Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 13.08.2009
Published:14.08.2009
Source:
SecurityVulns ID:10149
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Original documentdocumentJustin C. Klein Keane, [Full-disclosure] Drupal Print Module Multiple Vulnerabilities (14.08.2009)
 documentostoure.sazan_(at)_gmail.com, new vulnerability founded by ostoure (14.08.2009)
 documentfaghani_(at)_nsec.ir, Elkapax CMS Cross site scripting vulnerability (13.08.2009)

SNOM VoIP phones authentication bypass
Published:14.08.2009
Source:
SecurityVulns ID:10151
Type:remote
Threat Level:
5/10
Description:Web interface access authentication bypass.
Affected:SNOM : snom 300
 SNOM : snom 320
 SNOM : snom 360
 SNOM : snom 370
 SNOM : snom 820
CVE:CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.)
Original documentdocumentWalter Sprenger, Authentication Bypass of Snom Phone Web Interface (14.08.2009)

HP Insight Control Suite For Linux multiple security vulnerabilities
Published:14.08.2009
Source:
SecurityVulns ID:10152
Type:remote
Threat Level:
5/10
Description:Crossite request forgery, denial of service, code execution.
Affected:HP : ICE-LX 2.11
Original documentdocumentHP, [security bulletin] HPSBMA02447 SSRT090062 rev.1 - Insight Control Suite For Linux (ICE-LX) Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial of Service (DoS), and Other Vulnerabilities (14.08.2009)

Linux kernel uninitialized pointers
updated since 14.08.2009
Published:31.08.2009
Source:
SecurityVulns ID:10150
Type:local
Threat Level:
7/10
Description:proto_ops structure uninitialized pointers.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
CVE:CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.)
Original documentdocumentRamon de Carvalho Valle, [Full-disclosure] Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture (31.08.2009)
 documentTavis Ormandy, Linux NULL pointer dereference due to incorrect proto_ops initializations (14.08.2009)
Files:proto_ops uninitialized pointer exploit
 Exploits Linux sock_sendpage() NULL pointer dereference

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod