Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:30.11.2007
Source:
SecurityVulns ID:8391
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Cryptographp: XSS.
Original documentdocumentMustLive, MoBiC-28 Bonus: XSS in Cryptographp (30.11.2007)

Asterisk multiple security vulnerabilities
Published:30.11.2007
Source:
SecurityVulns ID:8392
Type:remote
Threat Level:
5/10
Description:cdr_pgsql and res_config_pgsql SQL injection.
Affected:DIGIUM : Asterisk 1.4
Original documentdocumentASTERISK, AST-2007-026 - SQL Injection issue in cdr_pgsql (30.11.2007)
 documentASTERISK, AST-2007-025 - SQL Injection issue in res_config_pgsql (30.11.2007)

APC AP7932 unauthorized access
Published:30.11.2007
Source:
SecurityVulns ID:8393
Type:remote
Threat Level:
6/10
Description:Logical error in authentication process.
Affected:APC : AP7932
Original documentdocumentgarys_(at)_totalserversolutions.com, APC Management Vulnerability (30.11.2007)

TIBCO Rendezvous RVD Daemon memory leak
Published:30.11.2007
Source:
SecurityVulns ID:8394
Type:remote
Threat Level:
5/10
Description:Infinite loop with memory allocation on zero-sized packet.
Affected:TIBCO : Rendezvous 7.5
Original documentdocumentIRM Research, IRM025: TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS (30.11.2007)

Pioneers game multiple DoS conditions
Published:30.11.2007
Source:
SecurityVulns ID:8395
Type:remote
Threat Level:
5/10
Description:Uninitialized memory reference, failed assertion.
Affected:PIONEERS : pioneers 0.11
CVE:CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933.)
 CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.)
Original documentdocumentGENTOO, ERRATA: [ GLSA 200711-20 ] Pioneers: Multiple Denials of Service (30.11.2007)

FreeBSD pseudo-random numbers generator weakness
Published:30.11.2007
Source:
SecurityVulns ID:8396
Type:library
Threat Level:
6/10
Description:SAme PRNG sequence may be reproduced twice under some conditions.
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
 FREEBSD : FreeBSD 6.2
 FREEBSD : FreeBSD 6.3
CVE:CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-07:09.random (30.11.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod