Computer Security
[EN] securityvulns.ru no-pyccku


netatalk shell characters vulnerabilities
updated since 18.01.2009
Published:01.02.2009
Source:
SecurityVulns ID:9596
Type:remote
Threat Level:
5/10
Description:Shell characters vulnerability on PostScript print jobs processing.
Affected:NETATALK : netatalk 2.0
CVE:CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1704-2] Updated netatalk packages fix denial of service (01.02.2009)
 documentDEBIAN, [SECURITY] [DSA 1705-1] New netatalk packages fix arbitrary code execution (18.01.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 28.01.2009
Published:01.02.2009
Source:
SecurityVulns ID:9622
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-Upload Manager 1.0: SQL injection, crossite scripting.
Affected:TYPO3 : TYPO3 4.0
 OPENX : OpenX 2.6
 WORDPRESS : WP-Upload Manager 1.0
 MZBSERVICES : Max.Blog 1.0
 WBNEWS : WB News 2.0
 CONPRESSO : ConPresso CMS 4.07
CVE:CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter.)
 CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.)
 CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.)
 CVE-2009-0256 (Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.)
 CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.)
 CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document.)
Original documentdocumentSalvatore "drosophila" Fresta, Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass (01.02.2009)
 documentDEBIAN, [SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution (28.01.2009)
 documentMartin Suess, SAP NetWeaver XSS Vulnerability (28.01.2009)
 documentoffice_(at)_hackattack.at, [HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS (28.01.2009)
 documentarash.setayeshi_(at)_gmail.com, Lootan(kedor) Sql Injection vulnerability (28.01.2009)
 documentarash.setayeshi_(at)_gmail.com, LDF Sql injection vulnerability (28.01.2009)
 documentHACKERS PAL, WB News v2.0.X Remote File include .. (28.01.2009)
 documentadmin_(at)_bugreport.ir, NewsCMSlite Insecure Cookie Handling (28.01.2009)
 documentSECUNIA, Secunia Research: OpenX Multiple Vulnerabilities (28.01.2009)
 documentadmin_(at)_elites0ft.com, OpenX 2.6.3 - Local File Inclusion (28.01.2009)
 documentSalvatore "drosophila" Fresta, Max.Blog <= 1.0.6 (show_post.php) SQL Injection Vulnerability (28.01.2009)
 documentSalvatore "drosophila" Fresta, Max.Blog <= 1.0.6 (submit_post.php) SQL Injection Vulnerability (28.01.2009)
 documentMustLive, Vulnerabilities in WP-Upload Manager for WordPress (28.01.2009)

HP Select Access crossite scripting
Published:01.02.2009
Source:
SecurityVulns ID:9636
Type:remote
Threat Level:
5/10
Affected:HP : HP Select Access 6.1
 HP : HP Select Access 6.2
CVE:CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02403 SSRT090007 rev.1 - HP Select Access Running on HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (01.02.2009)

sudo privilege escalation
updated since 01.02.2009
Published:01.02.2009
Source:
SecurityVulns ID:9637
Type:remote
Threat Level:
6/10
Description:It's possible to elevate privileges to root even if configured to run under different account.
Affected:SUDO : sudo 1.6
CVE:CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.)
Original documentdocumentRPATH, rPSA-2009-0021-1 sudo (01.02.2009)

MediaMonkey buffer overflow
Published:01.02.2009
Source:
SecurityVulns ID:9639
Type:local
Threat Level:
4/10
Description:Buffer overflow on .m3u files parsing.
Affected:MEDIAMONKEY : MediaMonkey 3.0
Original documentdocumentalphanix00_(at)_gmail.com, MediaMonkey 3.0.6 (.m3u file) Local Buffer Overflow PoC (01.02.2009)
Files:MediaMonkey 3.0.6 (.m3u file) Local Buffer Overflow PoC

EleCard MPEG PLAYER buffer overflow
Published:01.02.2009
Source:
SecurityVulns ID:9640
Type:local
Threat Level:
4/10
Description:Buffer overflow on .m3u playlists parsing.
Original documentdocumentalphanix00_(at)_gmail.com, EleCard MPEG PLAYER (.m3u file) Local Stack Overflow Exploit (01.02.2009)
Files:EleCard MPEG PLAYER Local Stack Overflow Exploit

Enomaly ECP / Enomalism symbolic links vulnerability
updated since 01.02.2009
Published:17.02.2009
Source:
SecurityVulns ID:9638
Type:local
Threat Level:
5/10
Description:Insecure temporary files creation.
Affected:ENOMALY : Enomaly ECP 2.1
CVE:CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program.)
 CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.)
Original documentdocumentSam Johnston, Enomaly ECP/Enomalism: Multiple vulnerabilities in enomalism2.sh (redux) (17.02.2009)
 documentSam Johnston, CVE-2008-4990 Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities (01.02.2009)

Novell GroupWise WebAccess crossite scripting
updated since 01.02.2009
Published:29.05.2009
Source:
SecurityVulns ID:9641
Type:remote
Threat Level:
5/10
Description:Multiple crossite scripting and request forgery vulnerabilities.
Affected:NOVELL : GroupWise WebAccess 7.0
CVE:CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.)
 CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.)
 CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.)
Original documentdocumentc3rb3r_(at)_videotron.ca, Novell Groupwise fails to properly sanitize emails. (29.05.2009)
 documentProCheckUp Research, PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks (01.02.2009)
 documentProCheckUp Research, PR08-22: Persistent XSS on Novell GroupWise WebAccess (01.02.2009)
 documentProCheckUp Research, PR08-23: XSS on Novell GroupWise WebAccess (01.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod