Home » 2009 » December » 12
Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)
Hash: SHA1

[ Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) ]

Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 11.12.2009

CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes

Affected Software:
- - Flock 2.5.2

Fixed in:
- - Flock 2.5.5

NOTE: Prior versions may also be affected.

Original URL:
http://securityreason.com/achievement_securityalert/75


- --- 0.Description ---
Flock is a web browser built on Mozilla.s Firefox codebase that specializes in providing social networking and Web 2.0 facilities built into its user interface. Flock v2.5 was officially released on May 19, 2009.

The Flock browser is available as a free download, and supports Micr ... Read more »
Views: 12611 | Added by: b1zz4rd | Date: 12 December 2009 | Comments (88)

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities
phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

 Name              phpCollegeExchange
 Vendor            http://phpcollegeex.sourceforge.net
 Versions Affected 0.1.5c

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2009-12-11

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 VI.   DISCLOSURE TIMELINE
... Read more »
Views: 27384 | Added by: b1zz4rd | Date: 12 December 2009 | Comments (0)

Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities
Digital Scribe 1.4.1 Multiple SQL Injection Vulnerabilities

 Name              Digital Scribe
 Vendor            http://www.digital-scribe.org
 Versions Affected 1.4.1

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2009-12-11

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 VI.   DISCLOSURE TIMELINE


I. ABOUT THE APPL ... Read more »
Views: 1258 | Added by: b1zz4rd | Date: 12 December 2009 | Comments (0)

E-Store SQL Injection Vulnerability
E-Store SQL Injection Vulnerability

 Name              E-Store
 Vendor            http://www.getaphpsite.com

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2009-09-03

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 VI.   DISCLOSURE TIMELINE


I. ABOUT THE APPLICATION

E-Store is a commercial PHP e-commerce.


... Read more »
Views: 8287 | Added by: b1zz4rd | Date: 12 December 2009 | Comments (0)

[USN-870-1] PyGreSQL vulnerability
==============================
=============================
Ubuntu Security Notice USN-870-1          December 11, 2009
pygresql vulnerability
CVE-2009-2940
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
 python-pygresql                 1:3.8.1-2ubuntu0.1

Ubuntu 8.10:
 python-pygresql                 1:3.8.1-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Steffen ... Read more »
Views: 8261 | Added by: b1zz4rd | Date: 12 December 2009 | Comments (0)

close