 |
|
|
|
| Google Chrome code execution | | Published: |  | 31.01.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9632 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | chromehtml: URI parameter injection. |
dBpowerAMP Audio Player buffer overflow
updated since 06.02.2008 | | Published: | | 31.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8641 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer overflow on m3u and pls files parsing. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 31.01.2009 | | Source: | | | | SecurityVulns ID: | | 9634 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
E107: обход CAPTCHA, межсайтовый скриптинг. |
| FFMpeg (VLC, MPlayer, Perian, Xine) integer overflow | | Published: | | 31.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9635 | | Type: | | library | | Level: | | 6/10 | | Description: | | Integer overflow on 4X format parsing. |
| Linux kernel multiple security vulnerabilities | | Published: | | 31.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9633 | | Type: | | local | | Level: | | 5/10 | | Description: | | Multiple DoS conditions. |
| Affected: |  | LINUX : kernel 2.6 | | CVE: |  | CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.) | | | | CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.) | | | | CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses.) | | | | CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.) | | | | CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.) | | | | CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.) |
Ralinktech wireless adapter driver integer overflow
updated since 20.01.2009 | | Published: | | 31.01.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9605 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Integer overflow on oversized SSID. |
| Affected: | | RALINKTECH : Ralink RT73 | | CVE: | | CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.) |
|
|
|
|
|
|
|
|
