Computer Security
[EN] securityvulns.ru no-pyccku


Google Chrome code execution
Published:31.01.2009
Source:
SecurityVulns ID:9632
Type:client
Threat Level:
6/10
Description:chromehtml: URI parameter injection.
Affected:GOOGLE : Chrome 1.0
Original documentdocumentJanek Vind, Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC (31.01.2009)

dBpowerAMP Audio Player buffer overflow
updated since 06.02.2008
Published:31.01.2009
Source:
SecurityVulns ID:8641
Type:client
Threat Level:
6/10
Description:Buffer overflow on m3u and pls files parsing.
Affected:DBPOWERAMP : dBpowerAMP 2
Original documentdocumentalphanix00_(at)_gmail.com, dBpowerAMP Audio Player v2 ( .pls file) LoCaL BufferOverFlow Exploit (31.01.2009)
 documentsecurfrog_(at)_gmail.com, dBpowerAMP Audio Player Release 2 Remote Buffer Overflow (06.02.2008)
Files:dBpowerAMP Audio Player local buffer overflow exploit

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.01.2009
Source:
SecurityVulns ID:9634
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. E107: обход CAPTCHA, межсайтовый скриптинг.
Affected:MOINMOIN : MoinMoin 1.5
 MOINMOIN : MoinMoin 1.8
 BUGSONLINE : Bugs Online 2.14
 PERLSOFT : PerlSoft Guestbook 1.7
 MOINMOIN : moinmoin 1.7
 AMAYA : Amaya 11.0
 AMAYA : Amaya 10.0
CVE:CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.)
 CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-1211: Amaya web editor XML and HTML parser vulnerabilities (31.01.2009)
 documentDEBIAN, [SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising (31.01.2009)
 documentPeter Wiesen, PerlSoft Guestbook v1.7b Bruteforcer + RCE! (31.01.2009)
 documentr3d.w0rm_(at)_yahoo.com, Bugs Online v2.14 Sql Injection (31.01.2009)
 documentMustLive, Vulnerabilities in E107 (31.01.2009)

FFMpeg (VLC, MPlayer, Perian, Xine) integer overflow
Published:31.01.2009
Source:
SecurityVulns ID:9635
Type:library
Threat Level:
6/10
Description:Integer overflow on 4X format parsing.
Original documentdocumenttk_(at)_trapkit.de, [TKADV2009-004] FFmpeg Type Conversion Vulnerability (31.01.2009)

Linux kernel multiple security vulnerabilities
Published:31.01.2009
Source:
SecurityVulns ID:9633
Type:local
Threat Level:
5/10
Description:Multiple DoS conditions.
Affected:LINUX : kernel 2.6
CVE:CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.)
 CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.)
 CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses.)
 CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.)
 CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.)
 CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.)

Ralinktech wireless adapter driver integer overflow
updated since 20.01.2009
Published:31.01.2009
Source:
SecurityVulns ID:9605
Type:remote
Threat Level:
5/10
Description:Integer overflow on oversized SSID.
Affected:RALINKTECH : Ralink RT73
CVE:CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1712-1] New rt2400 packages fix arbitrary code execution (31.01.2009)
 documentDEBIAN, [SECURITY] [DSA 1713-1] New rt2500 packages fix arbitrary code execution (31.01.2009)
 documentDEBIAN, [SECURITY] [DSA 1714-1] New rt2570 packages fix arbitrary code execution (31.01.2009)
 documentspringsec_(at)_gmail.com, Ralinktech wireless cards drivers vulnerability (20.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod