Computer Security
[EN] securityvulns.ru no-pyccku


Applicure dotDefender crossite scripting
Published:02.06.2010
Source:
SecurityVulns ID:10891
Type:remote
Threat Level:
4/10
Description:Crossite scripting in administration interface.
Affected:APPLICURE : dotDefender 4.0
Original documentdocumentpublists_(at)_enablesecurity.com, Applicure dotDefender 4.0 administrative interface cross site scripting (02.06.2010)

nano editor symbolic links vulnerability
Published:02.06.2010
Source:
SecurityVulns ID:10892
Type:local
Threat Level:
5/10
Description:Race conditions during temporary files creation.
Affected:NANO : nano 2.2
CVE:CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.)
 CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.)
Original documentdocumentGENTOO, [ GLSA 201006-08 ] nano: Multiple vulnerabilities (02.06.2010)

EMC Avamar DoS
Published:02.06.2010
Source:
SecurityVulns ID:10893
Type:remote
Threat Level:
5/10
Description:Crash on network messages parsing.
Affected:EMC : Avamar 4.1
 EMC : Avamar 5.0
CVE:CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.)
Original documentdocumentEMC, ESA-2010-007: EMC Avamar Denial Of Service Vulnerability (02.06.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.06.2010
Source:
SecurityVulns ID:10894
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CMSMADESIMPLE : CMS Made Simple 1.7
 ECOMAT : Ecomat CMS 5.0
Original documentdocumentHigh-Tech Bridge Security Research, XSS vulnerability in Ecomat CMS (02.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in Ecomat CMS (02.06.2010)
 documentSecurity Vulnerability Research Team, [Bkis-02-2010] Multiple Vulnerabilities in CMS Made Simple - Bkis (02.06.2010)

Novell ZENworks buffer overflow
Published:02.06.2010
Source:
SecurityVulns ID:10895
Type:remote
Threat Level:
7/10
Description:Buffer overflow on TCP/998 traffic parsing.
Original documentdocumentZDI, ZDI-10-090: Novell ZENworks Configuration Management Preboot Service Remote Code Execution Vulnerability (02.06.2010)

Transmission torrent client buffer overflow
Published:02.06.2010
Source:
SecurityVulns ID:10896
Type:remote
Threat Level:
6/10
Description:Buffer overflow on URL parsing.
Affected:TRANSMISSION : Transmission 1.91
CVE:CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.)
Original documentdocumentGENTOO, [ GLSA 201006-06 ] Transmission: Multiple vulnerabilities (02.06.2010)

Netgear WG602v4 router buffer overflow
Published:02.06.2010
Source:
SecurityVulns ID:10897
Type:remote
Threat Level:
6/10
Description:Buffer overflow during web access authentication.
Affected:NETGEAR : WG602v4
Original documentdocumentCristofaro Mune, IS-2010-001 - Netgear WG602v4 Saved Pass Stack Overflow (02.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod