Computer Security
[EN] securityvulns.ru no-pyccku


Oracle Hyperion ActiveX security vulnerabilities
updated since 01.11.2011
Published:04.11.2011
Source:
SecurityVulns ID:12009
Type:client
Threat Level:
5/10
Description:Buffer overflow in ODBC driver used by ActiveX component, unsafe methods.
Original documentdocumentrgod, Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability (04.11.2011)
 documentrgod, Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow (01.11.2011)
Files:Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)

RSA Key Manager Appliance session termination vulnerabilty
Published:04.11.2011
Source:
SecurityVulns ID:12016
Type:remote
Threat Level:
4/10
Description:Session may be not properly terminated after logout.
Affected:EMC : RSA Key Manager Appliance 2.7
CVE:CVE-2011-2740 (EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.)
Original documentdocumentEMC, ESA-2011-035: RSA, The Security Division of EMC, announces the release of Hotfix 6 with security updates for RSA Key Manager Appliance 2.7 Service Pack 1 (04.11.2011)

Cisco Small Business SRP500 crossite request forgery
Published:04.11.2011
Source:
SecurityVulns ID:12017
Type:remote
Threat Level:
4/10
Description:Crossite request forgery in administration interface.
Affected:CISCO : Cisco SRP521W
 CISCO : Cisco SRP526W
 CISCO : Cisco SRP527W
 CISCO : Cisco SRP541W
 CISCO : Cisco SRP546W
 CISCO : Cisco SRP547W
CVE:CVE-2011-4005 (Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability (04.11.2011)

Wireshark sniffer multipe security vulnerabilities
Published:04.11.2011
Source:
SecurityVulns ID:12018
Type:remote
Threat Level:
5/10
Description:Uninitialized memory dereference, buffer overflow.
Affected:WIRESHARK : Wireshark 1.4
 WIRESHARK : Wireshark 1.6
CVE:CVE-2011-4102 (Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file.)
 CVE-2011-4101 (The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.)
 CVE-2011-4100 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)

EMC Documentum eRoom protection bypass
Published:04.11.2011
Source:
SecurityVulns ID:12019
Type:local
Threat Level:
5/10
Description:It's possible to bypass file type upload limitations.
CVE:CVE-2011-2739 (The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.)
Original documentdocumentEMC, ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. (04.11.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod