Computer Security
[EN] securityvulns.ru no-pyccku


Novell ZENworks Endpoint Security Management security client privilege escalation
Published:06.01.2008
Source:
SecurityVulns ID:8532
Type:local
Threat Level:
6/10
Description:Application launch with SYSTEM privileges by relative path, temporary executable files creatin in user-controlled directory.
Affected:NOVELL : ZENworks Endpoint Security Management 3.5
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.24.07: Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability (06.01.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.01.2008
Source:
SecurityVulns ID:8533
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INVISION : Invision Power Board 2.1
 NETRISK : netrisk 1.9
Original documentdocumentunderwater_(at)_itdefence.ru, INVISION POWER BOARD 2.1.7 ACTIVE XSS/SQL INJECTION EXPLOIT (06.01.2008)
 document , NetRisk 1.9.7 Remote File Inclusion Vulnerability (06.01.2008)

Aruba Mobility Controller unauthorized access
Published:06.01.2008
Source:
SecurityVulns ID:8534
Type:remote
Threat Level:
6/10
Description:Unauthorized access without password if LDAP authentication module enabled.
Affected:ARUBA : Aruba Mobility Controller 2.3
 ARUBA : Aruba Mobility Controller 2.4
 ARUBA : Aruba Mobility Controller 2.5
 ARUBA : Aruba Mobility Controller 3.1
Original documentdocumentARUBA, Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 (06.01.2008)

loop-aes-utils / util-linux privilege escalation
Published:06.01.2008
Source:
SecurityVulns ID:8535
Type:local
Threat Level:
5/10
Description:Group privileges are not properly dropped.
Affected:LOOPEASUTILS : loop-aes-utils 2.12
 UTILLINUX : util-linux 2.12
CVE:CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1450-1] New util-linux packages fix programming error (06.01.2008)
 documentDEBIAN, [SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error (06.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod