Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 28.10.2009
Published:05.11.2009
Source:
SecurityVulns ID:10356
Type:remote
Threat Level:
8/10
Description:Buffer ovefflows, privilege escalation, information leak, crossite scripting.
Affected:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.0
 MOZILLA : Firefox 3.5
CVE:CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.)
 CVE-2009-3378 (The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.)
 CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.)
 CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.)
 CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects.")
 CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.)
 CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.)
 CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.)
 CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, possibly related to the Archive Manager component. NOTE: some of these details are obtained from third party information.)
 CVE-2009-1563 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.)
Original documentdocumentdisclosure_(at)_contextis.co.uk, Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox (05.11.2009)
 documentIDEFENSE, iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability (29.10.2009)
 documentSECUNIA, Secunia Research: Mozilla Firefox Floating Point Memory Allocation Vulnerability (28.10.2009)
 documentJeremy Brown, Mozilla Firefox 3.5.3 Local Download Manager Exploit (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-64 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-63 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-62 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-61 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-59 (28.10.2009)
 documentMOZILLA, You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-57 Mozilla Foundation Security Advisory 2009-57 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-56 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-55 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-54 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-53 (28.10.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-52 (28.10.2009)
Files:Mozilla Firefox 3.5.3 Local Download Manager Exploit

Sun Java multiple security vulnerabilities
Published:05.11.2009
Source:
SecurityVulns ID:10369
Type:library
Threat Level:
9/10
Description:Multiple buffer overflows and code executions.
Affected:ORACLE : JDK 5.0
 ORACLE : JDK 6.0
CVE:CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.)
 CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.)
 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.)
 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.)
 CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.)
 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.)
 CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.)
 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.)
 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.)
 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.)
 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.)
 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.)
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.)
 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.)
 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.)
 CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.)
Original documentdocumentZDI, ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability (05.11.2009)
 documentZDI, ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability (05.11.2009)
 documentZDI, ZDI-09-080: Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability (05.11.2009)
 documentZDI, ZDI-09-077: Sun Java Web Start Arbitrary Command Execution Vulnerability (05.11.2009)
 documentZDI, ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability (05.11.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.11.2009
Source:
SecurityVulns ID:10371
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WOWD : Wowd 1.3
 EOCMS : eoCMS 0.9
CVE:CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2009-3635 (The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.)
 CVE-2009-3634 (Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2009-3633 (Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.)
 CVE-2009-3632 (SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.)
 CVE-2009-3631 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.)
 CVE-2009-3630 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.)
 CVE-2009-3629 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2009-3628 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.)
Original documentdocumentLostmon lords, Fwd: {LostmonÒ‘s Group} Re: Wowd search client multiple variable xss (solution) (05.11.2009)
 documentBernardo Luis, New vulnerability in Xerox Fiery Webtools (05.11.2009)
 documentBugs NotHugs, Bractus SunTrack Multiple XSS (05.11.2009)
 documentDEBIAN, [SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities (05.11.2009)
 documentSecurity Vulnerability Research Team, [Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report (05.11.2009)

Harris StarMAX 210 WiMax subscriber station crossite request forgery
Published:05.11.2009
Source:
SecurityVulns ID:10372
Type:remote
Threat Level:
5/10
Description:Request forgery in configuration Web interface.
Affected:HARRIS : StarMAX 2100
Original documentdocumentInj3ct0r.com, Harris Stratex StarMAX subscriber station running config CSRF exploit (05.11.2009)

Asterisk multiple security vulnerabilities
Published:05.11.2009
Source:
SecurityVulns ID:10373
Type:remote
Threat Level:
5/10
Description:Information leak, crossite scripting.
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
Original documentdocumentASTERISK, AST-2009-009: Cross-site AJAX request vulnerability (05.11.2009)
 documentASTERISK, AST-2009-008: SIP responses expose valid usernames (05.11.2009)

Adobe Shockwave Player Multiple security vulnerabilities
Published:05.11.2009
Source:
SecurityVulns ID:10374
Type:client
Threat Level:
8/10
Description:Multiple vulnerabilities lead to code executions.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from third party information.)
 CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ShockWave Player 11.5.1.601 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.)
Original documentdocumentVUPEN Security Research, VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities (05.11.2009)
 documentADOBE, Security updates available for Shockwave Player (05.11.2009)

IBM Tivoli Storage Manager buffer overflow
Published:05.11.2009
Source:
SecurityVulns ID:10375
Type:remote
Threat Level:
5/10
Description:CAD Service TCP/1581 buffer overflow
Affected:IBM : Tivoli Storage Manager Express Client 5.3
Original documentdocumentSECUNIA, Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow (05.11.2009)

Wireshark packet parsing vulnerabilities
Published:05.11.2009
Source:
SecurityVulns ID:10377
Type:local
Threat Level:
4/10
Description:DoS and memory corruption on different capture files formats parsing.
Affected:WIRESHARK : Wireshark 1.0
CVE:CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability.")
 CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:292 ] wireshark (05.11.2009)

Novell eDirectory DoS
Published:05.11.2009
Source:
SecurityVulns ID:10378
Type:remote
Threat Level:
5/10
Description:Hang on LDAP request with undefined Base DN
Original documentdocumentZDI, ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability (05.11.2009)

Symantec Altiris Notification Server / Symantec Management Platform / Symantec Altiris Deployment Solution ActiveX buffer overflow
Published:05.11.2009
Source:
SecurityVulns ID:10379
Type:client
Threat Level:
6/10
Description:ConsoleUtilities ActiveX buffer overflow
Affected:SYMANTEC : Altiris Deployment Solution 6.9
 SYMANTEC : Altiris Notification Server 6.0
 SYMANTEC : Symantec Management Platform 7.0
CVE:CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.)
Original documentdocumentNSO Research, NSOADV-2009-001: Symantec ConsoleUtilities ActiveX Control Buffer Overflow (05.11.2009)

HP Power Manager code execution
updated since 05.11.2009
Published:21.01.2010
Source:
SecurityVulns ID:10370
Type:remote
Threat Level:
5/10
Description:Buffer overflow during authentication via web form. Buffer overflow in /goform/formExportDataLogs, directory traversal.
Affected:HP : HP Power Manager 4.2
CVE:CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.)
 CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.)
 CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.)
Original documentdocumentSECUNIA, Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal (21.01.2010)
 documentSECUNIA, Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow (20.01.2010)
 documentHP, [security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code (20.01.2010)
 documentHP, [security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code (20.01.2010)
 documentZDI, ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability (08.11.2009)
 documentHP, [security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code (05.11.2009)

Cherokee Web-server DoS
updated since 05.11.2009
Published:14.06.2010
Source:
SecurityVulns ID:10376
Type:remote
Threat Level:
5/10
Description:Crash on DOS special device name.
Original documentdocumentinfo_(at)_securitylab.ir, Cherokee Web Server 0.5.3 Multiple Vulnerabilities (14.06.2010)
 documentdaniel.crowley_(at)_coresecurity.com, Re: Cherokee Web Server 0.5.4 Denial Of Service (05.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod