Computer Security
[EN] no-pyccku

DXMSoft XM Easy Personal FTP Server DoS
updated since 11.11.2009
SecurityVulns ID:10399
Threat Level:
Description:Crash if LIST command is received before PASV or POST.
Affected:DXMSOFT : XM Easy Personal FTP Server 5.8
Original documentdocumentleinakesi_(at), XM Easy Personal FTP Server Remote DoS Vulnerability (25.11.2009)
 documentzhangmc_(at), XM Easy Personal FTP Server 'APPE' and 'DELE' Command Remote Denial of Service Vulnerability (14.11.2009)
 documentzhangmc_(at), XM Easy Personal FTP Server 'LIST' Command Remote DoS Vulnerability (11.11.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:10418
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:E107 : e107 0.7
 INVISION : Invision Power Board 2.3
 OPENX : OpenX 2.8
 GFORGE : gforge 4.8
 PHPMAIL : php-mail 1.1
CVE:CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1938-1] New php-mail packages fix insufficient input sanitising (25.11.2009)
 documentDEBIAN, [SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting (25.11.2009)
 documentSecurity Vulnerability Research Team, [Bkis-13-2009] e107 Multiple Vulnerabilities (25.11.2009)
 documentMustLive, Vulnerabilities in plugins for WordPress (25.11.2009)
 documentMoritz Naumann, Executing arbitrary PHP code on OpenX <= 2.8.1 (25.11.2009)
 documentMustLive, Vulnerabilities in Abton (25.11.2009)
 documentMustLive, New vulnerabilities in Invision Power Board (25.11.2009)

libvorbis library multiple security vulnerabilities
SecurityVulns ID:10419
Threat Level:
Description:Multiple vulnerabilities on ogg files parsing.
CVE:CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.)
Original documentdocumentUBUNTU, [USN-861-1] libvorbis vulnerabilities (25.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod