Mozilla Firefox / Thunderbird / Seamonkey buffer overflow
Published:		01.11.2010
Source:		MOZILLA
SecurityVulns ID:		11217
Type:		client
Level:		9/10
Description:		Buffer overflow on document.write and DOM insertion is used in-the-wile for hidden malware installation.

Affected:		MOZILLA : SeaMonkey 2.0
		MOZILLA : Firefox 3.5
		MOZILLA : Firefox 3.6
		MOZILLA : Thunderbird 3.0
		MOZILLA : Thunderbird 3.1
CVE:		CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.)

Original document

MOZILLA, Mozilla Foundation Security Advisory 2010-73 (01.11.2010)

Discuss:

Read or add your comments to this news (0 comments)

Teamspeak memory corruption
Published:		01.11.2010
Source:		BUGTRAQ
SecurityVulns ID:		11219
Type:		client
Level:		6/10
Description:		Memory corruption on voice packet parsing.

Affected:

TEAMSPEAK : Teamspeak 2.0

Original document

Henri Lindberg, nSense-2010-002: Teamspeak 2 Windows client (01.11.2010)

Discuss:

Read or add your comments to this news (0 comments)

CiscoWorks buffer overflow
Published:		01.11.2010
Source:
SecurityVulns ID:		11221
Type:		remote
Description:		TCP/443, TCP/1741 Web server buffer overflow.

Affected:		CISCO : CiscoWorks 3.0
CVE:		CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.)

Original document

CISCO, Cisco Security Advisory: CiscoWorks Common Services Arbitrary Code Execution Vulnerability (01.11.2010)

Discuss:

Read or add your comments to this news (0 comments)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		01.11.2010
Source:
SecurityVulns ID:		11218
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		JOOMLA : Joomla 1.5
		FGSSTUDIO : WebManager-Pro 7.4
		VMWARE : Spring Security 3.0
		VMWARE : Spring Security 2.0
		SPRINGSOURCE : Acegi Security 1.0
CVE:		CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.)

Original document		s2-security, CVE-2010-3700: Spring Security bypass of security constraints (01.11.2010)
		MustLive, XSS и SQL Injection уязвимости в CMS WebManager-Pro (01.11.2010)
		YGN Ethical Hacker Group, Joomla 1.5.21 | Potential SQL Injection Flaws (01.11.2010)

Discuss:

Read or add your comments to this news (0 comments)

WinAmp buffer overflow
Published:		01.11.2010
Source:		BUGTRAQ
SecurityVulns ID:		11220
Type:		remote
Level:		6/10
Description:		Buffer overflow on VP6 video parsing.

Affected:		WINAMP : Winamp 5.581
CVE:		CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.)

Original document

SECUNIA, Secunia Research: Winamp VP6 Content Parsing Buffer Overflow Vulnerability (01.11.2010)

Discuss:

Read or add your comments to this news (0 comments)

Adobe Shockwave multiple security vulnerabilities updated since 01.11.2010
Published:		02.11.2010
Source:		BUGTRAQ
SecurityVulns ID:		11222
Type:		client
Level:		8/10
Description:		Multiple memory corruptions.

Affected:		ADOBE : Shockwave Player 11.5
CVE:		CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.)
		CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.)
		CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.)
		CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088.)
		CVE-2010-2582 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.)
		CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.)

Original document		Rodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089 (02.11.2010)
		Rodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087 (02.11.2010)
		Rodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088 (02.11.2010)
		Rodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086 (02.11.2010)
		SECUNIA, Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability (01.11.2010)
		SECUNIA, Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability (01.11.2010)

Discuss:

Read or add your comments to this news (0 comments)