Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.07.2009
Source:
SecurityVulns ID:10078
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:XAMPP : XAMPP 1.7
 XAMPP : XAMPP 1.6
Original documentdocumentDEBIAN, [SECURITY] [DSA 1836-1] New fckeditor packages fix arbitrary code execution (18.07.2009)
 documentMustLive, Multiple vulnerabilities in XAMPP (18.07.2009)

PulseAudio race conditions
Published:18.07.2009
Source:
SecurityVulns ID:10079
Type:local
Threat Level:
6/10
Description:Race condition on temporary files creation allow symlink attack.
Affected:PULSEAUDIO : PulseAudio 0.9
CVE:CVE-2009-1894 (Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.)
Original documentdocumentAkita Software Security, PulseAudio local race condition privilege escalation vulnerability (18.07.2009)

Terratec HomeCinema multiple security vulnerabilities
Published:18.07.2009
Source:
SecurityVulns ID:10080
Type:library
Threat Level:
6/10
Description:System libraries are replaced with outdated viersions during installation process in insecure manner.
Affected:TERRATEC : HomeCinema 6.3
Original documentdocumentStefan Kanthak, Vulnerable DLLs distributed with Terratec HomeCinema 6.3 (18.07.2009)

Android camera and audio control bypass
Published:18.07.2009
Source:
SecurityVulns ID:10081
Type:local
Threat Level:
5/10
Description:Access control is only checked on application request.
Affected:ANDROID : Android 1.5
CVE:CVE-2009-2348 (Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone.)
Original documentdocumentAndrea Barisani, [oCERT-2009-011] Android improper camera and audio permission verification (18.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod