 |
|
|
|
| Microsoft IIS protection bypass | | Published: |  | 29.12.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10491 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file. |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 29.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10492 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| Affected: |  | JOOMLA : Joomulus 2.0 | | | | DRBENHUR : DBHcms 1.1 | | | | LIVEZILLA : LiveZilla 3.1 | | CVE: |  | CVE-2009-4422 (Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph 3.0.6 allow remote attackers to inject arbitrary web script or HTML via a key to csim_in_html_ex1.php, and other unspecified vectors.) |
| MIT Kerberos 5 DoS | | Published: | | 29.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10493 | | Type: | | remote | | Level: | | 5/10 | | Description: | | NULL pointer dereference on cross-relarm authentication. |
| Affected: | | MIT : krb5 1.7 | | CVE: | | CVE-2009-3295 (The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.) |
| Perl DBD::Pg module buffer overflow | | Published: | | 29.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10494 | | Type: | | library | | Level: | | 5/10 | | Description: | | pg_getline buffer overflow, DoS. |
| CVE: | | CVE-2009-1341 (Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.) | | | | CVE-2009-0663 (Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.) |
| setfacl / getfacl symbolic links vulnerability | | Published: | | 29.12.2009 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 10495 | | Type: | | local | | Level: | | 4/10 | | Description: | | Symbolic links are followed on recursive operation. |
| CVE: | | CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.) |
|
|
|
|
|
|
|
|
