Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.04.2011
Source:
SecurityVulns ID:11557
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:USEBB : UseBB 1.0
 ELEANORCMS : Eleanor CMS rc5
 XYMON : Xymon 4.3
 YAWS : yaws-wiki 1.88
Original documentdocumentmike_(at)_sitewat.ch, Stored and Reflective XSS in Yaws-Wiki 1.88-1 (Erlang) (05.04.2011)
 documentHenrik Stoerner, Xymon monitor cross-site scripting vulnerabilities (05.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22914: Local File Inclusion in UseBB (05.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22913: Multiple CSRF (Cross-Site Request Forgery) in UseBB (05.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22912: Multiple SQL Injections in Eleanor CMS (05.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22911: XSS in Eleanor CMS (05.04.2011)

GGmpeg library multiple security vulnerabilities
Published:05.04.2011
Source:
SecurityVulns ID:11558
Type:library
Threat Level:
6/10
Description:Buffer overflow on Vorbis / WebM files decoding, memory corruption on RealMedia and VC1 files.
Affected:FFMPEG : ffmpeg 0.5
CVE:CVE-2011-0723 (FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.)
 CVE-2011-0722 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.)
 CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.)
Original documentdocumentUBUNTU, [USN-1104-1] FFmpeg vulnerabilities (05.04.2011)

xmlsec library unauthorized access
Published:05.04.2011
Source:
SecurityVulns ID:11559
Type:library
Threat Level:
6/10
Description:It's possible to access files via ds:Transform.
Affected:XMLSEC : xmlsec 1.2
CVE:CVE-2011-1425 (xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:063 ] xmlsec1 (05.04.2011)

iSCSI target user-space tools double free
Published:05.04.2011
Source:
SecurityVulns ID:11560
Type:local
Threat Level:
5/10
Description:Double free() in tgt.
Affected:TGT : tgt 1.0
CVE:CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2209-1] tgt security update (05.04.2011)

IBM solidDB authentication bypass
Published:05.04.2011
Source:
SecurityVulns ID:11561
Type:remote
Threat Level:
5/10
Description:solid.exe (TCP/1315, TCP/1964, TCP/2315) authentication bypass.
Original documentdocumentZDI, ZDI-11-115: IBM solidDB solid.exe Authentication Bypass Remote Code Execution Vulnerability (05.04.2011)

THOMSON TG585 routers crossite scripting
Published:05.04.2011
Source:
SecurityVulns ID:11562
Type:remote
Threat Level:
3/10
Description:Crossite scripting in Web interface.
Affected:THOMSON : Thomson TG585
Original documentdocumentedgard.chammas_(at)_balamand.edu.lb, THOMSON Router XSS (05.04.2011)

Novell File Reporter Agent buffer overflow
Published:05.04.2011
Source:
SecurityVulns ID:11563
Type:remote
Threat Level:
5/10
Description:NFRAgent.exe TCP/3037 buffer overflow.
CVE:CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.)
Original documentdocumentZDI, ZDI-11-116: Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (05.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod