Computer Security
[EN] securityvulns.ru no-pyccku


JetAudio buffer overflow
Published:28.01.2009
Source:
SecurityVulns ID:9625
Type:client
Threat Level:
5/10
Description:Buffer overflow on .m3u files parsing.
Affected:JETAUDIO : JetAudio 7.0
Original documentdocumentalphanix00_(at)_gmail.com, JetAudio Basic 7.0.3 BufferOverFlow PoC (28.01.2009)
Files:JetAudio Basic 7.0.3 BufferOverFlow PoC

BEA (Oracle) WebLogic Server crossite scripting
Published:28.01.2009
Source:
SecurityVulns ID:9626
Type:remote
Threat Level:
5/10
Description:Crossite scripting in administration console.
Affected:ORACLE : WebLogic Server 10.0
Original documentdocumentACROS Security, ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (ASPR #2009-01-27-1) (28.01.2009)

Browser3D buffer overflow
Published:28.01.2009
Source:
SecurityVulns ID:9629
Type:local
Threat Level:
3/10
Description:Buffer overflow on .sfs file parsing.
Affected:BROWSER3D : Browser3D 3.5
Original documentdocumentmaroc-anti-connexion_(at)_hotmail.com, Browser3D 3.5 (.sfs File) Local Stack Overflow Exploit (c) (28.01.2009)
Files:Browser3D local BOF exploit
 Browse3d (.sfs file) Local Stack Overflow Exploit

Total Video Player off-by-one overflow
updated since 25.11.2008
Published:28.01.2009
Source:
SecurityVulns ID:9460
Type:client
Threat Level:
5/10
Description:Off-by-one heap buffer overflow on .au files parsing.
Affected:EFFECTMATRIX : Total Video Player 1.10
 EFFECTMATRIX : Total Video Player 1.20
Original documentdocumentmaroc-anti-connexion_(at)_hotmail.com, Total video player 1.3.7 local buffer overflow universal exploit (28.01.2009)
 documentXubucrus Djug, Total Video Player (vcen.dll) Remote off by one Crash Exploit (25.11.2008)
Files:Exploits Total Video Player (vcen.dll) Remote Heap Overflow Crash
 Total Video Player local universal buffer overflow exploit

Apache Tomcat multiple security vulnerabilities
updated since 01.08.2008
Published:28.01.2009
Source:
SecurityVulns ID:9193
Type:remote
Threat Level:
6/10
Description:Crossite scripting, information leak.
Affected:APACHE : Tomcat 4.1
 APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 CA : Cohesion Application Configuration Manager 4.5
CVE:CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.)
 CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.)
 CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.)
Original documentdocumentCA, CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) (28.01.2009)
 documentWilliam A. Rowe, Jr., Java Runtime UTF-8 Decoder Smuggling Vector (11.01.2009)
 documentAPACHE, [SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Update 2 (19.12.2008)
 documentAPACHE, [SECURITY] CVE-2008-2938 - Apache Tomcat information disclosure vulnerability - Updated (10.09.2008)
 documentemericboit_(at)_yahoo.fr, Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability (12.08.2008)
 documentAPACHE, [CVE-2008-1232] Apache Tomcat XSS vulnerability (01.08.2008)
 documentAPACHE, [CVE-2008-2370] Apache Tomcat information disclosure vulnerability (01.08.2008)

CUPS symbolic links vulnerability
Published:28.01.2009
Source:
SecurityVulns ID:9623
Type:local
Threat Level:
6/10
Description:Insecure /tmp/pdf.log file creation.
Affected:CUPS : cups 1.3
CVE:CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:027 ] cups (28.01.2009)

CA Antivirus protection bypass
Published:28.01.2009
Source:
SecurityVulns ID:9624
Type:remote
Threat Level:
3/10
Description:Invalid archives handling.
Affected:CA : eTrust Intrusion Detection 3.0
 CA : CA Internet Security Suite 2007
 CA : CA Anti-Spyware 8
 CA : CA Internet Security Suite 2008
 CA : CA Anti-Virus 7.1
 CA : CA Anti-Virus 8
 CA : CA Anti-Virus 8.1
 CA : CA Anti-Virus 2007
 CA : CA Anti-Virus 2008
 CA : eTrust EZ Antivirus 7
 CA : eTrust EZ Antivirus 6.1
 CA : CA Threat Manager for the Enterprise 8
 CA : CA Threat Manager for the Enterprise 8.1
 CA : CA Anti-Virus Gateway 7.1
 CA : CA Protection Suite 3.1
 CA : CA Anti-Spyware 8.1
 CA : CA Anti-Spyware 2007
 CA : CA Anti-Spyware 2008
 CA : CA Network and Systems Management 3.0
 CA : CA Network and Systems Management 3.1
 CA : CA Network and Systems Management 11
 CA : CA Network and Systems Management 11.1
 CA : CA ARCserve Backup 11.1
 CA : CA ARCserve Backup 11.5
 CA : CA ARCserve Backup 12
 CA : eTrust Intrusion Detection 2.0
 CA : eTrust Intrusion Detection 4.0
CVE:CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.)
Original documentdocumentCA, CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities (28.01.2009)

Linux syscall filtering bypass
Published:28.01.2009
Source:
SecurityVulns ID:9628
Type:local
Threat Level:
5/10
Description:32 bit application can use 64 bit syscall and vice versa to bypass syscall filtering, because syscall numbers are different.
Original documentdocumentChris Evans, CESA-2009-001 - rev 1 Linux syscall interception technologies partial bypass (28.01.2009)
 documentChris Evans, Problems with syscall filtering technologies on Linux (28.01.2009)

SonyEricsson mobile phones WAP DoS
Published:28.01.2009
Source:
SecurityVulns ID:9630
Type:remote
Threat Level:
5/10
Description:Crash on SMS or UDP/2948 WAP PUSH message handling.
Affected:SONYERICSSON : SonyEricsson W910i
 SONYERICSSON : SonyEricsson W660i
 SONYERICSSON : SonyEricsson K618i
 SONYERICSSON : SonyEricsson K610i
 SONYERICSSON : SonyEricsson Z610i
 SONYERICSSON : SonyEricsson K810i
 SONYERICSSON : SonyEricsson K660i
 SONYERICSSON : SonyEricsson W880i
 SONYERICSSON : SonyEricsson K530i
Original documentdocumentMobile Security Lab, SonyEricsson WAP Push Denial of Service (28.01.2009)

ganglia cluster monitoring tool buffer overflow
Published:28.01.2009
Source:
SecurityVulns ID:9627
Type:remote
Threat Level:
5/10
Description:gmetad buffer overflow.
Affected:GANGLIA : Ganglia 3.1
CVE:CVE-2009-0241 (Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1710-1] New ganglia-monitor-core packages fix remote code execution (28.01.2009)

VUPlayer buffer overflow
updated since 22.01.2009
Published:28.01.2009
Source:
SecurityVulns ID:9618
Type:local
Threat Level:
4/10
Description:Buffer overflow on .ASX / .VAX files parsing.
Affected:VUPLAYER : VUPlayer 2.49
Original documentdocumentstorms0uth_(at)_hotmail.com, VUplayer (.wax file) local buffer overflow crash exploit (28.01.2009)
 documentmaroc-anti-connexion_(at)_hotmail.com, VUPlayer 2.49 .ASX local universal BOF exploit (22.01.2009)
Files:VUPlayer 2.49 .ASX local universal BOF exploit
 VUplayer (.wax file) local buffer overflow crash exploit

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.01.2009
Published:01.02.2009
Source:
SecurityVulns ID:9622
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-Upload Manager 1.0: SQL injection, crossite scripting.
Affected:TYPO3 : TYPO3 4.0
 OPENX : OpenX 2.6
 WORDPRESS : WP-Upload Manager 1.0
 MZBSERVICES : Max.Blog 1.0
 WBNEWS : WB News 2.0
 CONPRESSO : ConPresso CMS 4.07
CVE:CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.)
 CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.)
 CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.)
 CVE-2009-0256 (Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.)
 CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.)
 CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.)
Original documentdocumentSalvatore "drosophila" Fresta, Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass (01.02.2009)
 documentDEBIAN, [SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution (28.01.2009)
 documentMartin Suess, SAP NetWeaver XSS Vulnerability (28.01.2009)
 documentoffice_(at)_hackattack.at, [HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS (28.01.2009)
 documentarash.setayeshi_(at)_gmail.com, Lootan(kedor) Sql Injection vulnerability (28.01.2009)
 documentarash.setayeshi_(at)_gmail.com, LDF Sql injection vulnerability (28.01.2009)
 documentHACKERS PAL, WB News v2.0.X Remote File include .. (28.01.2009)
 documentadmin_(at)_bugreport.ir, NewsCMSlite Insecure Cookie Handling (28.01.2009)
 documentSECUNIA, Secunia Research: OpenX Multiple Vulnerabilities (28.01.2009)
 documentadmin_(at)_elites0ft.com, OpenX 2.6.3 - Local File Inclusion (28.01.2009)
 documentSalvatore "drosophila" Fresta, Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability (28.01.2009)
 documentSalvatore "drosophila" Fresta, Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability (28.01.2009)
 documentMustLive, Vulnerabilities in WP-Upload Manager for WordPress (28.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod