Computer Security
[EN] securityvulns.ru no-pyccku


Fujitsu SystemcastWizard Lite buffer overflow
Published:20.01.2009
Source:
SecurityVulns ID:9606
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized PXE request.
Affected:FUJITSU : SystemcastWizard Lite 2.0
 FUJITSU : SystemcastWizard Lite 1.9
Original documentdocumentvulns_(at)_wintercore.com, [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow. (20.01.2009)

Trend Micro OfficeScan / Trend Micro Internet Security multiple security vulnerabilities
Published:20.01.2009
Source:
SecurityVulns ID:9607
Type:local
Threat Level:
5/10
Description:Firewall settings manipulations, DoS.
Affected:TM : OfficeScan 8.0
 TM : Trend Micro Internet Security 2007
 TM : Trend Micro Internet Security 2008
CVE:CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.)
 CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.)
 CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.)
Original documentdocumentSECUNIA, [Full-disclosure] Secunia Research: Trend Micro NSC Firewall Configuration Vulnerability (20.01.2009)
 documentSECUNIA, [Full-disclosure] Secunia Research: Trend Micro Network Security Component Vulnerabilities (20.01.2009)

Windows NTP Time Server Syslog Monitor DoS
Published:20.01.2009
Source:
SecurityVulns ID:9609
Type:remote
Threat Level:
5/10
Description:Crash on malformed syslog packet
Affected:TIMETOOLS : Windows NTP Time Server Syslog Monitor 1.0
Original documentdocumentvuln_research_(at)_princeofnigeria.org, Windows NTP Time Server Syslog Monitor 1.0.000 Denial of Service Vulnerability (20.01.2009)

Microsoft Windows Mobile bluetooth stack directory traversal
Published:20.01.2009
Source:
SecurityVulns ID:9610
Type:remote
Threat Level:
5/10
Description:OBEX FTP directory traversal.
Affected:MICROSOFT : WIndows Mobile 5.0
 MICROSOFT : WIndows Mobile 6.0
Original documentdocumentalberto.morenot_(at)_gmail.com, Microsoft Bluetooth Stack OBEX Directory Traversal (20.01.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.01.2009
Published:20.01.2009
Source:
SecurityVulns ID:9604
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: SQL injection, DoS.
Affected:POWERPHLOGGER : Power Phlogger 2.2
 53KF : 53KF Web IM
 MOINMOIN : MoinMoin 1.8
CVE:CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.)
Original documentdocumentswhite_(at)_securestate.com, MoinMoin Wiki Engine XSS Vulnerability (20.01.2009)
 documentHACKERS PAL, Cybershade CMS Remote File include vulnerability (20.01.2009)
 documentAPACHE, [Full-disclosure] [ANNOUNCE] Apache Jackrabbit 1.5.2 released (20.01.2009)
 documentxsp, 53KF Web IM 2009 Cross-Site Scripting Vulnerabilities (20.01.2009)
 documentMustLive, SQL Injection and DoS vulnerabilities in Power Phlogger (20.01.2009)

Ralinktech wireless adapter driver integer overflow
updated since 20.01.2009
Published:31.01.2009
Source:
SecurityVulns ID:9605
Type:remote
Threat Level:
5/10
Description:Integer overflow on oversized SSID.
Affected:RALINKTECH : Ralink RT73
CVE:CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1712-1] New rt2400 packages fix arbitrary code execution (31.01.2009)
 documentDEBIAN, [SECURITY] [DSA 1713-1] New rt2500 packages fix arbitrary code execution (31.01.2009)
 documentDEBIAN, [SECURITY] [DSA 1714-1] New rt2570 packages fix arbitrary code execution (31.01.2009)
 documentspringsec_(at)_gmail.com, Ralinktech wireless cards drivers vulnerability (20.01.2009)

OpenSG / EasyHDR Pro / ksquirrel-libs buffer overflow
updated since 20.01.2009
Published:26.02.2009
Source:
SecurityVulns ID:9608
Type:library
Threat Level:
5/10
Description:Buffer overflow on Radiance RGBE (*.hdr) images parsing.
Affected:EASYHDR : EasyHDR Pro 1.60
 OPENSG : OpenSG 1.8
 KSQUIRREL : ksquirrel-libs 0.8
CVE:CVE-2008-5263 (Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file).)
Original documentdocumentSECUNIA, Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows (26.02.2009)
 documentSECUNIA, [Full-disclosure] Secunia Research: OpenSG Radiance RGBE Buffer Overflow Vulnerability (20.01.2009)
 documentSECUNIA, [Full-disclosure] Secunia Research: EasyHDR Pro Radiance RGBE Buffer Overflow (20.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod