 |
|
|
|
| HP LaserJet printers crossite request forgery | | Published: |  | 17.03.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9748 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Crossite request forgery with form data in conjunctions with insecure default access. |
| Avahi multicast DNS server DoS | | Published: | | 17.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9750 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Resources exhaustions on mDNS packet parsing. |
| Affected: |  | AVAHI : Avahi 0.6 | | CVE: |  | CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.) |
| Rosoft Media Player buffer overflow | | Published: | | 17.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9751 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on .rml playlists parsing. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 17.03.2009 | | Source: | | | | SecurityVulns ID: | | 9746 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| MySQL dynamic functions loading vulnerability | | Published: | | 17.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9747 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to load dynamic library from any location; functions are still available after library is unloaded. |
| Affected: | | ORACLE : MySQL 5.0 | | CVE: | | CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.) | | | | CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.) |
| GOM Encoder buffer overflow | | Published: | | 17.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9749 | | Type: | | local | | Level: | | 4/10 | | Description: | | Buffer overflow on .srt subtitles processing. |
| yaws Web server DoS | | Published: | | 17.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9752 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS via HTTP request with oversized header. |
| Affected: | | YAWS : yaws 1.79 | | CVE: | | CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.) |
Rosoft Media Player buffer overflow
updated since 19.12.2007 | | Published: | | 17.03.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8475 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Stack buffer overflow on .M3U files parsing. |
|
|
|
|
|
|
|
|
