Apple iPhone functionality abuse
Published:		18.06.2009
Source:		BUGTRAQ
SecurityVulns ID:		10001
Type:		client
Level:		6/10
Description:		By using tel: URI it's possible to force phone to dial some number without user's confirmation.

Affected:		APPLE : iPhone OS 2.1
		APPLE : iPhone OS 1.5

Original document

Collin R. Mulliner, iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008) (18.06.2009)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		18.06.2009
Source:
SecurityVulns ID:		9999
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:

GFORGE : gforge 4.5

Original document		IrIsT.Ir_(at)_gmail.com, phpMyTourney adminfunctions.php Remote File Include Vulnerabilities (18.06.2009)
		DEBIAN, [SECURITY] [DSA 1818-1] New gforge packages fix insufficient input sanitising (18.06.2009)

Discuss:

Read or add your comments to this news (0 comments)

Nokia 6212 multiple security vulnerabilities
Published:		18.06.2009
Source:		BUGTRAQ
SecurityVulns ID:		10002
Type:		remote
Level:		5/10
Description:		DoS, URI spoofing.

Original document

Collin R. Mulliner, Nokia 6212 classic URI spoofing and DoS advisory (original date: Dec. 2008) (18.06.2009)

Discuss:

Read or add your comments to this news (0 comments)

Linux kernel DoS
Published:		18.06.2009
Source:		CVE
SecurityVulns ID:		10000
Type:		local
Level:		5/10
Description:		Deadlog on splice calls handling.

Affected:		LINUX : kernel 2.6
CVE:		CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.)

Discuss:

Read or add your comments to this news (0 comments)