Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 22.10.2009
Published:23.10.2009
Source:
SecurityVulns ID:10339
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla 1.5
 VIVVO : Vivvo CMS 4.1
CVE:CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.)
 CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.)
 CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.)
 CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.)
 CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.)
 CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1914-1] New mapserver packages fix serveral vulnerabilities (23.10.2009)
 documentMustLive, Cross-Site Scripting vulnerability in Joomla (23.10.2009)
 documentJanek Vind, [waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1 (22.10.2009)

Linux kernel DoS
Published:23.10.2009
Source:
SecurityVulns ID:10343
Type:remote
Threat Level:
5/10
Description:Local net r8169 driver DoS.
CVE:CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities (23.10.2009)

Avast! Antivirus weak permissions
Published:23.10.2009
Source:
SecurityVulns ID:10344
Type:local
Threat Level:
5/10
Description:Weak permissions for installation folder.
Affected:AVAST : Avast antivirus 4.8
CVE:CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors.)
 CVE-2009-352
Original documentdocumentShineShadow, Avast! Multiple Vulnerabilities (23.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod