Computer Security
[EN] securityvulns.ru no-pyccku


Miranda IM TLS encryption vulnerability
updated since 18.03.2010
Published:07.04.2010
Source:
SecurityVulns ID:10695
Type:m-i-t-m
Threat Level:
5/10
Description:Under some conditions TLS is not used for Jabber server connection regradless of settings.
Affected:MIRANDA : Miranda IM 0.8
Original documentdocumentJan Schejbal, Miranda IM silent TLS failure (18.03.2010)
Files:Miranda IM TLS MitM Proof of Concept

Oracle Sun Java multiple security vulnerabilities
updated since 31.03.2010
Published:07.04.2010
Source:
SecurityVulns ID:10737
Type:library
Threat Level:
9/10
Description:Buffer overflows on soundbank parsing, buffer overflow on images and archives parsing. Multiple code executions and privilege escalations.
Affected:SUN : JDK 1.6
 SUN : JRE 1.6
 ORACLE : JRE 6
 ORACLE : JDK 6
CVE:CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.)
 CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.)
 CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.)
 CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".)
 CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability.")
 CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.)
 CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.)
 CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
Original documentdocumentUBUNTU, [USN-923-1] OpenJDK vulnerabilities (07.04.2010)
 documentZDI, ZDI-10-057: Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-059: Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability (06.04.2010)
 documentZDI, ZDI-10-052: Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-054: Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE Unpack200 Buffer Overflow Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Pointer Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index Vulnerability (05.04.2010)
 documentSECUNIA, Secunia Research: Sun Java JDK/JRE Soundbank Resource Parsing Buffer Overflow (31.03.2010)
 documentSECUNIA, Secunia Research: Sun Java JDK/JRE Soundbank Resource Name Buffer Overflow (31.03.2010)
 documentIDEFENSE, iDefense Security Advisory 03.30.10: Oracle Java Runtime Environment Image FIle Buffer Overflow Vulnerability (31.03.2010)

MIT Kerberos 5 kadmind DoS
Published:07.04.2010
Source:
SecurityVulns ID:10747
Type:remote
Threat Level:
5/10
Description:use-after-free vulnerability on error message generation.
Affected:MIT : krb 1.5
 MIT : krb 1.6
CVE:CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.)
Original documentdocumentMIT, MITKRB5-SA-2010-003 [CVE-2010-0629] denial of service in kadmind in older krb5 releases (07.04.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:07.04.2010
Source:
SecurityVulns ID:10748
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MAHARA : mahara 1.2
 CA : XOsoft 12.0
 CA : XOsoft 12.5
 NEXTGEN : NextGEN Gallery 1.5
CVE:CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.)
 CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request.)
 CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.)
 CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.)
 CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2010-0323: XSS Vulnerability in NextGEN Gallery Wordpress Plugin (07.04.2010)
 documentZDI, ZDI-10-065: CA XOsoft xosoapapi.asmx Multiple Remote Code Execution Vulnerabilities (07.04.2010)
 documentZDI, ZDI-10-066: CA XOsoft Control Service entry_point.aspx Remote Code Execution Vulnerability (07.04.2010)
 documentCA, CA20100406-01: Security Notice for CA XOsoft (07.04.2010)
 documentDEBIAN, [SECURITY] [DSA 2030-1] New mahara packages fix sql injection (07.04.2010)
 documentMustLive, New vulnerabilities in CMS SiteLogic (07.04.2010)
 documentInj3ct0r.com, MKPortal lenta module XSS Vulnerability (07.04.2010)

Apple Mac OS X multiple security vulnerabilities
updated since 07.04.2010
Published:19.04.2010
Source:
SecurityVulns ID:10746
Type:remote
Threat Level:
7/10
Description:Code execution on Internet Enabled Disk Image files. Multiple vulnerabilities in ImageIO,
CVE:CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.)
 CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.)
Original documentdocumentZDI, ZDI-10-076: Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability (19.04.2010)
 documentZDI, ZDI-10-039: Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability (07.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod