Computer Security
[EN] securityvulns.ru
no-pyccku

  

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.12.2010
Source:
SecurityVulns ID:11278
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ALGUEST : Alguest 1.1
 ETOMITE : Etomite 1.1
 BIGACE : BIGACE Web CMS 2.7
 CONTENIDO : Contenido CMS 4.8
 WORDPRESS : Register Plus Redux 3.6
Original documentdocumentAliaksandr Hartsuyeu, [eVuln.com] PHP Code Execution in Alguest (06.12.2010)
 documentAliaksandr Hartsuyeu, [eVuln.com] Cookie authentication bypass in Alguest (06.12.2010)
 documentMustLive, Vulnerabilities in Register Plus Redux for WordPress (06.12.2010)
 documentMustLive, Уязвимости в Register Plus Redux для WordPress (06.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Contenido CMS (06.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Contenido CMS (06.12.2010)
 documentadvisory_(at)_htbridge.ch, Path disclosure in BIGACE Web CMS (06.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL Injection in Etomite (06.12.2010)
 documentadvisory_(at)_htbridge.ch, Local file view in Etomite (06.12.2010)
 documentadvisory_(at)_htbridge.ch, Path disclosure in Etomite (06.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS in Etomite (06.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL Injection in Etomite (06.12.2010)

Cisco IPSec information leakage
Published:06.12.2010
Source:BUGTRAQ
SecurityVulns ID:11280
Type:remote
Level:4/10
Description:It's possible to enumerate group names.
Original documentdocumentResearch@NGSSecure, NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration (06.12.2010)

bind named DNS server vulnerabilities
Published:06.12.2010
Source:BUGTRAQ
SecurityVulns ID:11279
Type:remote
Level:6/10
Description:DoS, information leaks.
Affected:ISC : bind 9.7
CVE:CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.)
 CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.)
Original documentdocumentUBUNTU, [USN-1025-1] Bind vulnerabilities (06.12.2010)

Microsoft Windows hidden administrative group membership
Published:06.12.2010
Source:BUGTRAQ
SecurityVulns ID:11281
Type:local
Level:3/10
Description:It's possible to include user's account into administrative group without direct group membership.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Original documentdocumentSteno Plasma, Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001) (06.12.2010)

VMWare application multiple security vulnerabilities
updated since 06.12.2010
Published:10.12.2010
Source:BUGTRAQ
SecurityVulns ID:11282
Type:client
Level:6/10
Description:Privilege escalation, code execution.
Affected:VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Workstation 6.5
 VMWARE : VMware Player 2.5
 VMWARE : VMware ESXi 4.0
 VMWARE : VMware ESX 4.0
 VMWARE : VMware Workstation 7.1
 VMWARE : VMware Player 3.1
 VMWARE : VMware Fusion 3.1
 VMWARE : VMware ESXi 4.1
 VMWARE : VMWare ESX 4.1
CVE:CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.)
 CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.)
 CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.)
 CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.)
Original documentdocumentBonsai - Information Security, Bonsai Information Security - VMware Tools update OS Command Injection (10.12.2010)
 documentVMWARE, VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues (06.12.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru