Computer Security
[EN] securityvulns.ru no-pyccku


Apple QuickTime multiple security vulnerabilities
updated since 05.08.2011
Published:05.09.2011
Source:
SecurityVulns ID:11834
Type:remote
Threat Level:
7/10
Description:Memory corruptions in PICT, JPEG2000, WAV, JPEG, GIF and different movie formats parsing, crossite scripting.
Affected:QUICKTIME : QuickTime 7.6
CVE:CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file.)
 CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.)
 CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file.)
 CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file.)
 CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file.)
 CVE-2011-0250 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file.)
 CVE-2011-0249 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file.)
 CVE-2011-0248 (Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file.)
 CVE-2011-0247 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie.)
 CVE-2011-0246 (Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.)
 CVE-2011-0245 (Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file.)
 CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.)
 CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.)
 CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.)
 CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.)
 CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.)
Original documentdocumentZDI, ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability (05.09.2011)
 documentZDI, ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-258: Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-257: Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-255: Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-254: Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability (10.08.2011)
 documentZDI, ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability (10.08.2011)
 documentAPPLE, APPLE-SA-2011-08-03-1 QuickTime 7.7 (05.08.2011)
Files:About the security content of QuickTime 7.7

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.09.2011
Source:
SecurityVulns ID:11890
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:LEDGERSMB : LedgerSMB 1.2
 SQLLEDGER : SQL-Ledger 2.8
 WORDPRESS : Wordpress redirection pugin 2.2
 FREEHELPDESK : Help Request System 1.1
Original documentdocumentChris Travers, Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Mediagrafic (prodotto.asp?id) (records.asp?id_p) Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, CWM (dettaglio-prodotto.asp?id) Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Dexanet Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Sana Net (viewnews.php?id) Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Sana Net (viewpages.php?id) Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Fulci (prodotto.php?id) Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Olonet (prodotto.php?idproduct) Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Studio Linea (prodotto.php?id) Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, ITTWeb Remote SQL injection Vulnerability (05.09.2011)
 documentEhsan_Hp200_(at)_hotmail.com, ph5gruppo (prodotto.php?id) Remote SQL injection Vulnerability (05.09.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-19] SQL injection vulnerability in Help Request System (05.09.2011)
 documentHigh-Tech Bridge Security Research, XSS in Redirection wordpress plugin (05.09.2011)

BroadWin WebAccess Client ActiveX security vulnerabilities
Published:05.09.2011
Source:
SecurityVulns ID:11891
Type:client
Threat Level:
5/10
Description:Format string vulnerability, memory corruption.
Affected:BROADWIN : BroadWin WebAccess Client 7.0
Original documentdocumentLuigi Auriemma, Vulnerabilities in BroadWin WebAccess Client 1.0.0.10 (05.09.2011)
Files:BroadWin WebAccess Client bwocxrun.ocx PoC

KnFTPd FTP Server buffer overflows
Published:05.09.2011
Source:
SecurityVulns ID:11892
Type:remote
Threat Level:
5/10
Description:Buffer overflows in different FTP commands.
Affected:KNFTP : KnFTPd 1.0
Original documentdocumentliuqx_(at)_nipc.org.cn, KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow (05.09.2011)
Files:KnFTPd FTP Server v1.0.0 Multiple Command Remote Buffer Overflow Exploit

Symantec Veritas Backup Exec code execution
Published:05.09.2011
Source:
SecurityVulns ID:11893
Type:remote
Threat Level:
5/10
Description:It's possible to execute privileged command remotely.
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
 SYMANTEC : Backup Exec 11.0
 SYMANTEC : Backup Exec 12.5
 SYMANTEC : Backup Exec 13.0
CVE:CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code (05.09.2011)
Files:Security Advisories Relating to Symantec Products - Symantec Backup Exec Man-in-The-Middle

InduSoft WebStudio ActiveX buffer overflow
updated since 05.09.2011
Published:21.11.2011
Source:
SecurityVulns ID:11894
Type:client
Threat Level:
5/10
Description:Different ActiveX methods buffer overflows.
Affected:INDUSOFT : InduSoft Web Studio 7.0
CVE:CVE-2011-4052 (Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name.)
 CVE-2011-4051 (CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.)
 CVE-2011-0342 (Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.)
Original documentdocumentZDI, ZDI-11-329 : InduSoft WebStudio CEServer Operation 0x15 Remote Code Execution Vulnerability (21.11.2011)
 documentZDI, ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability (21.11.2011)
 documentSECUNIA, Secunia Research: InduSoft ISSymbol ActiveX Control Buffer Overflow Vulnerabilities (05.09.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod