Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Acrobat / Reader multiple security vulnerabilities
updated since 14.10.2009
Published:19.10.2009
Source:
SecurityVulns ID:10320
Type:remote
Threat Level:
8/10
Description:Multiple memory corruptions, array index overflows, etc.
Affected:ADOBE : Adobe Reader 8.1
 ADOBE : Adobe Reader 9.1
 ADOBE : Adobe Reader 7.1
CVE:CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.)
 CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.)
 CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.)
Original documentdocumentcocoruder, In-depth research on the recent PDF zero-day exploit (CVE-2009-3459) (19.10.2009)
 documentsecurity_(at)_nruns.com, n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution (17.10.2009)
 documentVUPEN Security Research, VUPEN Security - Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities (17.10.2009)
 documentIDEFENSE, iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability (14.10.2009)
 documentZDI, ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability (14.10.2009)
 documentIDEFENSE, iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability (14.10.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-286B -- Adobe Reader and Acrobat Vulnerabilities (14.10.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.10.2009
Source:
SecurityVulns ID:10326
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 3.0
 AMIRO : Amiro.CMS 5.4
 PHPCMS : phpcms 2008
Original documentdocumentinfo_(at)_securitylab.ir, phpcms 2008 Remote File Disclosure Vulnerability (19.10.2009)
 documentDEBIAN, [SECURITY] [DSA 1913-1] New bugzilla packages fix SQL injection (19.10.2009)
 documentONSEC, [ONSEC-09-018] Twilight CMS XSS (19.10.2009)
 documentONSEC, [ONSEC-09-004] Amiro.CMS Multiple XSS (19.10.2009)
 documentONSEC, [ONSEC-09-005] Amiro.CMS root folder disclosure (19.10.2009)

UiTV UiPlayer ActiveX buffer overflow
Published:19.10.2009
Source:
SecurityVulns ID:10327
Type:client
Threat Level:
5/10
Description:Buffer overflow in UiCheck.dll
CVE:CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.)
Original documentdocumentNSFOCUS, NSFOCUS SA2009-01 : UiTV UiPlayer UiCheck Component Stack Buffer Overflow Vulnerability (19.10.2009)

IBM DB2 JDBC DoS
Published:19.10.2009
Source:
SecurityVulns ID:10328
Type:remote
Threat Level:
5/10
Description:jdbcReadString() read behind memory.
Affected:IBM : DB2 8.1
 IBM : DB2 8.2
CVE:CVE-2009-2971
Original documentdocumentNSFOCUS, NSFOCUS SA2009-02 : IBM DB2 JDBC Applet Server Remote DoS Vulnerability (19.10.2009)

xpdf integer overflow
Published:19.10.2009
Source:
SecurityVulns ID:10329
Type:client
Threat Level:
6/10
Description:Integer overflow during PDF parsing leads to heap overflow.
Original documentdocumentadam_(at)_hispasec.com, Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce. (19.10.2009)

3COM OfficeConnect routers multiple security vulnerabilities
Published:19.10.2009
Source:
SecurityVulns ID:10330
Type:remote
Threat Level:
6/10
Description:Backdoor accounts, password stored in clear text, code execution.
Original documentdocumentAndrea Fabrizi, 3Com OfficeConnect Firewall/Router multiple remote Vulnerabilities (19.10.2009)

McKesson Horizon Clinical Infrastructure multiple hardcoded accounts
Published:19.10.2009
Source:
SecurityVulns ID:10331
Type:remote
Threat Level:
6/10
Description:Multiple unchangable hardcoded accounts.
Affected:MCKESSON : Horizon Clinical Infrastructure 7.6
 MCKESSON : Horizon Clinical Infrastructure 7.8
 MCKESSON : Horizon Clinical Infrastructure 10.0
 MCKESSON : Horizon Clinical Infrastructure 10.1
Original documentdocumentfoo_(at)_bar.com, McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords (19.10.2009)

Zoiper softphone DoS
Published:19.10.2009
Source:
SecurityVulns ID:10332
Type:remote
Threat Level:
5/10
Description:Crash on SIP request parsing.
Affected:ZOIPER : Zoiper 2.22
Original documentdocumentInj3ct0r.com, Vulnerability in Zoiper softphone version 2.22 - Denial Of Service (19.10.2009)
Files:Vulnerability in Zoiper softphone version 2.22 - Denial Of Service

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod