Computer Security
[EN] securityvulns.ru no-pyccku


Amaya browser multiplesecurity vulnerabilities
Published:25.11.2008
Source:
SecurityVulns ID:9461
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized href in <a> tag, buffer overflow on oversized id in <div> tag
Affected:W3C : Amaya 10.1
Original documentdocumentwrit3r_(at)_gmail.com, Amaya (URL Bar) Remote Stack Overflow Vulnerability (25.11.2008)
 documentwrit3r_(at)_gmail.com, Amaya (id) Remote Stack Overflow Vulnerability (25.11.2008)
Files:Exploits Amaya (URL Bar) Remote Stack Overflow Vulnerability
 Exploits Amaya (id) Remote Stack Overflow Vulnerability

FreeBSD arc4random cryptographic weakness
Published:25.11.2008
Source:
SecurityVulns ID:9463
Type:library
Threat Level:
6/10
Description:5 minutes after system start generated psudo-random sequences are weak.
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 6.3
 FREEBSD : FreeBSD 6.4
CVE:CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random (25.11.2008)

Siemens C450IP/C475IP SIP phones DoS
Published:25.11.2008
Source:
SecurityVulns ID:9464
Type:remote
Threat Level:
5/10
Description:Malformed SIP request causes device to reboot.
Affected:SIEMENS : Siemens C450IP
 SIEMENS : Siemens C475IP
Original documentdocumentMartin Kluge, Siemens C450IP/C475IP DoS (25.11.2008)

Google Chrome address bar spoofing
updated since 25.11.2008
Published:26.11.2008
Source:
SecurityVulns ID:9462
Type:remote
Threat Level:
5/10
Description:URIs with '@' are incorrectly displayed.
Affected:GOOGLE : Chrome 0.2
Original documentdocumentAditya K Sood, Updated: Google Chrome 0.4.154.25 URI Meta Character URL Obfuscation (26.11.2008)
 documentAditya K Sood, Google Chrome MetaCharacter URI Obfuscation Vulnerability (25.11.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.11.2008
Published:26.11.2008
Source:
SecurityVulns ID:9465
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CoBreeder: Crossite scripting.
Affected:WORDPRESS : WordPress 2.6
 MYBB : MyBB 1.4
 coBreeder 2005
Original documentdocumentMustLive, Cross-Site Scripting vulnerability in CoBreeder (26.11.2008)
 documentJeremias Reith, WordPress XSS vulnerability in RSS Feed Generator (26.11.2008)
 documentnbbn_(at)_gmx.net, MyBB 1.4.3 my_post_key Disclosure Vulnerability (26.11.2008)
 documentglafkos_(at)_astalavista.com, WebStudio CMS 'pageid' Blind SQL Injection (25.11.2008)

Total Video Player off-by-one overflow
updated since 25.11.2008
Published:28.01.2009
Source:
SecurityVulns ID:9460
Type:client
Threat Level:
5/10
Description:Off-by-one heap buffer overflow on .au files parsing.
Affected:EFFECTMATRIX : Total Video Player 1.10
 EFFECTMATRIX : Total Video Player 1.20
Original documentdocumentmaroc-anti-connexion_(at)_hotmail.com, Total video player 1.3.7 local buffer overflow universal exploit (28.01.2009)
 documentXubucrus Djug, Total Video Player (vcen.dll) Remote off by one Crash Exploit (25.11.2008)
Files:Exploits Total Video Player (vcen.dll) Remote Heap Overflow Crash
 Total Video Player local universal buffer overflow exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod