Computer Security
[EN] securityvulns.ru no-pyccku


HP Operations Orchestration security vulnerabilities
updated since 08.01.2014
Published:03.03.2014
Source:
SecurityVulns ID:13491
Type:remote
Threat Level:
5/10
Description:XSS, CSRF, unauthorized access.
Affected:HP : HP Operations Orchestration 9
 HP : HP Operations Orchestration 10.01
CVE:CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.)
Original documentdocumentHP, [security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information (03.03.2014)
 documentHP, [security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) (08.01.2014)

HP Application Information Optimizer security vulnerabilities
Published:03.03.2014
Source:
SecurityVulns ID:13588
Type:remote
Threat Level:
5/10
Description:Code execution, information disclosure.
Affected:HP : HP Application Information Optimizer 7.1
CVE:CVE-2013-6204 (The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-2004.)
 CVE-2013-6203 (The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-1656.)
Original documentdocumentHP, [security bulletin] HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure (03.03.2014)

HP StoreVirtual code execution
Published:03.03.2014
Source:
SecurityVulns ID:13589
Type:remote
Threat Level:
5/10
Affected:HP : StoreVirtual 4000
 HP : StoreVirtual VSA
CVE:CVE-2013-4841 (Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.)
Original documentdocumentHP, [security bulletin] HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code (03.03.2014)

HP Service Manager multiple security vulnerabilities
Published:03.03.2014
Source:
SecurityVulns ID:13590
Type:remote
Threat Level:
6/10
Description:Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues.
Affected:HP : HP Service Manager 9.33
CVE:CVE-2013-6202 (Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code.)
 CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.)
 CVE-2013-1493 (The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.)
Original documentdocumentHP, [security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Informa (03.03.2014)

libtar directory traversal
Published:03.03.2014
Source:
SecurityVulns ID:13591
Type:library
Threat Level:
6/10
Description:Directory traversal via filename.
Affected:LIBTAR : libtar 1.2
CVE:CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:045 ] libtar (03.03.2014)

McAfee ePolicy Orchestrator information leakage
Published:03.03.2014
Source:
SecurityVulns ID:13592
Type:local
Threat Level:
5/10
Description:Information leakage via XML include.
Affected:MCAFEE : ePolicy Orchestrator
Original documentdocumentRedTeam Pentesting, [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard (03.03.2014)

IBM Lotus SameTime information leakage
Published:03.03.2014
Source:
SecurityVulns ID:13593
Type:local
Threat Level:
5/10
Description:Username and password are logged to file.
Affected:IBM : Lotus Sametime 8.5
Original documentdocumentadrianomarciomonteiro_(at)_gmail.com, Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1 (03.03.2014)

Python buffer overflow
Published:03.03.2014
Source:
SecurityVulns ID:13594
Type:library
Threat Level:
7/10
Description:socket.recvfrom_info() buffer overflow
Affected:PYTHON : python 3.4
CVE:CVE-2014-1912 (Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:041 ] python (03.03.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod