Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Shockwave multiple security vulnerabilities
updated since 01.11.2010
Published:02.11.2010
Source:
SecurityVulns ID:11222
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.)
 CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.)
 CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.)
 CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088.)
 CVE-2010-2582 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.)
Original documentdocumentRodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4089 (02.11.2010)
 documentRodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4087 (02.11.2010)
 documentRodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4088 (02.11.2010)
 documentRodrigo Branco, Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-4086 (02.11.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player "DEMX" Chunk Parsing Vulnerability (01.11.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player "pamm" Chunk Parsing Vulnerability (01.11.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.11.2010
Source:
SecurityVulns ID:11223
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla 1.5
 MEMHT : MemHT Portal 4.0
 WEBMEDIAEXPLORER : Webmedia Explorer 6.13
 WSNLINKS : WSN Links 6.0
 WSNLINKS : WSN Links 5.1
 WSNLINKS : WSN Links 5.0
 WORDPRESS : cforms 11.5
CVE:CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.)
 CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.)
Original documentdocumentRodrigo Branco, cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977 (02.11.2010)
 documentMark Stanislav, 'WSN Links' SQL Injection Vulnerability (CVE-2010-4006) (02.11.2010)
 documentHigh-Tech Bridge Security Research, Stored XSS vulnerability in Webmedia Explorer (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Kandidat CMS (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Kandidat CMS (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Kandidat CMS (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in MemHT Portal (02.11.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in MemHT Portal (02.11.2010)
 documentHigh-Tech Bridge Security Research, Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal (02.11.2010)

Dovecot multiple security vulnerabilities
Published:02.11.2010
Source:
SecurityVulns ID:11224
Type:remote
Threat Level:
6/10
Description:Symbolic links vulnerability, DoS, ACL restrictions bypass.
CVE:CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.)
 CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.)
 CVE-2010-3779 (Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.)
 CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.)
 CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.)
 CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:217 ] dovecot (02.11.2010)

HP Insight multiple security vulnerabilities
Published:02.11.2010
Source:
SecurityVulns ID:11228
Type:remote
Threat Level:
7/10
Description:Directory traversal, code execution in different applications.
Affected:HP : Insight Control performance management 6.1
 HP : Insight Recovery 6.1
 HP : Insight Control virtual machine management 6.1
 HP : Insight Control 6.1
 HP : Insight Managed System Setup Wizard 6.1
 HP : Insight Orchestration 6.1
CVE:CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control for Linux before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to bypass intended access restrictions, and obtain sensitive information or modify data, via unknown vectors.)
 CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard before 6.2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management before 6.1 update 2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management before 6.2 allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-4024 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-3993 (Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors.)
 CVE-2010-3992 (Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2010-3991 (Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-3989 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-3988 (Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors.)
 CVE-2010-3987 (Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02603 SSRT100319 rev.1 - HP Insight Control Power Management for Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) (02.11.2010)
 documentHP, [security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access (02.11.2010)
 documentHP, [security bulletin] HPSBMA02601 SSRT100316 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Unauthorized Access (02.11.2010)
 documentHP, [security bulletin] HPSBMA02605 SSRT100238 rev.1 - HP Insight Managed System Setup Wizard for Windows, Remote Arbitrary File Download (02.11.2010)
 documentHP, [security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access (02.11.2010)
 documentHP, [security bulletin] HPSBMA02606 SSRT100321 rev.1 - HP Insight Orchestration Software for Windows, Remote Arbitrary File Download, Unauthorized Access (02.11.2010)
 documentHP, [security bulletin] HPSBMA02607 SSRT100214 rev.1 - HP Insight Control for Linux, Remote Cross Site Request Forgery (CSRF) (02.11.2010)
 documentHP, [security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF) (02.11.2010)
 documentHP, [security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF) (02.11.2010)
 documentHP, [security bulletin] HPSBMA02604 SSRT100320 rev.1 - HP Insight Recovery for Windows, Remote Cross Site Scripting (XSS), Arbitrary File Download (02.11.2010)
 documentHP, [security bulletin] HPSBMA02600 SSRT100239 rev.1 - HP Insight Control Performance Management for Windows, Remote Arbitrary File Download (02.11.2010)

Python DoS
Published:02.11.2010
Source:
SecurityVulns ID:11226
Type:library
Threat Level:
5/10
Description:DoS via connection accept functions (asyncore and smtpd modules)
CVE:CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.)
 CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:216 ] python (02.11.2010)

SonicWALL SSL-VPN ActiveX buffer overflow
Published:02.11.2010
Source:
SecurityVulns ID:11227
Type:client
Threat Level:
5/10
Description:Buffer overflow in SonicWALL SSL-VPN End-Point ActiveX Install3rdPartyComponent() method.
CVE:CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method.)
Original documentdocumentSECUNIA, Secunia Research: SonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow (02.11.2010)

PHP multiple security vulnerabilities
updated since 02.11.2010
Published:24.11.2010
Source:
SecurityVulns ID:11225
Type:library
Threat Level:
5/10
Description:DoS, base_dir protection bypass, crossite scripting.
Affected:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.)
 CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.)
 CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:239 ] php (24.11.2010)
 documentMANDRIVA, [ MDVSA-2010:224 ] php (10.11.2010)
 documentMANDRIVA, [ MDVSA-2010:218 ] php (02.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod