Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Performance Insight Server backdoor
Published:04.02.2011
Source:
SecurityVulns ID:11400
Type:remote
Threat Level:
7/10
Description:Hidden undocumented user account is implemented in com.trinagy.security.XMLUserManager class
Affected:HP : OpenView Performance Insight Server 5.41
CVE:CVE-2011-0276 (HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.)
Original documentdocumentHP, [security bulletin] HPSBMA02627 SSRT090246 rev.1 - HP OpenView Performance Insight Server, Remote Execution of Arbitrary Code (04.02.2011)
 documentZDI, ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability (04.02.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.02.2011
Source:
SecurityVulns ID:11402
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : Vbulletin 4.1
 SYMANTEC : Symantec IM Manager 8.4
CVE:CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified parameters to the ScheduleTask method.)
Original documentdocumentZDI, ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability (04.02.2011)
 documentSee Me, vBulletin 4.1.2 0-day Denial Of Service Exploit (04.02.2011)
Files:vBulletin 4.1.2 0-day Denial Of Service Exploit

pango / libpango buffer overflow
Published:04.02.2011
Source:
SecurityVulns ID:11403
Type:library
Threat Level:
5/10
Description:Buffer overflow in pango_ft2_font_render_box_glyph()
Affected:PANGO : Pango 1.28
CVE:CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:020 ] pango (04.02.2011)

IBM DB2 security vulnerabilities
Published:04.02.2011
Source:
SecurityVulns ID:11401
Type:remote
Threat Level:
7/10
Description:Buffer overflow and integer overflow in db2dasrrm (TCP/524)
Affected:IBM : DB2 9.7
Original documentdocumentZDI, ZDI-11-035: IBM DB2 db2dasrrm validateUser Remote Code Execution Vulnerability (04.02.2011)
 documentZDI, ZDI-11-036: IBM DB2 db2dasrrm receiveDASMessage Remote Code Execution Vulnerability (04.02.2011)

PostgreSQL buffer overflow
Published:04.02.2011
Source:
SecurityVulns ID:11404
Type:library
Threat Level:
5/10
Description:Buffer overflow in intarray on large numbers parsing.
Affected:POSTGRES : PostgreSQL 8.4
 POSTGRES : PostgreSQL 9.0
CVE:CVE-2010-4015 (Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2157-1] PostgreSQL security update (04.02.2011)

BMC PATROL Agent integer overflow
Published:04.02.2011
Source:
SecurityVulns ID:11405
Type:remote
Threat Level:
6/10
Description:Integer overflow on TCP/6768 traffic parsing.
Affected:BMC : BMC Performance Analysis 7.5
 BMC : BMC Performance Assurance 7.5
 BMC : BMC Performance Analyzer 7.5
 BMC : BMC Performance Predictor 7.5
 BMC : BMC Capacity Management Essentials 1.2
Original documentdocumentZDI, ZDI-11-039: BMC PATROL Agent Service Daemon BGS_MULTIPLE_READS Remote Code Execution Vulnerability (04.02.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod