaris ICMP DoS
updated since 01.02.2007
Published:13.01.2008
Source:
SecurityVulns ID:7147
Type:remote
Threat Level:
7/10
Description:Malformed ICMP packets cause system to crash.
Affected:ORACLE : Solaris 10
CVE:CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.)
Files:SunOS 5.10 ICMP Remote Kernel Crash Exploit Code

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod