MySQL DoS
Published:		19.11.2007
Source:		BUGTRAQ
SecurityVulns ID:		8356
Type:		local
Level:		5/10
Description:		Invalid assertion on CONTAINS processing.

Affected:		ORACLE : MySQL 5.0
CVE:		CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.)

Original document

GENTOO, [Full-disclosure] [ GLSA 200711-25 ] MySQL: Denial of Service (19.11.2007)

Discuss:

Read or add your comments to this news (0 comments)

LIVE555 media server DoS
Published:		19.11.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		8358
Type:		remote
Level:		5/10
Description:		Uninitialized memory reading on RTSP query processing.

Affected:		LIVE555 : LIVE555 2007.11
CVE:		CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.)

Original document

Luigi Auriemma, [Full-disclosure] Crash in LIVE555 Media Server 2007.11.01 (19.11.2007)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		19.11.2007
Source:
SecurityVulns ID:		8357
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Fusion: CAPTCHA protection bypass.

Affected:		ICEBB : IceBB 1.0
		VIGILECMS : VigileCMS 1.4

Original document		aeroxteam_(at)_gmail.com, IceBB 1.0rc6 <= Remote SQL Injection (19.11.2007)
		aeroxteam_(at)_gmail.com, IceBB 1.0rc6 <= Remote SQL Injection (19.11.2007)
		info_(at)_opencosmo.com, VigileCMS 1.4 Multiple Remote Vulnerabilities (19.11.2007)
		okan alp, FairSoft S.Mini web Busines Prelease & Calendar asp Sql injection (19.11.2007)
		MustLive, MoBiC-18: PHP-Fusion CAPTCHA bypass (19.11.2007)

Files:		IceBB 1.0-rc6 - Database Authentication Details Exploit
Discuss:		Read or add your comments to this news (0 comments)

net-snmp DoS
Published:		19.11.2007
Source:		BUGTRAQ
SecurityVulns ID:		8360
Type:		remote
Level:		5/10
Description:		CPU resources exhaustion on GETBULK with large max-repeaters parameter value.

Affected:		NETSNMP : Net-SNMP 5.4
CVE:		CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.)

Original document

MANDRIVA, [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability (19.11.2007)

Discuss:

Read or add your comments to this news (0 comments)

Firefox / Konqueror / Safari certificate spoofing updated since 19.11.2007
Published:		20.11.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		8359
Type:		remote
Level:		5/10
Description:		Link between certificate and web site is not set, if certificate from unknown certification authirity is manually approved, making it's possible to use same certificate for different site withour warning.

Affected:		APPLE : Safari 2.0
		MOZILLA : Firefox 2.0
		KDE : Konqueror 3.5
		APPLE : Safari 3.0
		KDE : Konqueror 3.95

Original document		Graeme Fowler, Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 (20.11.2007)
		Nils Toedtmann, ertificate spoofing with subjectAltName and domain name wildcards (19.11.2007)
		Nils Toedtmann, [Full-disclosure] Certificate spoofing issue with Mozilla, Konqueror, Safari 2 (19.11.2007)

Discuss:

Read or add your comments to this news (0 comments)