 |
|
|
|
| Counter Strike game server DoS | | Published: |  | 26.11.2009 | | Source: |  | GRISHKOVTSOV | | SecurityVulns ID: |  | 10420 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Protocol is not protected against blind command injection, making it's possible to e.g. terminate any client's game by spoofing "quit" packet blindly. |
| Autodesk SoftImage code execution | | Published: | | 26.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10421 | | Type: | | local | | Level: | | 3/10 | | Description: | | It's possible to embed commands into .scntoc files. |
| Affected: |  | AUTODESK : SoftImage 7.5 | | CVE: |  | CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.) |
| dstat privilege escalation | | Published: | | 26.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10425 | | Type: | | remote | | Level: | | 4/10 | | Description: | | share libraries are searched in the working directory. |
| Affected: | | DSTAT : dstat 0.6 | | CVE: | | CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.) |
| Autodesk 3DS Max code execution | | Published: | | 26.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10422 | | Type: | | local | | Level: | | 2/10 | | Description: | | It's possible to embed code into .max files. |
| Autodesk Maya code execution | | Published: | | 26.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10423 | | Type: | | local | | Level: | | 2/10 | | Description: | | It's possible to embed scripts into application files. |
| Affected: | | AUTODESK : Maya 2010 | | | | AUTODESK : Maya 2009 | | | | AUTODESK : Maya 2008 | | CVE: | | CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes.") |
| TYPSoft FTP Server DoS | | Published: | | 26.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10424 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DELE command immediately after APPE command causes server to crash. |
| Wireshark multiple security vulnerabilities | | Published: | | 26.11.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10426 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple vulnerabilities on different protocols dissction. |
| Affected: | | WIRESHARK : Wireshark 1.2 | | CVE: | | CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability.") | | | | CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.) | | | | CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.) | | | | CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.) | | | | CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to inclu) | | | | CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.) | | | | CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.) | | | | CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.) |
|
|
|
|
|
|
|
|
