Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.03.2009
Source:
SecurityVulns ID:9753
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:FIREANT : FireAnt 1.3
 FUBARFORUM : FubarForum 1.6
 CHAOZZDB : chaozzDB 1.2
 SITECORE : Sitecore .NET 5.3
Original documentdocumentsecurity.assurance_(at)_nab.com.au, Sitecore .NET 5.3.x - web service information disclosure (19.03.2009)
 documentvuln_(at)_e-rdc.org, [ECHO_ADV_105$2009] chaozzDB <= 1.2 Critical File Disclosure Vulnerability (19.03.2009)
 documentvuln_(at)_e-rdc.org, [ECHO_ADV_107$2009] FubarForum <= 1.6 Critical File Disclosure Vulnerability (19.03.2009)
 documentvuln_(at)_e-rdc.org, [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability (19.03.2009)

Weechat IRC client DoS
Published:19.03.2009
Source:
SecurityVulns ID:9754
Type:remote
Threat Level:
5/10
Description:Crash on PRIVMSG parsing.
Affected:WEECHAT : weechat 0.2
CVE:CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1744-1] New weechat packages fix denial of service (19.03.2009)

Autonomy KeyView library buffer overflow
Published:19.03.2009
Source:
SecurityVulns ID:9755
Type:library
Threat Level:
6/10
Description:Buffer overflow on Word Perfect (.wpd) files parsing.
Affected:AUTONOMY : KeyView 10.4
CVE:CVE-2008-4564 (Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.17.09: Autonomy KeyView Word Perfect File Parsing Buffer Overflow Vulnerability (19.03.2009)

Symantec PcAnywhere format string vulnerability
Published:19.03.2009
Source:
SecurityVulns ID:9756
Type:local
Threat Level:
5/10
Description:Format string vulnerability with .chm filename.
Affected:SYMANTEC : pcAnywhere 12.5
CVE:CVE-2009-0538 (Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).)
Original documentdocumentDeral Heiland, Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5 (19.03.2009)

CDex buffer overflow
Published:19.03.2009
Source:
SecurityVulns ID:9757
Type:local
Threat Level:
5/10
Description:Buffer overflow on .ogg format parsing.
Original documentdocumentrgod, CDex v1.70b2 (.ogg) local buffer overflow exploit poc (19.03.2009)
Files:CDex v1.70b2 (.ogg) local buffer overflow exploit poc (win xp sp3)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod