 |
|
|
|
| SolarWinds TFTP Server DoS | | Published: |  | 31.08.2009 | | Source: |  | GAURAVBARUAH | | SecurityVulns ID: |  | 10190 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Crash on TFTP requestparsing. |
| Apache Xerces C++ library | | Published: | | 31.08.2009 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 10191 | | Type: | | library | | Description: | | Crash on XML parsing. |
| Affected: |  | APACHE : Xerces C++ 2.7 | | | | APACHE : Xerces C++ 2.8 | | CVE: |  | CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.) |
Linux kernel uninitialized pointers
updated since 14.08.2009 | | Published: | | 31.08.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10150 | | Type: | | local | | Level: | | 7/10 | | Description: | | proto_ops structure uninitialized pointers. |
| Affected: | | LINUX : kernel 2.4 | | | | LINUX : kernel 2.6 | | CVE: | | CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 31.08.2009 | | Source: | | | | SecurityVulns ID: | | 10192 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
PostNuke: SQL injection. |
| Affected: | | SquirrelMail 1.4. | | CVE: | | CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.) |
Microsoft Windows IIS FTP server buffer overflow
updated since 31.08.2009 | | Published: | | 13.10.2009 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 10193 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Buffer overflow in NLST command. Same vulnerability may be used for stack overflow (stack memory exhaustion) without need fo write access. |
|
|
|
|
|
|
|
|
