Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.08.2010
Source:
SecurityVulns ID:11027
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WordPress 2.0
 MOINMOIN : MoinMoin 1.9
 SOURCEFABRIC : Campsite 3.3
 68KB : 68KB 1.0
 MOINMOIN : MoinMoin 1.7
CVE:CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.)
Original documentdocumentInsomnia Security, Insomnia : ISVA-100730.1 - CMS Multiple SQL injection Vulnerabilities (05.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Campsite (05.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Campsite (05.08.2010)
 documenteidelweiss randy, 68KB v1.0.0rc4 Remote File Include Vulnerability (05.08.2010)
 documentMustLive, CSRF, Information Leakage and Full path disclosure vulnerabilities in WordPress (05.08.2010)
 documentMustLive, Information Leakage and Full path disclosure vulnerabilities in WordPress (05.08.2010)

Akamai Download Manager code execution
Published:05.08.2010
Source:
SecurityVulns ID:11028
Type:local
Threat Level:
6/10
Description:It's possible to automatically download and execute file.
Affected:AKAMAI : Akamai Download Manager 2.2
Original documentdocumentAkita Software Security, Akamai Download Manager arbitrary file download & execution (05.08.2010)

KMeleon buffer overflow
Published:05.08.2010
Source:
SecurityVulns ID:11030
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized URL.
Affected:KMELEON : K-Meleon 1.5
 KMELEON : K-Meleon 1.6
Original documentdocumentLostmon lords, Fwd: {LostmonÒ‘s Group} K-Meleon for windows about:neterror Stack Overflow DoS (05.08.2010)

Apple Safari DoS
Published:05.08.2010
Source:
SecurityVulns ID:11032
Type:client
Threat Level:
4/10
Description:Hang on oversized URL
Affected:APPLE : Safari 5.0
Original documentdocumentLostmon lords, Fwd: {LostmonÒ‘s Group} Safari for windows Long link DoS (05.08.2010)

Quick Easy FTP Server buffer overflow
Published:05.08.2010
Source:
SecurityVulns ID:11033
Type:remote
Threat Level:
5/10
Description:USER command buffer overflow.
Affected:QUICKEASY : Quick Easy Ftp Server 3.9
Original documentdocumenthuang_chaoyi_(at)_venustech.com.cn, Quick Easy FTP Server USER command Vulnerability (05.08.2010)
Files:DoS Exploit of Quick Easy Ftp Server version <=3.9.1 USER COMMAND Buffer Overflow

cabextract code execution
Published:05.08.2010
Source:
SecurityVulns ID:11036
Type:local
Threat Level:
4/10
Affected:CABEXTRACT : cabextract 1.2
CVE:CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2087-1] New cabextract packages fix arbitrary code execution (05.08.2010)

VxWorks weak wuthentication
Published:05.08.2010
Source:
SecurityVulns ID:11037
Type:client
Threat Level:
6/10
Description:Weak password hashing algorythm with large collision probability.
Original documentdocumentHD Moore, [R7-0035] VxWorks Authentication Library Weak Password Hashing (05.08.2010)

Citrix Presentation Server Client buffer overflow
updated since 05.08.2010
Published:08.08.2010
Source:
SecurityVulns ID:11034
Type:client
Threat Level:
6/10
Description:Buffer overflow on ICA server response parsing.
Affected:CITRIX : Presentation Server Client 10.150
Original documentdocumentIDEFENSE, iDefense Security Advisory 08.03.10: Citrix ICA Client ActiveX Memory Corruption Vulnerabillity (08.08.2010)
 documentdisclosure_(at)_contextis.co.uk, Heap Offset Overflow in Citrix ICA Clients (05.08.2010)

Cisco Firewall Services Module / Adaptive Security Appliances / Application Control Engine multiple DoS conditions
updated since 05.08.2010
Published:12.08.2010
Source:
SecurityVulns ID:11031
Type:remote
Threat Level:
6/10
Description:DoS on SunRPC and SIP protocols inspection, DoS on TCP, RTSP, TLS connections and IKE.
Affected:CISCO : ASA 7.0
 CISCO : ASA 7.1
 CISCO : FWSM 3.1
 CISCO : ASA 7.2
 CISCO : FWSM 3.2
 CISCO : ASA 8.0
 CISCO : FWSM 4.0
 CISCO : FWSM 4.1
 CISCO : ASA 8.1
 CISCO : ASA 8.2
 CISCO : ASA 8.3
CVE:CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) with software 3.2 before 3.2(17.2), 4.0 before 4.0(11.1), and 4.1 before 4.1(1.2) for Catalyst 6500 series switches and 7600 series routers, when multi-mode is enabled, allows remote attackers to cause a denial of service (device reload) via crafted (1) Telnet, (2) SSH, or (3) ASDM traffic over TCP, aka Bug ID CSCtg68694.)
 CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61662.)
 CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622.)
 CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61710.)
 CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and 8.3 before 8.3(1.1) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a crafted IKE message, aka Bug ID CSCte46507.)
 CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106.)
 CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259.)
 CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506.)
 CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtd32627.)
 CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc85753.)
 CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922.)
 CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine (12.08.2010)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances (05.08.2010)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module (05.08.2010)

Directory traversal in multiple FTP clients
updated since 05.08.2010
Published:13.10.2010
Source:
SecurityVulns ID:11029
Type:local
Threat Level:
5/10
Description:It's possible for file to be downloaded outside directory choosen by user.
Affected:INTERNETSOFT : FTP Commander 8.02
 TURBOFTP : TurboFTP Client 6.0
 ELECTRASOFT : 32bit FTP Client 10.07
 FRIGATE : Frigate 3.36
 SMARTSOFT : SmartFTP 4.0
 IORUSH : FTP Rush 1.1
 FTPX : FTP Explorer 10.5
 SOFTX : SoftX FTP Client 3.3
 SITEDESIGNER : 3D FTP Client 9.0
 DESKSHARE : AutoFTP Manager 4.31
 FTPGETTER : FTPGetter 3.51
 FILTERFTP : FilterFTP 2.0
 FTPVOYAGER : FTP Voyager 15.2
 CROSSFTP : CrossFTP Pro 1.65
 ROBOFTP : Robo-FTP 3.7
 ANYCONNECT : AnyConnect 1.2
 FRESHWEBMASTER : FreshFTP 5.36
Original documentdocumentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in AnyConnect (13.10.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in FreshFTP (13.10.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in Robo-FTP (13.10.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in CrossFTP Pro (13.10.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in FTP Voyager (11.10.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in FilterFTP (11.10.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal in AutoFTP Manager (23.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal in FTPGetter (23.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal in 3D FTP Client (23.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal in SoftX FTP Client (16.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal in FTP Explorer (08.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal in FTP Rush (08.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal in SmartFTP (08.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal in Frigate 3 built-in FTP client (08.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in 32bit FTP Client (05.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in FTP Commander Deluxe (05.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in FTP Commander (05.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in TurboFTP 6 Client (05.08.2010)
 documentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in FTP Commander Pro (05.08.2010)

Avahi DNS server DoS
updated since 05.08.2010
Published:24.02.2011
Source:
SecurityVulns ID:11035
Type:remote
Threat Level:
5/10
Description:Crash on malformed DNS packet parsing.
Affected:AVAHI : Avahi 0.6
CVE:CVE-2011-1002 (avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.)
 CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:037 ] avahi (24.02.2011)
 documentDEBIAN, [SECURITY] [DSA 2086-1] New avahi packages fix denial of service (05.08.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod