Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.12.2008
Source:
SecurityVulns ID:9532
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting, DoS
Affected:POWERPHLOGGER : Power Phlogger 2.2
Original documentdocumentMustLive, New vulnerabilities in Power Phlogger (22.12.2008)

Fujitsu-Siemens WebTransactions shell characters vulnerability
Published:22.12.2008
Source:
SecurityVulns ID:9533
Type:remote
Threat Level:
5/10
Description:Unfiltered user input in system()call.
Affected:FUJITSU : WebTransactions 7.1
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactions remote command injection vulnerability (22.12.2008)

PHP APC local attacks
Published:22.12.2008
Source:
SecurityVulns ID:9534
Type:local
Threat Level:
4/10
Description:Different local attacks allow DoS conditions and crossite scripting.
Affected:PHPAPC : PHP APC 3.1
 PHPAPC : PHP APC 3.0
Original documentdocumentMoritz Naumann, PHP APC vulnerable to local attacks (22.12.2008)

PowerDNS multiple security DNS
Published:22.12.2008
Source:
SecurityVulns ID:9535
Type:remote
Threat Level:
5/10
Description:DoS, non-standard reaction to invalid query increases chances for successful spoofing attack.
Affected:POWERDNS : PowerDNS 2.9
CVE:CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.)
 CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.)
Original documentdocumentGENTOO, [ GLSA 200812-19 ] PowerDNS: Multiple vulnerabilities (22.12.2008)

PHP 4 multiple function buffer overflows
Published:22.12.2008
Source:
SecurityVulns ID:9537
Type:library
Threat Level:
6/10
Description:Buffer overflows in mb_* functions.
Affected:PHP : PHP 4.3
CVE:CVE-2008-5557 (Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.)
Original documentdocumentMoriyoshi Koizumi, [Full-disclosure] CVE-2008-5557 - PHP mbstring buffer overflow vulnerability (22.12.2008)

Trend Micro HouseCall ActiveX memory corruption
updated since 22.12.2008
Published:23.12.2008
Source:
SecurityVulns ID:9536
Type:client
Threat Level:
5/10
Description:Use-after-free() vulnerability.
Affected:TM : HouseCall 6.51
 TM : HouseCall 6.6
Original documentdocumentSECUNIA, Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution (23.12.2008)
 documentSECUNIA, [Full-disclosure] Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability (22.12.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod