Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Network Node Manager multiple security vulnerabilities
updated since 10.01.2009
Published:07.02.2009
Source:
SecurityVulns ID:9567
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities in CGI interface.
Affected:HP : OpenView Network Node Manager 7.51
CVE:CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sensitive information via (1) a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories; or (2) a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.)
 CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.06.09: HP Network Node Manager ovlaunch CGI BSS Overflow Vulnerability (07.02.2009)
 documentIDEFENSE, iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Information Disclosure Vulnerabilities (07.02.2009)
 documentIDEFENSE, iDefense Security Advisory 02.06.09: HP Network Node Manager Multiple Command Injection Vulnerabilities (07.02.2009)
 documentHP, [security bulletin] HPSBMA02400 SSRT080144 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (20.01.2009)
 documentSECUNIA, Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities (10.01.2009)

HP OpenView Network Node Manager code execution
Published:07.02.2009
Source:
SecurityVulns ID:9657
Type:remote
Threat Level:
6/10
Description:Information leakage, command injection.
Affected:HP : OpenView Network Node Manager 7.01
 HP : OpenView Network Node Manager 7.51
 HP : OpenView Network Node Manager 7.53
CVE:CVE-2009-0205
Original documentdocumentHP, [security bulletin] HPSBMA02406 SSRT080100 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (07.02.2009)

HP multiple printers unauthorized access
Published:07.02.2009
Source:
SecurityVulns ID:9658
Type:remote
Threat Level:
5/10
Affected:HP : LaserJet 2410
 HP : LaserJet 2420
 HP : LaserJet 2430
 HP : LaserJet 4250
 HP : LaserJet 4350
 HP : LaserJet 9040
 HP : LaserJet 9045
 HP : LaserJet 4345mfp
 HP : Color LaserJet 4730mfp
 HP : LaserJet 9040mfp
 HP : LaserJet 9050mfp
 HP : 9200C Digital Sender
 HP : Color LaserJet 9500mfp
CVE:CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI.)
Original documentdocumentHP, [security bulletin] HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and HP Digital Senders, Remote Unauthorized Access to Files (07.02.2009)

RealPlayer multiple security vulnerabilities
updated since 07.02.2009
Published:07.02.2009
Source:
SecurityVulns ID:9659
Type:client
Threat Level:
6/10
Description:Multiple vulnerabilities on IVR format parsing.
Affected:REAL : RealPlayer 11
CVE:CVE-2009-0376 (A DLL file in RealNetworks RealPlayer 11 allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin.)
 CVE-2009-0375 (A DLL file in RealNetworks RealPlayer 11 allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin.)
Original documentdocumentZDI, ZDI-10-009: RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability (21.01.2010)
 documentnoreply-secresearch_(at)_fortinet.com, RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities (07.02.2009)

HP-UX DoS
Published:07.02.2009
Source:
SecurityVulns ID:9660
Type:local
Threat Level:
5/10
Description:DoS against NFS.
Affected:HP : HP-UX 11.31
CVE:CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02408 SSRT080182 rev.1 - HP-UX Running NFS, Local Denial of Service (DoS) (07.02.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:07.02.2009
Source:
SecurityVulns ID:9661
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ILCH : ilch 1.1
 PHPCALENDAR : PHP-Calendar 1.1
Original documentdocumentJustin C. Klein Keane, [Full-disclosure] PHP-Calendar SQL Credential Disclosure (07.02.2009)
 documentGizmore, Vulnerable: Ilch CMS (07.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod