Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.05.2011
Source:
SecurityVulns ID:11635
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPGRAPHY : phpGraphy 0.9
 BACKUPPC : BackupPC 3.1
 MYBB : Mybb 1.6
 TIMTHUMB : TimThumb 1.24
 WORDPRESS : Daily Maui Photo Widget 0.2
 WORDPRESS : WP Photo Album 1.5
 BACKUPPC : BackupPC 3.2
 SAP : SAP Enterprise Portal 7.31
 INVENTIVE : MediaCast 8
 LANSA : LANSA aXes V1R3M5
 SPIP : spip 2.1
CVE:CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.)
 CVE-2011-1157 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.)
 CVE-2011-1156 (feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.)
 CVE-2010-0216 (authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.)
 CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:082 ] python-feedparser (02.05.2011)
 documentDEBIAN, [SECURITY] [DSA 2229-1] spip security update (02.05.2011)
 documentPatrick Webster, OSI Security: LANSA aXes Web Terminal (TN5250) Cross-Site Scripting Vulnerability (02.05.2011)
 documentDaniel Clemens, CVE-2010-0216 MediaCast Password Dump Vulnerability (02.05.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-005] SAP Enterprise Portal Path Disclosure (02.05.2011)
 documentMustLive, HTB22965: Multiple XSS vulnerabilities in BackupPC (02.05.2011)
 documentMustLive, HTB22961: XSS in WP Photo Album wordpress plugin (02.05.2011)
 documentMustLive, HTB22960: XSS in Daily Maui Photo Widget wordpress plugin (02.05.2011)
 documentMustLive, HTB22959: CSRF (Cross-Site Request Forgery) in phpGraphy (02.05.2011)
 documentMustLive, HTB22958: XSS in phpGraphy (02.05.2011)
 documentMustLive, XSS, Redirector и IAA уязвимости в MyBB (02.05.2011)
 documentMustLive, Уязвимости в теме Magazeen для WordPress и Dotclear (02.05.2011)

Cisco Wireless LAN Controller DoS
Published:02.05.2011
Source:
SecurityVulns ID:11636
Type:remote
Threat Level:
5/10
Description:Crash on ICMP processing.
Affected:CISCO : Cisco 4100
 CISCO : Cisco 4400
 CISCO : Cisco 2000
 CISCO : Cisco ASA 5500
 CISCO : Catalyst 3750G
 CISCO : Cisco 2500
 CISCO : Cisco Flex 7500
CVE:CVE-2011-1613 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Wireless LAN Controllers Denial of Service Vulnerability (02.05.2011)

SAP WebAS multiple security vulnerabilities
Published:02.05.2011
Source:
SecurityVulns ID:11637
Type:remote
Threat Level:
5/10
Description:Crossite scripting, form redirection.
Affected:SAP : SAP 7.30
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2011-004] SAP WebAS ITS Mobile Test Service Multiple Vulnerabilities (02.05.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-003] SAP WebAS ITS Mobile Start Service Multiple Vulnerabilities (02.05.2011)

VMware ESXi / ESX DoS
Published:02.05.2011
Source:
SecurityVulns ID:11638
Type:local
Threat Level:
5/10
Description:Sockets exhaustion attack is possible.
Affected:VMWARE : ESXi 4.1
 VMWARE : ESXi 4.0
 VMWARE : ESX 4.0
 VMWARE : ESX 4.1
CVE:CVE-2011-1785 (VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.)
Original documentdocumentVMWARE, VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (02.05.2011)

EMC RSA Data Loss Prevention crossite scripting
Published:02.05.2011
Source:
SecurityVulns ID:11639
Type:remote
Threat Level:
5/10
Affected:EMC : RSA Data Loss Prevention Enterprise Manager 8.5
CVE:CVE-2011-1423 (Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentEMC, ESA-2011-015: RSA, The Security Division of EMC, announces a fix for a security vulnerability in RSA Data Loss Prevention (02.05.2011)

Embarcadero Interbase buffer overflow
Published:02.05.2011
Source:
SecurityVulns ID:11640
Type:remote
Threat Level:
7/10
Description:Stack buffer overflow on connect request processing.
Affected:EMBARCADERO : InterBase XE 10.0
Original documentdocumentZDI, ZDI-11-153: Embarcadero Interbase connect Request Parsing Remote Code Execution Vulnerability (02.05.2011)

usb-creator privilege escalation
Published:02.05.2011
Source:
SecurityVulns ID:11643
Type:local
Threat Level:
5/10
Description:Some privileged disk operations are possible.
Affected:UBUNTU : usb-creator 0.2
CVE:CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command.)
Original documentdocumentUBUNTU, [Full-disclosure] [USN-1127-1] usb-creator vulnerability (02.05.2011)

KVM security vulnerabilities
updated since 02.05.2011
Published:26.05.2011
Source:
SecurityVulns ID:11641
Type:local
Threat Level:
5/10
Description:DoS on guest system I/O processing.
Affected:QEMU : kvm 0.12
CVE:CVE-2011-1751 (The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers.")
 CVE-2011-1750 (Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.)
 CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2241-1] qemu-kvm security update (26.05.2011)
 documentDEBIAN, [SECURITY] [DSA 2230-1] qemu-kvm security update (02.05.2011)

libc glob() resources exhaustion
updated since 02.05.2011
Published:15.04.2013
Source:
SecurityVulns ID:11642
Type:library
Threat Level:
6/10
Description:It's possible to build recursive template, leading to memory exhaustion.
Affected:NETBSD : NetBSD 5.1
 PUREFTPD : Pure-FTPd 1.0
 FREEBSD : FreeBSD 9.1
CVE:CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.)
 CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.)
 CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability, related to FTP.)
Original documentdocumentsubmit_(at)_cxsec.org, MacOSX 10.8.3 ftpd Remote Resource Exhaustion (15.04.2013)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-13:02.libc (24.02.2013)
 documentmax_(at)_cxsecurity.com, FreeBSD 9.1 ftpd Remote Denial of Service (11.02.2013)
 documentMANDRIVA, [ MDVSA-2011:094 ] pure-ftpd (21.05.2011)
 documentMaksymilian Arciemowicz, Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion (02.05.2011)
Files:PoC for multiple vendors ftpd (libc/glob) resource exhaustion

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod