Denial of service

RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service daemon crash via an RTSP SETUP request that 1 specifies the / URI or 2 lacks a / character in the URI...

CVE-2009-2534

CVE-2009-2534 affects RealNetworks Helix Server and Helix Mobile Server prior to 13.0.0. The DoS arises from handling RTSP SETUP requests: if the request URI lacks a "/" character (or in some cases a malformed path), the server crashes, potentially terminating the process. Core Security’s CORE-20...

CORE-2009-0227: Real Helix DNA RTSP and SETUP request handler vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Real Helix DNA RTSP and SETUP request handler vulnerabilities 1. Advisory Information Title: Real Helix DNA RTSP and SETUP request handler vulnerabilities Advisory ID...

Real Helix Server DoS

DoS on RTSP and SETUP requests handling...

Core Security Technologies Advisory 2009.0227

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Real Helix DNA RTSP and SETUP request handler vulnerabilities 1. Advisory Information Title: Real Helix DNA RTSP and SETUP request handler vulnerabilities Advisory ID...

Real Helix DNA RTSP and SETUP request handler vulnerabilities

Core Security - CoreLabsReal Helix DNA RTSP and SETUP request handler vulnerabilities 1. Advisory Information Title: Real Helix DNA RTSP and SETUP request handler vulnerabilities Advisory ID: CORE-2009-0227 Advisory URL: http://www.coresecurity.com/content/real-helix-dna Date published: 2009-07-1...

Real Helix DNA RTSP and SETUP Request Handler Vulnerabilities

Exploit for multiple platform in category dos / poc ============================================================= Real Helix DNA RTSP and SETUP Request Handler Vulnerabilities ============================================================= -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security...

Real Helix DNA - 'RTSP' / 'SETUP' Request Handler

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Real Helix DNA RTSP and SETUP request handler vulnerabilities 1. Advisory Information Title: Real Helix DNA RTSP and SETUP request handler vulnerabilities Advisory ID...

CVE-2009-2444

The CVE-2009-2444 vulnerability affects ADbNewsSender and allows directory traversal through path_to_lang in setup/index.php, enabling remote inclusion and execution of local files. Affected versions are ADbNewsSender before 1.5.6 and 2.0 before RC2. The CVSS2 base score is 7.5 (HIGH) with NETWOR...

GLSA-200906-03 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200906-03 phpMyAdmin: Multiple vulnerabilities Multiple vulnerabilities have been reported in phpMyAdmin: Greg Ose discovered that the setup script does not sanitize input properly, leading to the injection of arbitrary PHP code...

Fedora 11 : rt3-3.8.2-8.fc11 (2009-6899)

Fri Jun 19 2009 Ralf Corsepius - 3.8.2-8 - Address BZ 506885 BZ 506236. - Remove rt-3.4.1-I18N.diff. - Fri Apr 24 2009 Ralf Corsepius - 3.8.2-7 - README.fedora.in: Add --dba root to rt-setup-database BZ 488621. - R: perlXML::RSS BZ 496720. Note that Tenable Network Security has extracted the...

phpMyAdmin setup.php脚本PHP代码注入漏洞

BUGTRAQ ID: 34236 CVECAN ID: CVE-2009-1151 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin的Setup脚本用于生成配置。如果远程攻击者向该脚本提交了特制的POST请求的话，就可能在生成的config.inc.php 配置文件中包含任意PHP代码。由于配置文件被保存到了服务器上，未经认证的远程攻击者可以利用这个漏洞执行任意PHP代码。 phpMyAdmin phpMyAdmin 3.x phpMyAdmin phpMyAdmin 2.11.x 厂商补丁： phpMyAdmin ----------...

MDVA-2009:107 : udev

udev network hotplug scripts before this update doesn't ignore tmpbridge interface, created by xen network-bridge script. This makes bridged xen network setup to fail. The update addresses the issue, making network hotplug ignore tmpbridge interface. Affects only xen users using bridges for netwo...

Podcast Generator 1.2 - Unauthorized Re-Installation

$file.$ext $Ldeleted"; / Explanation code snippet above points ----------------------------------------------------------------------------------- 1. blocks all 'amilogged' REQUEST variables,what about GLOBALS?,therefore useless! 2. if 'amilogged' isn't true - exit function activated. 3. unlink...

util-linux security and bug fix update

2.12a-24.el4 - fix 458539 - man nfs : wrong information about nfs version used 2.12a-23.el4 - fix 485004 - move mount doesnt correctly update mtab 2.12a-22.el4 - fix 472186 - mount -a has problems with duplicate labels in a mpath setup - fix 471372 - RHEL4: fdisk cannot create partition with...

Prevent global settings from being accidentally overwritten

On a number of occasions, upgrading Extranet has triggered some kind of bug that has caused the global settings to be reset to their default values. The most obvious cause of this is that some piece of code has created a new Settings object and saved it through the settings manager. One way to...

Prevent global settings from being accidentally overwritten

On a number of occasions, upgrading Extranet has triggered some kind of bug that has caused the global settings to be reset to their default values. The most obvious cause of this is that some piece of code has created a new Settings object and saved it through the settings manager. One way to...

CVE-2009-1555

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a...

Memory corruption

The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 sends configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by reading the SetupWizard.exe process memory, a...

DEBIAN-CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...