Computer Security
[EN] securityvulns.ru no-pyccku


Media Player Classic buffer overflow
Published:28.07.2010
Source:
SecurityVulns ID:11018
Type:local
Threat Level:
4/10
Description:Heap buffer overflow on .m3u playlist parsing.
Affected:MEDIAPLAYERCLASS : Media Player Classic 1.3
Original documentdocumentpraveen_recker_(at)_sify.com, Heap Overflow/DoS Vulnerability in Media Player Classic (28.07.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 23.07.2010
Published:28.07.2010
Source:
SecurityVulns ID:11011
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:COWIKI : coWiki 0.3
 JOOMLA : Joomla 1.5
 VBULLETIN : vBulletin 3.8
 CETERA : Cetera eCommerce 14.0
 YACK : YACK CMS 10.5
 SPITFIRE : Spitfire 1.0
 NOVELL : Teaming 2.1
 TOUGHTOMATO : TTVideo 1.0
 PHPKIT : PHPKIT WCMS 1.6
 THEETA : Theeta CMS 0.0
 SYNDEOCMS : SyndeoCMS 2.9
 MCCONTENTMANAGER : MC Content Manager 10.1
 WHITEBOARD : WhiteBoard 0.1
 JOOMLA : PhotoMap Gallery 1.6
 JOOMLA : Appointinator 1.0
CVE:CVE-2010-2773
Original documentdocumentSalvatore "drosophila" Fresta, PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection (28.07.2010)
 documentMustLive, New vulnerabilities in Cetera eCommerce (28.07.2010)
 documentSalvatore "drosophila" Fresta, WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities (28.07.2010)
 documentMustLive, Multiple vulnerabilities in MC Content Manager (28.07.2010)
 documenteidelweiss randy, DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit (28.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in SyndeoCMS (28.07.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in Theeta CMS (28.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in SyndeoCMS (28.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Theeta CMS (28.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in SyndeoCMS (28.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Theeta CMS (28.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Theeta CMS (28.07.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting Issues (28.07.2010)
 documentSalvatore "drosophila" Fresta, TTVideo 1.0 Joomla Component SQL Injection Vulnerability (28.07.2010)
 documentZDI, ZDI-10-136: Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability (23.07.2010)
 documentAndrea Barisani, [oCERT-2010-002] Joomla input sanitization errors (XSS) (23.07.2010)
 documentMustLive, SQL Injection vulnerability in coWiki (23.07.2010)
 documentadvisories_(at)_intern0t.net, XSS vulnerability in Spitfire search (23.07.2010)
 documentadvisories_(at)_intern0t.net, XSS vulnerability in Spitfire (23.07.2010)
 documentadvisories_(at)_intern0t.net, XSS vulnerability in Spitfire (23.07.2010)
 documentadvisories_(at)_intern0t.net, XSS vulnerability in Spitfire (23.07.2010)
 documentadvisories_(at)_intern0t.net, XSS vulnerability in Spitfire (23.07.2010)
 documentadvisories_(at)_intern0t.net, vBulletin - Critical Information Disclosure (23.07.2010)
 documenteidelweiss randy, YACK CMS 10.5.27 Remote File Inclusion Vulnerability (23.07.2010)
Files:DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit

Nessus Web Server security vulnerabilities
Published:28.07.2010
Source:
SecurityVulns ID:11019
Type:remote
Threat Level:
5/10
Description:nessusd_www_server.nbin plugin information disclosure and crossite scripting.
Affected:NESSUS : Nessus Web Server 1.2
Original documentdocumentNESSUS, [Security] nessusd_www_server.nbin cross site scripting and version disclosure (28.07.2010)

PgnuPG use-after-free vulnerability
Published:28.07.2010
Source:
SecurityVulns ID:11017
Type:library
Threat Level:
7/10
Description:Use-after free vulnerability on certificate parsing.
Affected:GNU : GnuPG 2.0
CVE:CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2076-1] New gnupg2 packages fix potential code execution (28.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod