Computer Security
[EN] securityvulns.ru
no-pyccku

  

Cisco AnyConnect Secure Mobility Client security vulnerabilities
updated since 02.06.2011
Published:03.06.2011
Source:
SecurityVulns ID:11710
Type:client
Threat Level:
5/10
Description:Local privilege escalation, signature is not checked for downloaded application components.
Affected:CISCO : AnyConnect Secure Mobility Client 2.3
 CISCO : AnyConnect Secure Mobility Client 2.5
 CISCO : AnyConnect Secure Mobility Client 3.0
CVE:CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.)
 CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.)
 CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability (03.06.2011)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client (02.06.2011)

Asterisk DoS
Published:03.06.2011
Source:
SecurityVulns ID:11714
Type:remote
Threat Level:
5/10
Description:Crash on processing SIP response headers.
CVE:CVE-2011-2216 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.)
Original documentdocumentASTERISK, AST-2011-007 (03.06.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.06.2011
Source:
SecurityVulns ID:11715
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : Vbulletin 4.1
 WEBSVN : WebSVN 2.3
Original documentdocumentrgod, WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability (03.06.2011)
 documentRobert Gilbert, [CVE-ID REQUEST] vBulletin - Multiple Open Redirects (03.06.2011)

Sybase OneBridge Mobile Data Suite format string vulnerability
Published:03.06.2011
Source:
SecurityVulns ID:11716
Type:remote
Threat Level:
6/10
Description:Format string vulnerability during IMAPs/SMTPs requests parsing.
Affected:SYBASE : OneBridge 5.5
 SYBASE : OneBridge 5.6
Original documentdocumentZDI, ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability (03.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru