Computer Security
[EN] securityvulns.ru no-pyccku


SolarWinds TFTP Server DoS
Published:31.08.2009
Source:
SecurityVulns ID:10190
Type:remote
Threat Level:
5/10
Description:Crash on TFTP requestparsing.
Affected:SOLARWINDS : SolarWinds TFTP Server 9.2
Original documentdocumentgaurav baruah, SolarWinds TFTP Server <=9.2.0.111 Remote DoS Exploit (31.08.2009)
Files:SolarWinds TFTP Server <=9.2.0.111 Remote DoS Exploit

Apache Xerces C++ library
Published:31.08.2009
Source:
SecurityVulns ID:10191
Type:library
Description:Crash on XML parsing.
Affected:APACHE : Xerces C++ 2.7
 APACHE : Xerces C++ 2.8
CVE:CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:223 ] xerces-c (31.08.2009)

Linux kernel uninitialized pointers
updated since 14.08.2009
Published:31.08.2009
Source:
SecurityVulns ID:10150
Type:local
Threat Level:
7/10
Description:proto_ops structure uninitialized pointers.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
CVE:CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.)
Original documentdocumentRamon de Carvalho Valle, [Full-disclosure] Illustrating the Linux sock_sendpage() NULL pointer dereference on Power/Cell BE Architecture (31.08.2009)
 documentTavis Ormandy, Linux NULL pointer dereference due to incorrect proto_ops initializations (14.08.2009)
Files:proto_ops uninitialized pointer exploit
 Exploits Linux sock_sendpage() NULL pointer dereference

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.08.2009
Source:
SecurityVulns ID:10192
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PostNuke: SQL injection.
Affected:SquirrelMail 1.4.
CVE:CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:222 ] squirrelmail (31.08.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod