Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.06.2009
Source:
SecurityVulns ID:9999
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:GFORGE : gforge 4.5
Original documentdocumentIrIsT.Ir_(at)_gmail.com, phpMyTourney adminfunctions.php Remote File Include Vulnerabilities (18.06.2009)
 documentDEBIAN, [SECURITY] [DSA 1818-1] New gforge packages fix insufficient input sanitising (18.06.2009)

Linux kernel DoS
Published:18.06.2009
Source:
SecurityVulns ID:10000
Type:local
Threat Level:
5/10
Description:Deadlog on splice calls handling.
Affected:LINUX : kernel 2.6
CVE:CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.)

Apple iPhone functionality abuse
Published:18.06.2009
Source:
SecurityVulns ID:10001
Type:client
Threat Level:
6/10
Description:By using tel: URI it's possible to force phone to dial some number without user's confirmation.
Affected:APPLE : iPhone OS 2.1
 APPLE : iPhone OS 1.5
Original documentdocumentCollin R. Mulliner, iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008) (18.06.2009)

Nokia 6212 multiple security vulnerabilities
Published:18.06.2009
Source:
SecurityVulns ID:10002
Type:remote
Threat Level:
5/10
Description:DoS, URI spoofing.
Original documentdocumentCollin R. Mulliner, Nokia 6212 classic URI spoofing and DoS advisory (original date: Dec. 2008) (18.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod