Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD protosw privilege escalation
Published:26.12.2008
Source:
SecurityVulns ID:9543
Type:local
Threat Level:
7/10
Description:Uninitialized bluetooth and netgraph sockets.
Affected:FREEBSD : FreeBSD 6.3
 FREEBSD : FreeBSD 7.1
 FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD7.0
Original documentdocumentdon bailey, FreeBSD 7/6x protosw kernel exploit (26.12.2008)
 documentFREEBSD, FreeBSD netgraph / bluetooth privilege escalation (26.12.2008)
Files:Exploit for the FreeBSD protosw vulnerability

Microsoft Windows Media Player integer overflow
Published:26.12.2008
Source:
SecurityVulns ID:9544
Type:client
Threat Level:
9/10
Description:Integer overflow on WAV parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
Original documentdocumentlaurent gaffie, MS Windows Media Player * (.WAV) Remote Integrer Overflow (26.12.2008)

Mozilla Firefox, Microsoft Internet Explorer, Opera and Google Chrome DoS
Published:26.12.2008
Source:
SecurityVulns ID:9545
Type:client
Threat Level:
4/10
Description:Printing <irame> in endless loop from javascript causes resources exhaustion and leads to browser hang.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MOZILLA : Firefox 3.0
 OPERA : Opera 9.52
 GOOGLE : Chrome 1.0
Original documentdocumentMustLive, DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome (26.12.2008)
Files:Firefox, Internet Explorer, Opera & Google Chrome DoS Exploit

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.12.2008
Source:
SecurityVulns ID:9546
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : Personal Sticky Threads 1.0
 NAGIOS : nagios 2.11
CVE:CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.)
 CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.)
Original documentdocumentxl4nothing_(at)_gmail.com, Personal Sticky Threads v1.0.3c vbulletin Add-on problem (26.12.2008)
 documentlovebug_(at)_hotmail.it, joomla com_lowcosthotels sql injection (26.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, PHP-Fusion Mod TI - Blog System Sql Injection (26.12.2008)
Files:Exploits joomla com_lowcosthotels sql injection

Citrix Broadcast Server SQL injection
Published:26.12.2008
Source:
SecurityVulns ID:9547
Type:remote
Threat Level:
6/10
Description:login.asp SQL injection.
Affected:CITRIX : Citrix Broadcast Server 6.0
Original documentdocumentvulnerabilityresearch_(at)_ddifrontline.com, DDIVRT-2008-16 Citrix Broadcast Server 6.0 login.asp SQL Injection --- Update for BID 32832 (26.12.2008)

PSI jabber client integer overflow
Published:26.12.2008
Source:
SecurityVulns ID:9548
Type:remote
Threat Level:
5/10
Description:Integer overflow on file transfer port (TCP/8010 by default) data parsing.
Affected:PSI : PSI 0.12
Original documentdocumentISecAuditors Security Advisories, [ISecAuditors Security Advisories] PSI remote integer overflow DoS (26.12.2008)
Files:PSI remote integer overflow DoS

PGP Desktop DoS
Published:26.12.2008
Source:
SecurityVulns ID:9549
Type:local
Threat Level:
5/10
Description:PGPweded.sys driver crashes the system on IOCTL processing.
Affected:PGP : PGP Desktop 9.0
Original documentdocumentcontact.fingers_(at)_gmail.com, PGP Desktop 9.0.6 Denial Of Service - ZeroDay (26.12.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod