 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 15.03.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9741 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Power Phlogger: DoS against user's account and server. |
| SlySoft Multiple DVD applications memory corruptions | | Published: | | 15.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9742 | | Type: | | local | | Level: | | 5/10 | | Description: | | ElbyCDIO.sys driver multiple memory corruptions. |
| MLDonkey directory traversal | | Published: | | 15.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9745 | | Type: | | remote | | Level: | | 5/10 | | Description: | | It's possible to retrieve any file with HTTP console. |
| Affected: |  | MLDONKEY : mldonkey 2.9 | | CVE: |  | CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.) |
| glib library memory corruption | | Published: | | 15.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9743 | | Type: | | library | | Level: | | 7/10 | | Description: | | Memory corruption on base64 encoding/decoding. |
| Affected: | | LIBSOUP : libsoup 2.2 | | | | GLIB : glib 2.11 | | | | GLIB : glib 2.12 | | | | GSTREAMER : gstreamer-plugins-base 0.10 | | CVE: | | CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.) | | | | CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow.) | | | | CVE-2009-0585 (Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.) | | | | CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.) |
| Apple iTunes DoS | | Published: | | 15.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9744 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS with DAAP messages. |
| Affected: | | APPLE : iTunes 8 | | CVE: | | CVE-2009-0016 (Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.) |
|
|
|
|
|
|
|
|
