Computer Security
[EN] securityvulns.ru no-pyccku


Quassel IRC client command injection
Published:30.10.2008
Source:
SecurityVulns ID:9395
Type:client
Threat Level:
5/10
Description:A CTCP ping where the value contains a CTCP quoted newline ('\020' + 'n') will let the Quassel core reply with a message containing an unquoted newline ('\n'). The IRC server interprets this as a command separator.
Affected:QUASSELIRC : Quassel IRC 0.3
Original documentdocumentWouter Coekaerts, Quassel IRC: connection hijacking (30.10.2008)

Adobe Pagemaker buffer overflow
updated since 30.10.2008
Published:03.11.2008
Source:
SecurityVulns ID:9396
Type:local
Description:Buffer overflow on .PMD files parsing.
Affected:ADOBE : PageMaker 7.0
CVE:CVE-2007-6432
 CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure.)
 CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a different vulnerability than CVE-2007-5169 and CVE-2007-6432.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.30.08: Adobe PageMaker Key Strings Stack Buffer Overflow (03.11.2008)
 documentSECUNIA, Secunia Research: Adobe PageMaker PMD File Processing Buffer Overflows (30.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod