Computer Security
[EN] securityvulns.ru no-pyccku


honeyd symbolic links vulnerability
Published:15.12.2008
Source:
SecurityVulns ID:9514
Type:local
Threat Level:
5/10
Description:test.sh script insecure temporary files creation.
Affected:HONEYD : honeyd 1.5
CVE:CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.)
Original documentdocumentGENTOO, [ GLSA 200812-12 ] Honeyd: Insecure temporary file creation (15.12.2008)

aview symbolic links vulnerability
Published:15.12.2008
Source:
SecurityVulns ID:9515
Type:local
Threat Level:
5/10
Description:Insecure temporary file creation.
Affected:AVIEW : aview 1.3
CVE:CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.)
Original documentdocumentGENTOO, [ GLSA 200812-14 ] aview: Insecure temporary file usage (15.12.2008)

No-IP.com DDNS client for Unix/Linux buffer overflow
Published:15.12.2008
Source:
SecurityVulns ID:9516
Type:client
Threat Level:
5/10
Description:Buffer overflow on HTTP response parsing.
Affected:NOIP : No-IP DUC 2.1
CVE:CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1686-1] New no-ip packages fix arbitrary code execution (15.12.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.12.2008
Source:
SecurityVulns ID:9517
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CapCC for WordPress - SQL injection, automation protection bypass, crossite request forgery.
Affected:PHPLIST : phpList 2.10
 CAPCC : CapCC 1.0
 CFAGCMS : CFAGCMS 1
 EX-DESIGNZ : World Recipe 2.11
Original documentdocumentPHPLIST, phpList vulnerability (15.12.2008)
 documentsecurity_(at)_armorize.com, Multiple XSS Vulnerabilities in World Recipe 2.11 (15.12.2008)
 documentMustLive, New vulnerabilities in CapCC for WordPress (15.12.2008)

MPlayer buffer overflow
Published:15.12.2008
Source:
SecurityVulns ID:9518
Type:client
Threat Level:
5/10
Description:Buffer overflow on TwinVQ format parsing.
Affected:MPLAYER : MPlayer 1.0
CVE:CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.)
Original documentdocumenttk_(at)_trapkit.de, [TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability (15.12.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod