Computer Security
[EN] securityvulns.ru no-pyccku


Broadsoft BroadWorks information leak
Published:04.11.2010
Source:
SecurityVulns ID:11231
Type:remote
Threat Level:
5/10
Description:Incoming and outgoing calls inrofmation is available without authentication.
Affected:BROADSOFT : BroadWorks 16
Original documentdocumentNick Freeman, Security-Assessment.com Advisory: BroadWorks Call Detail Record Disclosure Vulnerability (04.11.2010)

HP Storage Essentials unauthorized access
Published:04.11.2010
Source:
SecurityVulns ID:11234
Type:remote
Threat Level:
5/10
Description:Unauthorized access if LDAP is used.
Affected:HP : HP Storage Essentials 6.0
 HP : HP Storage Essentials 5.1
 HP : HP Storage Essentials 6.1
 HP : HP Storage Essentials 6.2
CVE:CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBST02595 SSRT1000303 rev.1 - HP Storage Essentials Using LDAP, Remote Unauthenticated Access (04.11.2010)

HP Version Control Repository Manager crossite scripting
Published:04.11.2010
Source:
SecurityVulns ID:11236
Type:remote
Threat Level:
5/10
Affected:HP : HP Version Control Repository Manager 6.3
CVE:CVE-2010-3994 (Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02597 SSRT100198 rev.1 - HP Version Control Repository Manager (VCRM) for Windows, Remote Cross Site Scripting (XSS) (04.11.2010)

HP Software Update HPeDiag ActiveX security vulnerabilities
Published:04.11.2010
Source:
SecurityVulns ID:11237
Type:remote
Threat Level:
5/10
Description:Information leak, code execution.
Affected:HP : HP Software Update 4.0
CVE:CVE-2008-0712
Original documentdocumentHP, [security bulletin] HPSBGN02333 SSRT080031 rev.2 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code (04.11.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.11.2010
Source:
SecurityVulns ID:11229
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ZENCART : Zen Cart 1.3
 JAFCMS : JAF CMS 4.0
 MOZILLA : Bugzilla 3.2
 EOCMS : eoCMS 0.9
 MOZILLA : Bugzilla 3.4
 TEXTPATTTERN : Textpattern CMS 4.2
 MINIBB : MiniBB 2.5
 BASICCMS : SweetRice CMS 0.6
 BUGZILLA : Bugzilla 3.6
 BUGZILLA : Bugzilla 3.7
CVE:CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL.)
 CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL.)
Original documentdocumentBUGZILLA, Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 (04.11.2010)
 documentSalvatore "drosophila" Fresta, Zen Cart 1.3.9h Local File Inclusion Vulnerability (04.11.2010)
 documentmd.r00t.defacer_(at)_gmail.com, Adsoft Remote Sql Injection Vulnerability (04.11.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in SweetRice CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, XSS in SweetRice CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, Reset admin password in SweetRice CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, Shell create & command execution in JAF CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, RFI in JAF CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, BBcode XSS in MiniBB (04.11.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in MiniBB (04.11.2010)
 documentHigh-Tech Bridge Security Research, XSS in Textpattern CMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, LFI in eoCMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, Path disclosure in eoCMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in eoCMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, LFI in eoCMS (04.11.2010)
 documentHigh-Tech Bridge Security Research, BBcode XSS in eoCMS (04.11.2010)

Apache Shiro protection bypass
Published:04.11.2010
Source:
SecurityVulns ID:11230
Type:remote
Threat Level:
5/10
Description:Protection bypass via directory traversal.
Affected:APACHE : Shiro 1.0
CVE:CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.)
Original documentdocumentAPACHE, CVE-2010-3863: Apache Shiro information disclosure vulnerability (04.11.2010)

HP Palm WebOS multiple security vulnerabilities
Published:04.11.2010
Source:
SecurityVulns ID:11232
Type:client
Threat Level:
5/10
Description:Code execution, files access.
Affected:HP : Palm webOS 1.4
CVE:CVE-2010-4027 (Unspecified vulnerability in the camera application in HP Palm webOS 1.4.1 allows local users to overwrite arbitrary files via unknown vectors.)
 CVE-2010-4026 (Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls.)
 CVE-2010-4025 (Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document.)
Original documentdocumentHP, [security bulletin] HPSBMI02580 SSRT100254 rev.1 - Palm webOS, Code execution vulnerability in Palm webOS service API (04.11.2010)
 documentHP, [security bulletin] HPSBMI02582 SSRT100269 rev.1 - Palm webOS Camera Application, Unauthorized Write Access (04.11.2010)
 documentHP, [security bulletin] HPSBMI02573 SSRT100227 rev.1 - Palm webOS, webOS Doc Viewer, Execution of Arbitrary Code (04.11.2010)

HP LoadRunner Web Tours DoS
Published:04.11.2010
Source:
SecurityVulns ID:11233
Type:remote
Threat Level:
5/10
Affected:HP : LoadRunner 9.1
CVE:CVE-2010-4028 (Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02533 SSRT080049 rev.1 - HP LoadRunner Web Tours 9.10 Remote Denial of Service (04.11.2010)

HP Virtual Server Environment / HP Virtual Connect Enterprise Manager unauthorized files access
Published:04.11.2010
Source:
SecurityVulns ID:11235
Type:remote
Threat Level:
5/10
Affected:HP : HP Virtual Server Environment 6.2
 HP : HP Virtual Connect Enterprise Manager 6.1
CVE:CVE-2010-3990 (Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manager (VCEM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02593 SSRT100237 rev.1 - HP Virtual Connect Enterprise Manager (VCEM) for Windows, Remote Arbitrary File Download (04.11.2010)
 documentHP, [security bulletin] HPSBMA02599 SSRT100235 rev.1 - HP Virtual Server Environment for Windows, Remote Arbitrary File Download (04.11.2010)

HP AssetCenter / AssetManager crossite scripting
Published:04.11.2010
Source:
SecurityVulns ID:11238
Type:remote
Threat Level:
5/10
Affected:HP : AssetCenter 5.03
 HP : AssetManager 5.12
 HP : AssetManager 5.22
CVE:CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02596 SSRT100271 rev.1 - HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows , Remote Cross Site Scripting (XSS) (04.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod