Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.06.2009
Source:
SecurityVulns ID:10022
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS SiteLogic: SQL injection, crossite scripting, information leak.
Affected:AJAXPORTAL : AjaxPortal 3.0
 PHPADDRESSBOOK : PHP-AddressBook 4.0
 MEGAFILEMANAGER : Mega File Manager 1.0
 OSTICKET : osTicket 1.6
Original documentdocumentAdam Baldwin, osTicket v1.6 RC4 Admin Login Blind SQLi (29.06.2009)
 documentCru3l.b0y, AjaxPortal v3.0 Remote File Inclusion Vulnerability (29.06.2009)
 documentceza_fuat_kolik_(at)_hotmail.com, Mega File Manager Remote File Vuln (29.06.2009)
 documenty3nh4ck3r_(at)_gmail.com, MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--> (29.06.2009)
 documentMustLive, Vulnerabilities in CMS SiteLogic (29.06.2009)

PHP memory corruption
Published:29.06.2009
Source:
SecurityVulns ID:10023
Type:library
Threat Level:
7/10
Description:Memory corruption on EXIF data parsgin from JPEG file via exif_read_data().
Original documentdocumentMANDRAKE, [Full-disclosure] [ MDVSA-2009:145 ] php (29.06.2009)

Ruby DoS
Published:29.06.2009
Source:
SecurityVulns ID:10024
Type:library
Threat Level:
5/10
Description:Crash on oversized string in BigDecimal.
Affected:RUBY : ruby 1.8
CVE:CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200906-02 ] Ruby: Denial of Service (29.06.2009)

Baofeng Media Player buffer overflow
Published:29.06.2009
Source:
SecurityVulns ID:10025
Type:client
Threat Level:
5/10
Description:Buffer overflow on SMPL playlists parsing.
Affected:BAOFENG : Baofeng Media Player 3.9
Original documentdocumentJambalaya ., Baofeng Media Player playlist stack overflow vulnerability (29.06.2009)

libpng information leak
Published:29.06.2009
Source:
SecurityVulns ID:10026
Type:library
Threat Level:
5/10
Description:During displaying of 1-bit image with width values that are not divisible by 8 data from non-initialized memory is used.
Affected:libpng : libpng 1.2
CVE:CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.)
Original documentdocumentGENTOO, [ GLSA 200906-01 ] libpng: Information disclosure (29.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod