Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.03.2009
Source:
SecurityVulns ID:9741
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: DoS against user's account and server.
Affected:POWERPHLOGGER : Power Phlogger 2.2
 INFOPOP : UBB.Threads 5.5
 ACMS : A.CMS 1.22
 BLOGCMS : BLOG CMS 4.2
 LIVINGCMS : Living CMS 1.4
Original documentdocumentaanisimov_(at)_ptsecurity.com, [Positive Technologies SA:2009-15] Living CMS Cross-Site Scripting vulnerability (15.03.2009)
 documentaanisimov_(at)_ptsecurity.com, [Positive Technologies SA:2009-14] BLOG CMS Cross-Site Scripting vulnerability (15.03.2009)
 documentaanisimov_(at)_ptsecurity.com, [Positive Technologies SA:2009-20] A.CMS Multiple Vulnerabilities (15.03.2009)
 documentswhite_(at)_securestate.com, Infopop UBB.Threads Admin Credentials via SQL Injection (15.03.2009)
 documentMustLive, New vulnerabilities in Power Phlogger (15.03.2009)

SlySoft Multiple DVD applications memory corruptions
Published:15.03.2009
Source:
SecurityVulns ID:9742
Type:local
Threat Level:
5/10
Description:ElbyCDIO.sys driver multiple memory corruptions.
Affected:SLYSOFT : AnyDVD 6.5
 SLYSOFT : Virtual CloneDrive 5.4
 SLYSOFT : CloneDVD 2.9
 SLYSOFT : CloneCD 5.3
Original documentdocumentValery Marchuk, [Suspected Spam][PT-2009-11] SlySoft Multiple Products ElbyCDIO.sys Denial of Service (15.03.2009)

glib library memory corruption
Published:15.03.2009
Source:
SecurityVulns ID:9743
Type:library
Threat Level:
7/10
Description:Memory corruption on base64 encoding/decoding.
Affected:LIBSOUP : libsoup 2.2
 GLIB : glib 2.11
 GLIB : glib 2.12
 GSTREAMER : gstreamer-plugins-base 0.10
CVE:CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.)
 CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.)
 CVE-2009-0585 (Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.)
 CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.)
Original documentdocumentWill Drewry, [oCERT-2008-015] glib and glib-predecessor heap overflows (15.03.2009)

Apple iTunes DoS
Published:15.03.2009
Source:
SecurityVulns ID:9744
Type:remote
Threat Level:
5/10
Description:DoS with DAAP messages.
Affected:APPLE : iTunes 8
CVE:CVE-2009-0016 (Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.)
Original documentdocumentsecresearch_(at)_fortinet.com, Apple iTunes DAAP Messages Handling Denial of Service Vulnerability (15.03.2009)

MLDonkey directory traversal
Published:15.03.2009
Source:
SecurityVulns ID:9745
Type:remote
Threat Level:
5/10
Description:It's possible to retrieve any file with HTTP console.
Affected:MLDONKEY : mldonkey 2.9
CVE:CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.)
Original documentdocumentFlorian Weimer, [SECURITY] [DSA 1739-1] New mldonkey packages fix information disclosure (15.03.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod