Computer Security
[EN] securityvulns.ru no-pyccku


CamlImages library integer overflows
updated since 03.07.2009
Published:26.10.2009
Source:
SecurityVulns ID:10036
Type:library
Threat Level:
6/10
Description:Multiple overflows on PNG, TIFF, GIF, JPEG processing.
Affected:CAMLIMAGES : CamlImages 2.2
 ADVI : advi 1.6
CVE:CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.)
 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.)
 CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution (26.10.2009)
 documentAndrea Barisani, [oCERT-2009-009] CamlImages integer overflows (03.07.2009)

Jetty multiple security vulnerabilities
Published:26.10.2009
Source:
SecurityVulns ID:10345
Type:remote
Threat Level:
6/10
Description:Crossite scripting, information leak.
Affected:JETTY : Jetty 7.0
Original documentdocumentascii, Jetty 6.x and 7.x Multiple Vulnerabilities (26.10.2009)

squidGuard buffer overflows
Published:26.10.2009
Source:
SecurityVulns ID:10346
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows.
Affected:SQUIDGUARD : squidGuard 1.4
 SQUIDGUARD : squidGuard 1.3
CVE:CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode.")
Original documentdocumentmajinboo, squidGuard 1.3 & 1.4 : buffer overflow (26.10.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.10.2009
Source:
SecurityVulns ID:10347
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MICROSOFT : Sharepoint 2007
 RUNCMS : RunCms 2M1
Original documentdocumentrgod, RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit (26.10.2009)
 documentDaniel Martin, SharePoint 2007 ASP.NET Source Code Disclosure (26.10.2009)
Files:RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit

Pegasus Mail buffer overflow
Published:26.10.2009
Source:
SecurityVulns ID:10350
Type:client
Threat Level:
5/10
Description:Buffer overflow on POP3 server response parsing.
Affected:PMAIL : Pegasus Mail 4.51
Original documentdocumentProtek Research Lab, {PRL} Pegasus Mail client BoF (26.10.2009)

Novell eDirectory buffer overflow
updated since 26.10.2009
Published:18.11.2009
Source:
SecurityVulns ID:10348
Type:remote
Threat Level:
6/10
Description:Buffer overflow in /dhost/modules?L:
Affected:NOVELL : eDirectory 8.8
Original documentdocumentkarakorsankara_(at)_hotmail.com, Hellcode Research: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability (18.11.2009)
 documentadvisory_(at)_hackattack.com, Novell eDirectory 8.8 SP5 Denial of Service (13.11.2009)
 documentkarakorsankara_(at)_hotmail.com, Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability (26.10.2009)

Eureka Mail buffer overflow
updated since 26.10.2009
Published:01.12.2009
Source:
SecurityVulns ID:10349
Type:client
Threat Level:
5/10
Description:Buffer overflow on POP3 / SMTP server response parsing.
Affected:EUREKAEMAIL : Eureka Email 2.2
Original documentdocumentk4mr4n_St_(at)_yahoo.com, Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition (01.12.2009)
 documentProtek Research Lab, {PRL} Eureka Mail client BoF (26.10.2009)
Files:Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod