Computer Security
[EN] securityvulns.ru no-pyccku


Novell Netware buffer overflow
Published:04.10.2009
Source:
SecurityVulns ID:10285
Type:remote
Threat Level:
7/10
Description:Buffer overflow via NFS.
Affected:NOVELL : Netware 6.5
Original documentdocumentZDI, ZDI-09-067: Novell NetWare NFS Portmapper and RPC Module Stack Overflow Vulnerability (04.10.2009)

Google Googleapps code executions
Published:04.10.2009
Source:
SecurityVulns ID:10286
Type:client
Threat Level:
7/10
Description:googleapps.url.mailto:// URI command injection.
Affected:GOOGLE : Chrome 2.0
Original documentdocumentrgod, google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit (IE) (04.10.2009)

BackupPC privilege escalation
Published:04.10.2009
Source:
SecurityVulns ID:10287
Type:local
Threat Level:
5/10
Description:Privilege escalation with CgiUserConfigEdit
Affected:BACKUPPC : BackupPC 3.1
CVE:CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:253 ] backuppc (04.10.2009)

Cerberus FTP server FTP server buffer overflow
Published:04.10.2009
Source:
SecurityVulns ID:10288
Type:remote
Threat Level:
5/10
Description:Buffer overflow during authentication.
Affected:CERBERUSFTP : Cerberus FTP server Professional 3.0
Original documentdocumentProtek Research Lab, {PRL} Cerberus FTP server 3.0.6 Pre-Auth DoS (04.10.2009)

Novell eDirectory crossite scripting
Published:04.10.2009
Source:
SecurityVulns ID:10289
Type:remote
Threat Level:
5/10
Affected:NOVELL : eDirectory 8.8
Original documentdocumentProtek Research Lab, {PRL} Novell Edirectory 8.8 SP5 XSS (04.10.2009)

perl IO::Socket::SSL certificate validation vulnerability
Published:04.10.2009
Source:
SecurityVulns ID:10290
Type:library
Threat Level:
7/10
Description:IO-Socket-SSL host name is not correctly validated.
Affected:PERL : perl-IO-Socket-SSL 1.25
CVE:CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:178 ] perl-IO-Socket-SSL (04.10.2009)

OSISoft PI Server weak authentication
Published:04.10.2009
Source:
SecurityVulns ID:10291
Type:remote
Threat Level:
5/10
Affected:OSISOFT : PI Server 3.4
Original documentdocumentEyal Udassin, C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness (04.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod