Search:Vulnerability:15.09.2009 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

nginx proxy server memory corruption
Published: 15.09.2009
Source: BUGTRAQ
SecurityVulns ID: 10238
Type: remote
Level: 6/10
Description: Memory corruption on HTTP request URI.

Affected: NGINX : nginx 0.7
CVE: CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.)

Original document DEBIAN, [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution (15.09.2009)

Discuss: Read or add your comments to this news (0 comments)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 15.09.2009
Source:
SecurityVulns ID: 10239
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: VBULLETIN : vBulletin 3.8
JOOMLA : Joomla Hotel Booking System III
RAILS : rails 2.1
CVE: CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.)

Original document DEBIAN, [SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting (15.09.2009)

snip3r ir4Q, vBulletin 3.8.2 Denial of Service Exploit (15.09.2009)

adv_(at)_e-rdc.org, [ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability (15.09.2009)

Files: vBulletinR Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t
Discuss: Read or add your comments to this news (2 comments)

Proland Software Protector Plus antivirus weak permissions
Published: 15.09.2009
Source: BUGTRAQ
SecurityVulns ID: 10241
Type: local
Level: 5/10
Description: Executable files have Everyone:Full Control permissions.

Affected: PROLAND : Protector Plus 2009
PROLAND : Protector Plus 9.1

Original document ShineShadow, Local privilege escalation vulnerability in Protector Plus Antivirus (Proland Software) (15.09.2009)

Discuss: Read or add your comments to this news (0 comments)

BSD systems kevent race conditions
updated since 24.08.2009
Published: 15.09.2009
Source: FULL-DISCLOSURE
SecurityVulns ID: 10173
Type: local
Level: 6/10
Description: Race conditions on SMP systems.

Affected: FREEBSD : FreeBSD 6.1
NETBSD : NetBSD 5.0
DRAGONFLYBSD : DragonFlyBSD 2.2

Original document Przemyslaw Frasunek, Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference (15.09.2009)

Przemyslaw Frasunek, FreeBSD <= 6.1 kqueue() NULL pointer dereference (24.08.2009)

Przemyslaw Frasunek, FreeBSD <= 6.1 kqueue() NULL pointer dereference (24.08.2009)

Files: FreeBSD 6.1 kevent() race condition exploit
Discuss: Read or add your comments to this news (0 comments)

Apple iPhone buffer overflow
Published: 15.09.2009
Source: BUGTRAQ
SecurityVulns ID: 10237
Type: client
Level: 6/10
Description: Buffer overflow in Audio Codecs on AAC and MP3 streams parsing.

Affected: APPLE : iPhone OS 3.0
CVE: CVE-2009-2206 (Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.)

Original document tk_(at)_trapkit.de, [TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow (15.09.2009)

Discuss: Read or add your comments to this news (0 comments)

WarFTPd FTP Server DoS
Published: 15.09.2009
Source: BUGTRAQ
SecurityVulns ID: 10240
Type: remote
Level: 5/10

Affected: WARFTP : War FTP Daemon 1.82

Original document Jarle Aase, War FTP Daemon Remote Denial Of Service Vulnerability (15.09.2009)

Discuss: Read or add your comments to this news (0 comments)

test server