Computer Security
[EN] securityvulns.ru no-pyccku


libcurl / cURL DoS
Published:23.03.2010
Source:
SecurityVulns ID:10709
Type:remote
Threat Level:
5/10
Description:Resources exhaustion on gzip decompression.
Affected:CURL : cURL 7.19
 CURL : libcurl 7.19
CVE:CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.)
Original documentdocumentMANDRIVA, [email protected] (23.03.2010)

IBM Lotus Domino response splitting
updated since 21.03.2010
Published:23.03.2010
Source:
SecurityVulns ID:10705
Type:remote
Threat Level:
5/10
Description:Response splitting via POST request to /names.nsf, crossite scripting.
Original documentdocumentYaniv Miron, IBM Lotus 6.x names.nsf Cross Site Scripting Vulnerability (23.03.2010)
 documentYaniv Miron, IBM Lotus 6.x HTTP Response Splitting Vulnerability (21.03.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:23.03.2010
Source:
SecurityVulns ID:10706
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:IKIWIKI : ikiwiki 2.53
 TOOFAST : TooFAST 1.5
 RIBAFS : Mini CMS RibaFS 1.0
 FWBOFF : Fw-BofF 1.5
 INSKYCMS : Insky CMS 006-0111
 4XCMS : 4x cms 26
 NOTSUPOREEDIT : NotSopureEdit 1.4
 WEBMAIDCMS : WebMaid CMS 0.2
 JOOMLA : com extplorer 2.0 Joomla component
Original documentdocumentMustLive, Vulnerabilities in ArcManager (23.03.2010)
 documenteidelweiss randy, Joomla component com_extplorer_2.0.1_pt-BR <= Multiple Vulnerability exploits (23.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2020-1] New ikiwiki packages fix cross-site scripting (23.03.2010)
 documentYaniv Miron, Aris AGX agXchange ESM Open Redirection Vulnerability (23.03.2010)
 documentMustLive, Vulnerabilities in TAK cms (23.03.2010)
 documentInj3ct0r.com, WebMaid CMS <= 0.2-6 Beta Multiple Remote File Include Vulnerability (23.03.2010)
 documentInj3ct0r.com, NotSopureEdit <= 1.4.1 Remote File Include Vulnerability (23.03.2010)
 documentInj3ct0r.com, 4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability (23.03.2010)
 documentInj3ct0r.com, Insky CMS v006-0111 Multiple Remote File Include Vulnerability (23.03.2010)
 documentInj3ct0r.com, Fw-BofF (oolime-resurrection) 1.5.3beta Multiple Remote Include Vulnerability (23.03.2010)
 documentInj3ct0r.com, Mini CMS RibaFS 1.0 (Auth Bypass) SQL Injection Vulnerability (23.03.2010)
 documentInj3ct0r.com, CMS Openpage (index.php) SQL Injection Vulnerability (23.03.2010)
 documentInj3ct0r.com, Zephyrus CMS (index.php) SQL Injection Vulnerability (23.03.2010)
 documentMustLive, Vulnerabilities in TooFAST (23.03.2010)

Pango library array index overflow
Published:23.03.2010
Source:
SecurityVulns ID:10708
Type:library
Threat Level:
5/10
Description:Array index overflow on font file parsing.
Affected:PANGO : Pango 1.27
CVE:CVE-2010-0421 (Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service (23.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod