Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Visio multiple security vulnerabilities
updated since 16.04.2010
Published:04.05.2010
Source:
SecurityVulns ID:10765
Type:client
Threat Level:
5/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Visio 2002
 MICROSOFT : Visio 2003
 MICROSOFT : Visio 2007
CVE:CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.)
 CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability.")
 CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0428] Microsoft Office Visio DXF File Insertion Buffer Overflow (04.05.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-028 - Important Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) (16.04.2010)
Files:Microsoft Security Bulletin MS10-028 - Important Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

Kaspersky Antivirus privilege escalation
Published:04.05.2010
Source:
SecurityVulns ID:10809
Type:local
Threat Level:
5/10
Description:Antivirus windows is vulnerable to shatter attack.
Affected:KASPERSKY : Kaspersky Anti-Virus 6.0
Original documentdocumentdaniel lopez, A vulnerability in Kaspersky Antivirus (04.05.2010)

Microsoft Internet Explorer, Google Chrome, Opera and Mozilla Firefox DoS
Published:04.05.2010
Source:
SecurityVulns ID:10810
Type:client
Threat Level:
5/10
Description:Large buffer within <marquee> tag causes browser to crash.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Original documentdocumentInj3ct0r.com, Internet Explorer <= 8 & Mozilla Firefox <= 3.6.3 Crash Exploit (04.05.2010)
Files:Exploit for all browsers (Tested on: Mozilla Firefox // Internet Explorer // Google Chrome // Netscape

GnuTLS library buffer overflow
Published:04.05.2010
Source:
SecurityVulns ID:10811
Type:library
Threat Level:
6/10
Description:Buffer overflow in gnutls_x509_crt_get_serial() function on big-endian platforms.
Affected:GNU : GnuTLS 1.2
CVE:CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:089 ] gnutls (04.05.2010)

MDaemon directory traversal
Published:04.05.2010
Source:
SecurityVulns ID:10812
Type:local
Threat Level:
5/10
Description:Directory traversal on mailing list configuration files allows to access files with LocalSystem privileges.
Affected:MDAEMON : MDaemon 11.0
Original documentdocumentKingcope Kingcope, MDaemon Mailer Daemon Version 11.0.1 (LATEST) Remote File Disclosure (04.05.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.05.2010
Source:
SecurityVulns ID:10813
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ACUITY : Acuity CMS 2.6
 ZIKULA : Zikula Application Framework 1.2
 NOLAPRO : NolaPro 4.0
 Elite : eliteCMS 1.01
 ECOCMS : ecoCMS 18.04.2010
 MEDIAWIKI : mediawiki 1.15
CVE:CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2041-1] New mediawiki packages fix cross-site request forgery (04.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in ecoCMS (04.05.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Zikula Application Framework (04.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in eliteCMS (04.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in Acuity CMS (04.05.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in eliteCMS (04.05.2010)
 documentsecurity_(at)_corelan.be, CORELAN-10-035 NolaPro Enterprise multiple vulnerabilities (04.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod