 |
|
|
|
HP System Management Homepage crossite scripting
updated since 21.05.2009 | | Published: |  | 04.02.2010 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9924 | | Type: |  | remote | | Level: |  | 4/10 |
| Affected: |  | HP : HP System Management Homepage 3.0 | | CVE: |  | CVE-2009-4185 (Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.) | | | | CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.) | | | | CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.) | | | | CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.) |
| Microsoft Internet Explorer information leak | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10575 | | Type: | | client | | Level: | | 8/10 | | Description: |  | It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag. |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 04.02.2010 | | Source: | | | | SecurityVulns ID: | | 10584 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | BUGZILLA : Bugzilla 3.0 | | | | MOODLE : Moodle 1.8 | | | | MOODLE : Moodle 1.9 | | | | MOZILLA : Bugzilla 3.2 | | | | DIGGERSOLUTIONS : Intranet Open Source 2.7 | | | | PLATFORMASSOCIAT : tinypug 0.9 | | | | MOZILLA : Bugzilla 3.4 | | | | BUGZILLA : Bugzilla 3.5 | | | | DRUPAL : MP3 Player 1.0 module for Drupal | | | | TAVANMAND : Tavanmand Portal 1.1 | | | | OCSINVENTORYNG : OCS Inventory NG 1.3 | | | | TRACGIT : trac-git 0.0 | | CVE: | | CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command.) | | | | CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title).") | | | | CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.) | | | | CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.) | | | | CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.) | | | | CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.) | | | | CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.) | | | | CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.) |
| Original document |  | DEBIAN, [SECURITY] [DSA-1990-1] New trac-git packages fix code execution (04.02.2010) |
| | | DEBIAN, [SECURITY] [DSA-1990-2] New trac-git package fixes regression (04.02.2010) |
| | | Nicolas DEROUET, OCS Inventory NG Server <= 1.3b3 (login) Remote Authentication Bypass (04.02.2010) |
| | | ProCheckUp Research, PR09-19: Cross-Site Scripting (XSS) on CommonSpot server (04.02.2010) |
| | | info_(at)_securitylab.ir, Tavanmand Portal (fckeditor) Remote Arbitrary File Upload Vulnerability (04.02.2010) |
| | | info_(at)_securitylab.ir, eWebeditor ASP Version Multiple Vulnerabilities (04.02.2010) |
| | | Marty Barbella, XSS vulnerability in Drupal's MP3 Player contributed module (version 6.x-1.0-beta1) (04.02.2010) |
| | | md.r00t.defacer_(at)_gmail.com, Joomla (com_gambling) SQL Injection Vulnerabilities (04.02.2010) |
| | | BUGZILLA, Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2 (04.02.2010) |
| | | info_(at)_securitylab.ir, RaakCms Multiple Vulnerabilities (04.02.2010) |
| | | admin_(at)_bugreport.ir, Tinypug Multiple Vulnerabilities (04.02.2010) |
| | | ben_(at)_visionsource.org, OpenCart CSRF Vulnerability (04.02.2010) |
| | | DEBIAN, [SECURITY] [DSA 1986-1] New moodle packages fix several vulnerabilities (04.02.2010) |
| | | Inj3ct0r.com, show data sources ite config exploit (04.02.2010) |
| | | Inj3ct0r.com, Cpanel Bypass Safe mode [ extract tar.gz by Cpanel ] (04.02.2010) |
| | | MustLive, Vulnerabilities in Hydra Engine (04.02.2010) |
| maildrop privilege escalation | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10586 | | Type: | | local | | Level: | | 6/10 |
| Affected: | | MAILDROP : maildrop 2.0 | | CVE: | | CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.) |
| AOL buffer overflow | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10577 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on vCard (.vcf) files parsing. |
| HP OpenVMS Record Management Services privilege escalation | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10579 | | Type: | | local | | Level: | | 5/10 |
| CVE: | | CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before VMS83A_RMS-V1100 for HP OpenVMS on the Alpha platform allows local users to gain privileges via unknown vectors.) |
| Apple iPhone cryptographic weakness | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10583 | | Type: | | client | | Level: | | 5/10 | | Description: | | Certificate key usage is not checked during validation of .mobileconfig wireless autoconfiguration file. |
| HP StorageWorks Tape Autoloader privilege escalation | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10576 | | Type: | | local | | Level: | | 5/10 | | Description: | | Web interface allows non-privileged user to obtain administrative privileges. |
| Affected: | | HP : StorageWorks 1/8 G2 | | CVE: | | CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for MSL Tape Libraries and 1/8 G2 Tape Autoloaders in HP StorageWorks 1/8 G2 Tape Autoloader firmare 2.30 and earlier, MSL2024 Tape Library firmware 4.20 and earlier, MSL4048 Tape Library firmware 6.50 and earlier, and MSL8096 Tape Library firmware 8.90 and earlier allows remote attackers to cause a denial of service via unknown vectors.) |
| Asterisk integer overflow | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10578 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Integer overflow on T.38 over SIP FaxMaxDatagram field parsing. |
| Affected: | | ASTERISK : Asterisk 1.6 | | CVE: | | CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.) |
| Corel Paint Shop Pro buffer overflow | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10580 | | Type: | | local | | Level: | | 4/10 | | Description: | | Heap buffer overflow on FPX format parsing. |
Linux kernel multiple security vulnerabilities
updated since 04.02.2010 | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10581 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on ISDN HDLC packet, gdth driver IOCTL privilege escalation, devtmpfs weak permissions. |
| CVE: | | CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors.) | | | | CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.) | | | | CVE-2009-3080 (Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.) |
| Cisco Secure Desktop crossite scripting | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10582 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting via POST request to https://{IP}//+CSCOT+/translation?textdomain=csd&prefix=trans&lang=en-us |
| Affected: | | CISCO : Cisco Secure Desktop 3.4 | | CVE: | | CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.) |
| jBCrypt library cryptographic vulnerability | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10585 | | Type: | | library | | Level: | | 6/10 | | Description: | | non-ASCII characters are converted to '?' befor hash calculation. |
| Samba race conditions | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10587 | | Type: | | local | | Level: | | 5/10 | | Description: | | Race conditions in mount.cifs utility. |
| Affected: | | SAMBA : Samba 3.0 | | CVE: | | CVE-2009-3297 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0787, CVE-2010-0788, CVE-2010-0789. Reason: this candidate was intended for one issue in Samba, but it was used for multiple distinct issues, including one in FUSE and one in ncpfs. Notes: All CVE users should consult CVE-2010-0787 (Samba), CVE-2010-0788 (ncpfs), and CVE-2010-0789 (FUSE) to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.) |
| Xerox Workcenter 4150 DoS | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10588 | | Type: | | remote | | Level: | | 3/10 | | Description: | | assert() on PJL parsing |
| squid proxy server DoS | | Published: | | 04.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10589 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Crash on authentication, crash on DNS reply parsing. |
| Affected: | | SQUID : Squid 2.6 | | | | SQUID : squid 3.0 | | | | SQUID : Squid 2.7 | | CVE: | | CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.) | | | | CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.) |
|
|
|
|
|
|
|
|
