Computer Security
[EN] securityvulns.ru no-pyccku


Sagem [email protected] 2404 router DoS
updated since 09.09.2008
Published:18.01.2009
Source:
SecurityVulns ID:9275
Type:remote
Threat Level:
5/10
Description:Device crash on oversized Web interface URL string. Unauthorized access to router reset Web page.
Affected:SAGEM : [email protected] 2404
Original documentdocumentalphanix00_(at)_gmail.com, Sagem router [email protected] 2404 remote reset poc (18.01.2009)
 documentzigma_(at)_underz0ne.net, Sagem Router [email protected] 2404 Remote Denial Of Service Exploit (09.09.2008)
Files:sagemreset.pl

Excel Viewer ActiveX buffer overflow
Published:18.01.2009
Source:
SecurityVulns ID:9595
Type:client
Threat Level:
5/10
Description:Buffer overflow in Open method.
Files:Excel Viewer OCX 3.1/3.2 Denial of Service PoC

Avira Antivir multiple security vulnerabilities
Published:18.01.2009
Source:
SecurityVulns ID:9597
Type:remote
Threat Level:
5/10
Description:Multiple DoS conditions and privilege escalations.
Original documentdocumentThierry Zoller, [TZO-2009-2] Avira Antivir - Priviledge escalation (18.01.2009)
 documentThierry Zoller, Errata: [TZO-2009-1] Avira Antivir - RAR - Division by Zero & Null Pointer Dereference (18.01.2009)

VirtualBox symbolic links vulnerability
Published:18.01.2009
Source:
SecurityVulns ID:9598
Type:remote
Threat Level:
5/10
Description:Insecure temporary files creation.
Affected:SUN : VirtualBox 2.0
CVE:CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:011 ] virtualbox (18.01.2009)

TFTPUtil GUI TFTP Server multiple security vulnerabilities
Published:18.01.2009
Source:
SecurityVulns ID:9599
Type:remote
Threat Level:
5/10
Description:DoS, directory traversal.
Affected:TFTPUTIL : TFTPUtil 1.3
Original documentdocumentvuln_research_(at)_princeofnigeria.org, TFTPUtil GUI TFTP Server Denial of Service Vulnerability (18.01.2009)
 documentvuln_research_(at)_princeofnigeria.org, TFTPUtil GUI TFTP Server Denial of Service Vulnerability (18.01.2009)

OTSTurntables buffer overflow
Published:18.01.2009
Source:
SecurityVulns ID:9600
Type:client
Threat Level:
3/10
Description:Buffer overflow on .ofl files processing.
Affected:OTSTURNTABLES : OTSTurntables 1.00
Original documentdocumentcrimson.loyd_(at)_gmail.com, OTSTurntables 1.00.027 (.ofl) Local Stack Overflow Exploit (18.01.2009)
Files:OTSTurntables 1.00.027 (.ofl) Local Stack Overflow Exploit

Cusci IronPort Encryption Appliance / PostX multiple security vulnerabilities
Published:18.01.2009
Source:
SecurityVulns ID:9601
Type:remote
Threat Level:
6/10
Description:Unauthorized access to encrypted messages, unauthorized access to administration interface.
Affected:CISCO : PostX 6.2
 CISCO : IronPort Encryption Appliance 6.3
 CISCO : IronPort Encryption Appliance 6.5
CVE:CVE-2009-0054 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.)
 CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error.")
Original documentdocumentCISCO, Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities (18.01.2009)

Cisco ONS TCP DoS
Published:18.01.2009
Source:
SecurityVulns ID:9602
Type:remote
Threat Level:
6/10
Description:Crash on TCP connection establishing.
Affected:CISCO : Cisco ONS 15327
 CISCO : Cisco ONS 15454
 CISCO : Cisco ONS 15310
CVE:CVE-2008-3818 (Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with software 7.0.2 through 7.0.6, 7.2.2, 8.0.x, 8.5.1, and 8.5.2 allows remote attackers to cause a denial of service (control-card reset) via a crafted TCP session.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco ONS Platform Crafted Packet Vulnerability (18.01.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.01.2009
Source:
SecurityVulns ID:9603
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INTERSPIRE : Interspire Shopping Cart 4.0
Original documentdocumentNam Nguyen, [BMSA-2009-01] Authentication bypass in Interspire Shopping Cart v4.0.1 and below (18.01.2009)

netatalk shell characters vulnerabilities
updated since 18.01.2009
Published:01.02.2009
Source:
SecurityVulns ID:9596
Type:remote
Threat Level:
5/10
Description:Shell characters vulnerability on PostScript print jobs processing.
Affected:NETATALK : netatalk 2.0
CVE:CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1704-2] Updated netatalk packages fix denial of service (01.02.2009)
 documentDEBIAN, [SECURITY] [DSA 1705-1] New netatalk packages fix arbitrary code execution (18.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod