 |
|
|
|
| scilab symbolic links vulnerability | | Published: |  | 22.01.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9613 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Symbolic links vulnerability on temporary files creation. |
| Affected: |  | SCILAB : scilab 4.1 | | CVE: |  | CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.) |
| Cisco Security Manager unauthorized access | | Published: | | 22.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9615 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Unauthorized MySQL database access is possible if used with Cisco IPS Event Viewer. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 22.01.2009 | | Source: | | | | SecurityVulns ID: | | 9617 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| Axis 70U Network Document Server multiple security vulnerabilities | | Published: | | 22.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9614 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Privilege escalation, unauthorized files acccess, crossite scripting. |
| Cisco Unified Communications Manager DoS | | Published: | | 22.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9616 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Certificate Authority Proxy Function service DoS (TCP/3804). |
Apple QuickTime multiple security vulnerabilities
updated since 22.01.2009 | | Published: | | 23.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9612 | | Type: | | client | | Level: | | 7/10 | | Description: | | Memory corruptions on Cinepak, VR Track, STSD, AVI parsing. |
| CVE: | | CVE-2009-2006 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable via a separate CSRF vulnerability.) | | | | CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.) | | | | CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.) | | | | CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.) |
VUPlayer buffer overflow
updated since 22.01.2009 | | Published: | | 28.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9618 | | Type: | | local | | Level: | | 4/10 | | Description: | | Buffer overflow on .ASX / .VAX files parsing. |
|
|
|
|
|
|
|
|
