Search:Vulnerability:29.06.2009 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 29.06.2009
Source:
SecurityVulns ID: 10022
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CMS SiteLogic: SQL injection, crossite scripting, information leak.

Affected: AJAXPORTAL : AjaxPortal 3.0
PHPADDRESSBOOK : PHP-AddressBook 4.0
MEGAFILEMANAGER : Mega File Manager 1.0
OSTICKET : osTicket 1.6

Original document Adam Baldwin, osTicket v1.6 RC4 Admin Login Blind SQLi (29.06.2009)

Cru3l.b0y, AjaxPortal v3.0 Remote File Inclusion Vulnerability (29.06.2009)

ceza_fuat_kolik_(at)_hotmail.com, Mega File Manager Remote File Vuln (29.06.2009)

y3nh4ck3r_(at)_gmail.com, MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--> (29.06.2009)

document MustLive, Vulnerabilities in CMS SiteLogic (29.06.2009)

Discuss: Read or add your comments to this news (0 comments)

PHP memory corruption
Published: 29.06.2009
Source: FULL-DISCLOSURE
SecurityVulns ID: 10023
Type: library
Level: 7/10
Description: Memory corruption on EXIF data parsgin from JPEG file via exif_read_data().

Original document MANDRAKE, [Full-disclosure] [ MDVSA-2009:145 ] php (29.06.2009)

Discuss: Read or add your comments to this news (0 comments)

libpng information leak
Published: 29.06.2009
Source: BUGTRAQ
SecurityVulns ID: 10026
Type: library
Level: 5/10
Description: During displaying of 1-bit image with width values that are not divisible by 8 data from non-initialized memory is used.

Affected: libpng : libpng 1.2
CVE: CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.)

Original document GENTOO, [ GLSA 200906-01 ] libpng: Information disclosure (29.06.2009)

Discuss: Read or add your comments to this news (0 comments)

Ruby DoS
Published: 29.06.2009
Source: BUGTRAQ
SecurityVulns ID: 10024
Type: library
Level: 5/10
Description: Crash on oversized string in BigDecimal.

Affected: RUBY : ruby 1.8
CVE: CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.)

Original document GENTOO, [Full-disclosure] [ GLSA 200906-02 ] Ruby: Denial of Service (29.06.2009)

Discuss: Read or add your comments to this news (0 comments)

Baofeng Media Player buffer overflow
Published: 29.06.2009
Source: FULL-DISCLOSURE
SecurityVulns ID: 10025
Type: client
Level: 5/10
Description: Buffer overflow on SMPL playlists parsing.

Affected: BAOFENG : Baofeng Media Player 3.9

Original document Jambalaya ., Baofeng Media Player playlist stack overflow vulnerability (29.06.2009)

Discuss: Read or add your comments to this news (0 comments)

test server