Computer Security
[EN] securityvulns.ru no-pyccku


HP System Management Homepage crossite scripting
updated since 21.05.2009
Published:04.02.2010
Source:
SecurityVulns ID:9924
Type:remote
Threat Level:
4/10
Affected:HP : HP System Management Homepage 3.0
CVE:CVE-2009-4185 (Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.)
 CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.)
 CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.)
Original documentdocumentHP, [security bulletin] HPSBMA02504 SSRT090220 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) (04.02.2010)
 documentHP, [security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage (SMH) for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting (XSS), Unauthorized Access (21.05.2009)
 documentHP, [security bulletin] HPSBMA02428 SSRT090048 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS) (21.05.2009)

Microsoft Internet Explorer information leak
Published:04.02.2010
Source:
SecurityVulns ID:10575
Type:client
Threat Level:
8/10
Description:It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities (04.02.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.02.2010
Source:
SecurityVulns ID:10584
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 3.0
 MOODLE : Moodle 1.8
 MOODLE : moodle 1.9
 MOZILLA : Bugzilla 3.2
 DIGGERSOLUTIONS : Intranet Open Source 2.7
 PLATFORMASSOCIAT : tinypug 0.9
 MOZILLA : Bugzilla 3.4
 BUGZILLA : Bugzilla 3.5
 DRUPAL : MP3 Player 1.0 module for Drupal
 TAVANMAND : Tavanmand Portal 1.1
 OCSINVENTORYNG : OCS Inventory NG 1.3
 TRACGIT : trac-git 0.0
CVE:CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.)
 CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title).")
 CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.)
 CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.)
 CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.)
 CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.)
 CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.)
 CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-1990-1] New trac-git packages fix code execution (04.02.2010)
 documentDEBIAN, [SECURITY] [DSA-1990-2] New trac-git package fixes regression (04.02.2010)
 documentNicolas DEROUET, OCS Inventory NG Server <= 1.3b3 (login) Remote Authentication Bypass (04.02.2010)
 documentProCheckUp Research, PR09-19: Cross-Site Scripting (XSS) on CommonSpot server (04.02.2010)
 documentinfo_(at)_securitylab.ir, Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability (04.02.2010)
 documentinfo_(at)_securitylab.ir, eWebeditor ASP Version Multiple Vulnerabilities (04.02.2010)
 documentMarty Barbella, XSS vulnerability in Drupal's MP3 Player contributed module (version 6.x-1.0-beta1) (04.02.2010)
 documentmd.r00t.defacer_(at)_gmail.com, Joomla (com_gambling) SQL Injection Vulnerabilities (04.02.2010)
 documentBUGZILLA, Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2 (04.02.2010)
 documentinfo_(at)_securitylab.ir, RaakCms Multiple Vulnerabilities (04.02.2010)
 documentadmin_(at)_bugreport.ir, Tinypug Multiple Vulnerabilities (04.02.2010)
 documentben_(at)_visionsource.org, OpenCart CSRF Vulnerability (04.02.2010)
 documentDEBIAN, [SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities (04.02.2010)
 documentInj3ct0r.com, show data sources ite config exploit (04.02.2010)
 documentInj3ct0r.com, Cpanel Bypass Safe mode [ extract tar.gz by Cpanel ] (04.02.2010)
 documentMustLive, Vulnerabilities in Hydra Engine (04.02.2010)

maildrop privilege escalation
Published:04.02.2010
Source:
SecurityVulns ID:10586
Type:local
Threat Level:
6/10
Affected:MAILDROP : maildrop 2.0
CVE:CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1981-2] New maildrop packages fix regression (04.02.2010)
 documentDEBIAN, [SECURITY] [DSA 1981-1] New maildrop packages fix privilege escalation (04.02.2010)

AOL buffer overflow
Published:04.02.2010
Source:
SecurityVulns ID:10577
Type:client
Threat Level:
5/10
Description:Buffer overflow on vCard (.vcf) files parsing.
Affected:AOL : AOL 9.5
Original documentdocumentkarakorsankara_(at)_hotmail.com, [Hellcode Research]: AOL 9.5 File Parsing Buffer Overflow Vulnerability (04.02.2010)

HP OpenVMS Record Management Services privilege escalation
Published:04.02.2010
Source:
SecurityVulns ID:10579
Type:local
Threat Level:
5/10
CVE:CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBOV02505 SSRT100023 rev.1 - HP OpenVMS RMS, Local Escalation of Privilege (04.02.2010)

Apple iPhone cryptographic weakness
Published:04.02.2010
Source:
SecurityVulns ID:10583
Type:client
Threat Level:
5/10
Description:Certificate key usage is not checked during validation of .mobileconfig wireless autoconfiguration file.
Original documentdocumentcryptopath_(at)_gmail.com, iPhone certificate flaws (04.02.2010)

HP StorageWorks Tape Autoloader privilege escalation
Published:04.02.2010
Source:
SecurityVulns ID:10576
Type:local
Threat Level:
5/10
Description:Web interface allows non-privileged user to obtain administrative privileges.
Affected:HP : StorageWorks 1/8 G2
CVE:CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmare 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors.)
Original documentdocumentAlexandr Polyakov, [DSECRG-09-011] HP StorageWorks 1_8 G2 Tape Autoloader - privilege escalation DOS (04.02.2010)

Asterisk integer overflow
Published:04.02.2010
Source:
SecurityVulns ID:10578
Type:remote
Threat Level:
5/10
Description:Integer overflow on T.38 over SIP FaxMaxDatagram field parsing.
Affected:ASTERISK : Asterisk 1.6
CVE:CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.)
Original documentdocumentASTERISK, AST-2010-001: T.38 Remote Crash Vulnerability (04.02.2010)

Corel Paint Shop Pro buffer overflow
Published:04.02.2010
Source:
SecurityVulns ID:10580
Type:local
Threat Level:
4/10
Description:Heap buffer overflow on FPX format parsing.
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2009-1126] Corel Paint Shop Pro Photo X2 FPX Heap Overflow (04.02.2010)

Linux kernel multiple security vulnerabilities
updated since 04.02.2010
Published:04.02.2010
Source:
SecurityVulns ID:10581
Type:remote
Threat Level:
5/10
Description:Buffer overflow on ISDN HDLC packet, gdth driver IOCTL privilege escalation, devtmpfs weak permissions.
CVE:CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors.)
 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.)
 CVE-2009-3080 (Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:030 ] kernel (04.02.2010)

Cisco Secure Desktop crossite scripting
Published:04.02.2010
Source:
SecurityVulns ID:10582
Type:remote
Threat Level:
5/10
Description:Crossite scripting via POST request to https://{IP}//+CSCOT+/translation?textdomain=csd&prefix=trans&lang=en-us
Affected:CISCO : Cisco Secure Desktop 3.4
CVE:CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.)
Original documentdocumentCISCO, [CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection (04.02.2010)

jBCrypt library cryptographic vulnerability
Published:04.02.2010
Source:
SecurityVulns ID:10585
Type:library
Threat Level:
6/10
Description:non-ASCII characters are converted to '?' befor hash calculation.
Affected:JBCRYPT : jBCrypt 0.3
Original documentdocumentDamien Miller, Advisory: jBCrypt < 0.3 character encoding vulnerability (04.02.2010)

Samba race conditions
Published:04.02.2010
Source:
SecurityVulns ID:10587
Type:local
Threat Level:
5/10
Description:Race conditions in mount.cifs utility.
Affected:SAMBA : Samba 3.0
CVE:CVE-2009-3297 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Original documentdocumentUBUNTU, [USN-893-1] Samba vulnerability (04.02.2010)

Xerox Workcenter 4150 DoS
Published:04.02.2010
Source:
SecurityVulns ID:10588
Type:remote
Threat Level:
3/10
Description:assert() on PJL parsing
Affected:XEROX : Workcenter 4150
Original documentdocumentFrancis Provencher, {PRL} Xerox Workcenter 4150 Remote Buffer Overflow (04.02.2010)

squid proxy server DoS
Published:04.02.2010
Source:
SecurityVulns ID:10589
Type:remote
Threat Level:
6/10
Description:Crash on authentication, crash on DNS reply parsing.
Affected:SQUID : Squid 2.6
 SQUID : squid 3.0
 SQUID : Squid 2.7
CVE:CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.)
 CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service (04.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod