Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 25.06.2009
Published:26.06.2009
Source:
SecurityVulns ID:10012
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SMARTY : Smarty 2.6
 PHPMYADMIN : phpMyAdmin 2.11
 ALUMNISERVER : AlumniServer 1.0
 PHPMYADMIN : phpMyAdmin 3.1
CVE:CVE-2009-1669 (The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.)
 CVE-2009-1669 (The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.)
 CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.)
 CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1824-1] New phpmyadmin packages fix several vulnerabilities (26.06.2009)
 documenty3nh4ck3r_(at)_gmail.com, SQL INJECTION VULNERABILITY --AlumniServer v-1.0.1--> (26.06.2009)
 documenty3nh4ck3r_(at)_gmail.com, (POST var 'resetpwemail') BLIND SQL INJECTION EXPLOIT --AlumniServer v-1.0.1--> (25.06.2009)
 documentUBUNTU, [USN-791-3] Smarty vulnerability (25.06.2009)
Files:AlumniServer v-1.0.1 Blind SQLi Exploit

Unisys Business Information Server buffer overflow
Published:26.06.2009
Source:
SecurityVulns ID:10015
Type:remote
Threat Level:
5/10
Description:Stack-based buffer overflow on network request processing.
Affected:UNISYS : Unisys Business Information Server 10.0
CVE:CVE-2009-1628 (Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.25.09: Unisys Business Information Server Stack Buffer Overflow (26.06.2009)

Samba security vulnerabilities
Published:26.06.2009
Source:
SecurityVulns ID:10016
Type:local
Threat Level:
5/10
Description:smbclient format string vulnerability, ability to change file permissions if file is already open.
Affected:SAMBA : Samba 3.2
CVE:CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.)
 CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1823-1] New samba packages fix several vulnerabilities (26.06.2009)

Motorola Timbuktu Pro remote control software buffer overflow
Published:26.06.2009
Source:
SecurityVulns ID:10017
Type:remote
Threat Level:
5/10
Description:Buffer overflow via PlughNTCommand named pipe.
Affected:MOTOROLA : Timbuktu Pro 8.6
CVE:CVE-2009-1394 (Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.25.09: Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow Vulnerability (26.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod