Computer Security
[EN] securityvulns.ru no-pyccku


logwatch shell characters vulnerability
Published:03.03.2011
Source:
SecurityVulns ID:11482
Type:local
Threat Level:
5/10
Description:Shell characters vulnerability on filenames.
CVE:CVE-2011-1018 (logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.)
Original documentdocumentUBUNTU, [USN-1078-1] Logwatch vulnerability (03.03.2011)

HP StorageWorks File Migration Agent unauthenticated access
Published:03.03.2011
Source:
SecurityVulns ID:11483
Type:remote
Threat Level:
5/10
Description:Access authentication is not implemented.
Original documentdocumentZDI, ZDI-11-094: (0 day) Hewlett-Packard StorageWorks File Migration Agent Remote Archive Tampering Vulnerability (03.03.2011)

Postgres Plus SQL authentication bypass
Published:03.03.2011
Source:
SecurityVulns ID:11479
Type:remote
Threat Level:
7/10
Description:Unauthorized access to DBA Management Server (TCP/9000, TCP/9363)
Original documentdocumentZDI, ZDI-11-102: PostgreSQL Plus Advanced Server DBA Management Server Remote Authentication Bypass Vulnerability (03.03.2011)

weechat certificate spoofing
Published:03.03.2011
Source:
SecurityVulns ID:11484
Type:m-i-t-m
Threat Level:
4/10
Description:Server certificate is not validated.
Original documentdocumentjohn.doe_(at)_tapz.be, weechat does not properly use gnutls and allow an attacker to bypass certificate verification (03.03.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.03.2011
Source:
SecurityVulns ID:11476
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CUBECART : CubeCart 2.0
 PHPIDS : PHPIDS 0.6
 TRIBIQ : Tribiq CMS 5.2
 PRESTASHOP : Prestashop Cartium 1.3
 PRESTASHOP : Prestashop 1.3
 XTCMODIFIED : xtcModified 1.05
 PRAYGAN : Pragyan CMS 3.0
 PHOTOPOST : PhotoPost PHP 4.8
 ALCATEL : OmniPCX Enterprise 9.0
 PYWEBDAV : pywebdav 0.9
 ALCATEL : OmniVista 4760 NMS 5.1
CVE:CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.)
 CVE-2011-0436 (The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.)
 CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.)
 CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.)
 CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.)
Original documentdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ] (03.03.2011)
 documentDEBIAN, [SECURITY] [DSA 2177-1] pywebdav security update (03.03.2011)
 documentDEBIAN, [SECURITY] [DSA 2179-1] dtc security update (03.03.2011)
 documentIDEFENSE, iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability (03.03.2011)
 documentRoot_(at)_d99y.com, PhotoPost PHP 4.8c (showgallery.php) Cross Site Scripting (03.03.2011)
 documentRoot_(at)_d99y.com, CubeCart 2.0.6 SQL injection / Cross Site Scripting (03.03.2011)
 documentAntonio San Martino, Prestashop Cartium 1.3.3 Multiple Cross Site Scripting (XSS) (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22855: XSRF (CSRF) in Pragyan CMS (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22856: XSS vulnerability in Pragyan CMS (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22853: XSS vulnerability in Pragyan CMS (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22857: Path disclosure in Tribiq CMS (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22864: XSS vulnerability in xtcModified (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22863: XSS vulnerability in xtcModified (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22866: XSS vulnerability in xtcModified (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22865: XSS vulnerability in xtcModified (03.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22837: Path disclosure in PrestaShop (03.03.2011)
 documentMustLive, Уязвимости в PHPIDS (03.03.2011)

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Published:03.03.2011
Source:
SecurityVulns ID:11477
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, buffer overflows, user-after-free, crossite scripting, crossite request forgery, etc.
Affected:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.1
CVE:CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-0061 (Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.)
 CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.)
 CVE-2011-0058 (Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.)
 CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.)
 CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.)
 CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.)
 CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.)
 CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.)
 CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in Mozilla Firefox does not properly sanitize HTML, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.)
Original documentdocumentZDI, ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-10 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-09 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-08 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-07 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-06 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-05 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-04 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-03 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-02 (03.03.2011)
 documentMOZILLA, Mozilla Foundation Security Advisory 2011-01 (03.03.2011)

vsftpd DoS
Published:03.03.2011
Source:
SecurityVulns ID:11481
Type:remote
Threat Level:
5/10
Description:Resources exhaustion via path globbing.
Affected:VSFTPD : vsftpd 2.3
CVE:CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.)
 CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.)
Original documentdocumentMaksymilian Arciemowicz, vsftpd 2.3.2 remote denial-of-service (03.03.2011)

Pango library NULL pointer dereference
Published:03.03.2011
Source:
SecurityVulns ID:11480
Type:library
Threat Level:
5/10
Description:Memory allocations are not controlled.
Affected:PANGO : Pango 1.28
CVE:CVE-2011-0064 (The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2178-1] pango1.0 security update (03.03.2011)

Apple WebKit / Safari / iTunes / libtiff / Google Chrome multiple security vulnerabilities
updated since 03.03.2011
Published:16.03.2011
Source:
SecurityVulns ID:11478
Type:remote
Threat Level:
9/10
Description:Multiple vulnerabilities on PNG, TIFF, JPEG, XML parsing, multipe WebKit memory corruptions.
Affected:APPLE : Safari 5.0
 LIBTIFF : libtiff 3.9
 APPLE : iTunes 10.2
CVE:CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.)
 CVE-2011-0779 (Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.)
 CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.)
 CVE-2011-0191 (Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.)
 CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.)
 CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.)
 CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.)
 CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.)
 CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.)
 CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.)
 CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.)
 CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0155 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0154 (WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0153 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0152 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0151 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0150 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0149 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0148 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0147 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0146 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0145 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0144 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0143 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0142 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0141 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0140 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0139 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0138 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0137 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0136 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0135 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0134 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0133 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0130 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0129 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0128 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0127 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0126 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0125 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0124 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0123 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0122 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0121 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0120 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0119 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0118 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0117 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0116 (Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0115 (The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0114 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0113 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.)
 CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.)
 CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.)
 CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.)
 CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG styles.)
 CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2192-1] chromium-browser security update (16.03.2011)
 documentAPPLE, About the security content of Safari 5.0.4 (15.03.2011)
 documentVUPEN Security Research, VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote Use-after-free (15.03.2011)
 documentVUPEN Security Research, VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free (15.03.2011)
 documentVUPEN Security Research, VUPEN Security Research - Apple Safari WebKit Block Dimensions Handling Integer Overflow (15.03.2011)
 documentIDEFENSE, iDefense Security Advisory 03.02.11: Apple CoreGraphics Library Heap Memory Corruption Vulnerability (03.03.2011)
 documentZDI, ZDI-11-095: Apple Webkit Error Message Mutation Remote Code Execution Vulnerability (03.03.2011)
 documentZDI, ZDI-11-096: Apple Safari WebKit Range Object Remote Code Execution Vulnerability (03.03.2011)
 documentZDI, ZDI-11-097: Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability (03.03.2011)
 documentZDI, ZDI-11-098: Apple Safari Webkit Runin Box Promotion Remote Code Execution Vulnerability (03.03.2011)
 documentZDI, ZDI-11-099: Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability (03.03.2011)
 documentZDI, ZDI-11-100: Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability (03.03.2011)
 documentZDI, ZDI-11-101: Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability (03.03.2011)
 documentAPPLE, About the security content of iTunes 10.2 (03.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod