Computer Security
[EN] securityvulns.ru no-pyccku


WarFTPd FTP Server DoS
Published:15.09.2009
Source:
SecurityVulns ID:10240
Type:remote
Threat Level:
5/10
Affected:WARFTPD : War FTP Daemon 1.82
Original documentdocumentJarle Aase, War FTP Daemon Remote Denial Of Service Vulnerability (15.09.2009)

Proland Software Protector Plus antivirus weak permissions
Published:15.09.2009
Source:
SecurityVulns ID:10241
Type:local
Threat Level:
5/10
Description:Executable files have Everyone:Full Control permissions.
Affected:PROLAND : Protector Plus 2009
 PROLAND : Protector Plus 9.1
Original documentdocumentShineShadow, Local privilege escalation vulnerability in Protector Plus Antivirus (Proland Software) (15.09.2009)

BSD systems kevent race conditions
updated since 24.08.2009
Published:15.09.2009
Source:
SecurityVulns ID:10173
Type:local
Threat Level:
6/10
Description:Race conditions on SMP systems.
Affected:FREEBSD : FreeBSD 6.1
 NETBSD : NetBSD 5.0
 DRAGONFLYBSD : DragonFlyBSD 2.2
Original documentdocumentPrzemyslaw Frasunek, Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference (15.09.2009)
 documentPrzemyslaw Frasunek, FreeBSD <= 6.1 kqueue() NULL pointer dereference (24.08.2009)
 documentPrzemyslaw Frasunek, FreeBSD <= 6.1 kqueue() NULL pointer dereference (24.08.2009)
Files:FreeBSD 6.1 kevent() race condition exploit

Apple iPhone buffer overflow
Published:15.09.2009
Source:
SecurityVulns ID:10237
Type:client
Threat Level:
6/10
Description:Buffer overflow in Audio Codecs on AAC and MP3 streams parsing.
Affected:APPLE : iPhone OS 3.0
CVE:CVE-2009-2206 (Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.)
Original documentdocumenttk_(at)_trapkit.de, [TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow (15.09.2009)

nginx proxy server memory corruption
Published:15.09.2009
Source:
SecurityVulns ID:10238
Type:remote
Threat Level:
6/10
Description:Memory corruption on HTTP request URI.
Affected:NGINX : nginx 0.7
CVE:CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution (15.09.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.09.2009
Source:
SecurityVulns ID:10239
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : vBulletin 3.8
 JOOMLA : Joomla Hotel Booking System III
 RAILS : rails 2.1
CVE:CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting (15.09.2009)
 documentsnip3r ir4Q, vBulletin 3.8.2 Denial of Service Exploit (15.09.2009)
 documentadv_(at)_e-rdc.org, [ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability (15.09.2009)
Files:vBulletinR Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod