 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 25.05.2009 | | Source: |  | | | SecurityVulns ID: |  | 9927 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
myPHPNuke: SQL injection, crossite scripting.
PostNuke: SQL injection. |
| Android UID protection bypass | | Published: | | 25.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9931 | | Type: | | local | | Level: | | 4/10 | | Description: | | Improper package UID validation allows application to access another application's data. |
| Affected: |  | ANDROID : Android 1.5 | | CVE: |  | CVE-2009-1754 (The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.) |
| Sun Solaris sadmind multiple security vulnerabilities | | Published: | | 25.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9933 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Integer overflow, buffer overflow. |
| Affected: | | ORACLE : Solaris 8 | | | | ORACLE : Solaris 9 | | CVE: | | CVE-2008-3870 (Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.) | | | | CVE-2008-3869 (Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.) |
| lcms multiple security vulnerabilities | | Published: | | 25.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9928 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple buffer overflows and DoS conditions. |
| CVE: | | CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles.") | | | | CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.) | | | | CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.) | | | | CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.) |
| Novell GroupWise buffer overflow | | Published: | | 25.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9929 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Novell GroupWise Internet Agent SMTP e-mail address buffer overflow. |
| Serena Dimensions CM cryptographic vulnerability | | Published: | | 25.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9930 | | Type: | | m-i-t-m | | Level: | | 5/10 | | Description: | | Server certificate is not validated by client. |
| ChinaGames ActiveX buffer overflow | | Published: | | 25.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9932 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow in CGAgent.dll CreateChinagames() method. |
| FreeType integer overflows | | Published: | | 25.05.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9934 | | Type: | | library | | Level: | | 5/10 | | Description: | | Multiple integer overflows. |
| Affected: | | FREETYPE : FreeType 2.3 | | CVE: | | CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.) |
|
|
|
|
|
|
|
|
