Computer Security

Search:Vulnerability:22.12.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.12.2008
Source:
SecurityVulns ID:9532
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger: crossite scripting, DoS
Affected:POWERPHLOGGER : Power Phlogger 2.2
Original documentdocumentMustLive, New vulnerabilities in Power Phlogger (22.12.2008)
Discuss:Read or add your comments to this news (0 comments)

Fujitsu-Siemens WebTransactions shell characters vulnerability
Published:22.12.2008
Source:BUGTRAQ
SecurityVulns ID:9533
Type:remote
Level:5/10
Description:Unfiltered user input in system()call.
Affected:FUJITSU : WebTransactions 7.1
Original documentdocumentDaniel Fabian, SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactions remote command injection vulnerability (22.12.2008)
Discuss:Read or add your comments to this news (0 comments)

PHP APC local attacks
Published:22.12.2008
Source:BUGTRAQ
SecurityVulns ID:9534
Type:local
Level:4/10
Description:Different local attacks allow DoS conditions and crossite scripting.
Affected:PHPAPC : PHP APC 3.1
 PHPAPC : PHP APC 3.0
Original documentdocumentMoritz Naumann, PHP APC vulnerable to local attacks (22.12.2008)
Discuss:Read or add your comments to this news (0 comments)

PowerDNS multiple security DNS
Published:22.12.2008
Source:BUGTRAQ
SecurityVulns ID:9535
Type:remote
Level:5/10
Description:DoS, non-standard reaction to invalid query increases chances for successful spoofing attack.
Affected:POWERDNS : PowerDNS 2.9
CVE:CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.)
 CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.)
Original documentdocumentGENTOO, [ GLSA 200812-19 ] PowerDNS: Multiple vulnerabilities (22.12.2008)
Discuss:Read or add your comments to this news (0 comments)

PHP 4 multiple function buffer overflows
Published:22.12.2008
Source:FULL-DISCLOSURE
SecurityVulns ID:9537
Type:library
Level:6/10
Description:Buffer overflows in mb_* functions.
Affected:PHP : PHP 4.3
CVE:CVE-2008-5557 (Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.)
Original documentdocumentMoriyoshi Koizumi, [Full-disclosure] CVE-2008-5557 - PHP mbstring buffer overflow vulnerability (22.12.2008)
Discuss:Read or add your comments to this news (0 comments)

Trend Micro HouseCall ActiveX memory corruption
updated since 22.12.2008
Published:23.12.2008
Source:FULL-DISCLOSURE
SecurityVulns ID:9536
Type:client
Level:5/10
Description:Use-after-free() vulnerability.
Affected:TM : HouseCall 6.51
 TM : HouseCall 6.6
Original documentdocumentSECUNIA, Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution (23.12.2008)
 documentSECUNIA, [Full-disclosure] Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability (22.12.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server