Search:Vulnerability:25.11.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Amaya browser multiplesecurity vulnerabilities
Published: 25.11.2008
Source: BUGTRAQ
SecurityVulns ID: 9461
Type: remote
Level: 5/10
Description: Buffer overflow on oversized href in <a> tag, buffer overflow on oversized id in <div> tag

Affected: W3C : Amaya 10.1

Original document writ3r_(at)_gmail.com, Amaya (URL Bar) Remote Stack Overflow Vulnerability (25.11.2008)

writ3r_(at)_gmail.com, Amaya (id) Remote Stack Overflow Vulnerability (25.11.2008)

Files: Exploits Amaya (URL Bar) Remote Stack Overflow Vulnerability
Exploits Amaya (id) Remote Stack Overflow Vulnerability
Discuss: Read or add your comments to this news (0 comments)

FreeBSD arc4random cryptographic weakness
Published: 25.11.2008
Source: BUGTRAQ
SecurityVulns ID: 9463
Type: library
Level: 6/10
Description: 5 minutes after system start generated psudo-random sequences are weak.

Affected: FREEBSD : FreeBSD 7.0
FREEBSD : FreeBSD 6.3
FREEBSD : FreeBSD 6.4
CVE: CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.)

Original document FREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:11.arc4random (25.11.2008)

Discuss: Read or add your comments to this news (0 comments)

Siemens C450IP/C475IP SIP phones DoS
Published: 25.11.2008
Source: BUGTRAQ
SecurityVulns ID: 9464
Type: remote
Level: 5/10
Description: Malformed SIP request causes device to reboot.

Affected: SIEMENS : Siemens C450IP
SIEMENS : Siemens C475IP

Original document Martin Kluge, Siemens C450IP/C475IP DoS (25.11.2008)

Discuss: Read or add your comments to this news (0 comments)

Google Chrome address bar spoofing
updated since 25.11.2008
Published: 26.11.2008
Source: BUGTRAQ
SecurityVulns ID: 9462
Type: remote
Level: 5/10
Description: URIs with '@' are incorrectly displayed.

Affected: GOOGLE : Chrome 0.2

Original document Aditya K Sood, Updated: Google Chrome 0.4.154.25 URI Meta Character URL Obfuscation (26.11.2008)

Aditya K Sood, Google Chrome MetaCharacter URI Obfuscation Vulnerability (25.11.2008)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.11.2008
Published: 26.11.2008
Source:
SecurityVulns ID: 9465
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CoBreeder: Crossite scripting.

Affected: WORDPRESS : WordPress 2.6
MYBB : MyBB 1.4
coBreeder 2005

Original document MustLive, Cross-Site Scripting vulnerability in CoBreeder (26.11.2008)

Jeremias Reith, WordPress XSS vulnerability in RSS Feed Generator (26.11.2008)

nbbn_(at)_gmx.net, MyBB 1.4.3 my_post_key Disclosure Vulnerability (26.11.2008)

glafkos_(at)_astalavista.com, WebStudio CMS 'pageid' Blind SQL Injection (25.11.2008)

Discuss: Read or add your comments to this news (0 comments)

Total Video Player off-by-one overflow
updated since 25.11.2008
Published: 28.01.2009
Source: CN4PHUX
SecurityVulns ID: 9460
Type: client
Level: 5/10
Description: Off-by-one heap buffer overflow on .au files parsing.

Affected: EFFECTMATRIX : Total Video Player 1.10
EFFECTMATRIX : Total Video Player 1.20

Original document maroc-anti-connexion_(at)_hotmail.com, Total video player 1.3.7 local buffer overflow universal exploit (28.01.2009)

Xubucrus Djug, Total Video Player (vcen.dll) Remote off by one Crash Exploit (25.11.2008)

Files: Exploits Total Video Player (vcen.dll) Remote Heap Overflow Crash
Total Video Player local universal buffer overflow exploit
Discuss: Read or add your comments to this news (0 comments)

test server