Computer Security
[EN] securityvulns.ru no-pyccku


MySQL DoS
Published:19.11.2007
Source:
SecurityVulns ID:8356
Type:local
Threat Level:
5/10
Description:Invalid assertion on CONTAINS processing.
Affected:ORACLE : MySQL 5.0
CVE:CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200711-25 ] MySQL: Denial of Service (19.11.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.11.2007
Source:
SecurityVulns ID:8357
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Fusion: CAPTCHA protection bypass.
Affected:ICEBB : IceBB 1.0
 VIGILECMS : VigileCMS 1.4
Original documentdocumentaeroxteam_(at)_gmail.com, IceBB 1.0rc6 <= Remote SQL Injection (19.11.2007)
 documentaeroxteam_(at)_gmail.com, IceBB 1.0rc6 <= Remote SQL Injection (19.11.2007)
 documentinfo_(at)_opencosmo.com, VigileCMS 1.4 Multiple Remote Vulnerabilities (19.11.2007)
 documentokan alp, FairSoft S.Mini web Busines Prelease & Calendar asp Sql injection (19.11.2007)
 documentMustLive, MoBiC-18: PHP-Fusion CAPTCHA bypass (19.11.2007)
Files:IceBB 1.0-rc6 - Database Authentication Details Exploit

LIVE555 media server DoS
Published:19.11.2007
Source:
SecurityVulns ID:8358
Type:remote
Threat Level:
5/10
Description:Uninitialized memory reading on RTSP query processing.
Affected:LIVE555 : LIVE555 2007.11
CVE:CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.)
Original documentdocumentLuigi Auriemma, [Full-disclosure] Crash in LIVE555 Media Server 2007.11.01 (19.11.2007)

net-snmp DoS
Published:19.11.2007
Source:
SecurityVulns ID:8360
Type:remote
Threat Level:
5/10
Description:CPU resources exhaustion on GETBULK with large max-repeaters parameter value.
Affected:NETSNMP : Net-SNMP 5.4
CVE:CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.)
Original documentdocumentMANDRIVA, [ MDKSA-2007:225 ] - Updated net-snmp packages fix remote denial of service vulnerability (19.11.2007)

Firefox / Konqueror / Safari certificate spoofing
updated since 19.11.2007
Published:20.11.2007
Source:
SecurityVulns ID:8359
Type:remote
Threat Level:
5/10
Description:Link between certificate and web site is not set, if certificate from unknown certification authirity is manually approved, making it's possible to use same certificate for different site withour warning.
Affected:APPLE : Safari 2.0
 MOZILLA : Firefox 2.0
 KDE : Konqueror 3.5
 APPLE : Safari 3.0
 KDE : Konqueror 3.95
Original documentdocumentGraeme Fowler, Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2 (20.11.2007)
 documentNils Toedtmann, ertificate spoofing with subjectAltName and domain name wildcards (19.11.2007)
 documentNils Toedtmann, [Full-disclosure] Certificate spoofing issue with Mozilla, Konqueror, Safari 2 (19.11.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod