Computer Security
[EN] securityvulns.ru no-pyccku


Apple Mail.app DoS
Published:01.11.2011
Source:
SecurityVulns ID:12010
Type:remote
Threat Level:
5/10
Description:Crash on large number of MIME parts.
Affected:APPLE : iPhone OS 4.3
 APPLE : MacOS X 10.7
Original documentdocumentPaul, Apple's Mail.app mail of death (01.11.2011)

Nova weak cryptography
Published:01.11.2011
Source:
SecurityVulns ID:12011
Type:remote
Threat Level:
5/10
Description:It's possible to computer EC2_SECRET_KEY with known EC2_ACCESS_KEY
Original documentdocumentUBUNTU, [USN-1247-1] Nova vulnerability (01.11.2011)

D-Link DIR-300 multiple security vulnerabilities
Published:01.11.2011
Source:
SecurityVulns ID:12012
Type:remote
Threat Level:
6/10
Description:Router management system for D-Link DIR-300 information leakage.
Affected:DLINK : D-Link DIR-300
Original documentdocumentnoreply_(at)_ptsecurity.ru, [PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router (01.11.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300 (01.11.2011)

radvd multiple security vulnerabilities
Published:01.11.2011
Source:
SecurityVulns ID:12013
Type:remote
Threat Level:
5/10
Description:Privilege escalation, buffer overflow, DoS.
Affected:RADVD : radvd 1.8
CVE:CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests.)
 CVE-2011-3604 (The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors.)
 CVE-2011-3602 (Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.)
 CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2323-1] radvd security update (01.11.2011)

YaTFTPSvr TFTP Server directory traversal
Published:01.11.2011
Source:
SecurityVulns ID:12014
Type:remote
Threat Level:
5/10
Affected:YATFTPSVR : YaTFTPSvr 1.0
Original documentdocumentdemonalex_(at)_163.com, YaTFTPSvr TFTP Server Directory Traversal Vulnerability (01.11.2011)

PlotLineControl ActiveX integer overflow
Published:01.11.2011
Source:
SecurityVulns ID:12015
Type:client
Threat Level:
5/10
Description:Integer overflow in LinePutPoint method
Original documentdocumentdemonalex_(at)_163.com, PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow (01.11.2011)

Oracle Hyperion ActiveX security vulnerabilities
updated since 01.11.2011
Published:04.11.2011
Source:
SecurityVulns ID:12009
Type:client
Threat Level:
5/10
Description:Buffer overflow in ODBC driver used by ActiveX component, unsafe methods.
Original documentdocumentrgod, Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability (04.11.2011)
 documentrgod, Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow (01.11.2011)
Files:Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod