Gnome Nautilus code execution
Published:		08.02.2010
Source:		BUGTRAQ
SecurityVulns ID:		10593
Type:		local
Level:		5/10
Description:		HTML script is executed in local machine context on HTML prveiew.

Original document

Joe Dohn, GNOME Nautilus (08.02.2010)

Files:		GNOME Nautilus code execution PoC
Discuss:		Read or add your comments to this news (0 comments)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 08.02.2010
Published:		08.02.2010
Source:
SecurityVulns ID:		10595
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		EVALSMSI : evalsmsi 2.1
		LANDESK : LANDesk Management Gateway 4.2
		LANDESK : LANDesk Management Gateway 4.0
CVE:		CVE-2010-0369
		CVE-2010-0368

Original document		CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2010-0104 - LANDesk OS command injection (08.02.2010)
		MustLive, Vulnerability in Tagcloud for DataLife Engine (08.02.2010)
		Inj3ct0r.com, TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility (08.02.2010)
		noreply_(at)_justanotherhacker.com, JAHx101 - Huski retail mulitple SQL injection vulnerabilities (08.02.2010)
		noreply_(at)_justanotherhacker.com, JAHx102 - HuskiCMS local file inclusion (08.02.2010)
		Peter Van Eeckhoutte, CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03 (08.02.2010)

Discuss:

Read or add your comments to this news (0 comments)

Ipswitch IMail multiple security vulnerabilities
Published:		08.02.2010
Source:		BUGTRAQ
SecurityVulns ID:		10596
Type:		local
Level:		5/10
Description:		Weak permissions for registry and installation folder. Passwords are stored in readable location with reversible encryption.

Affected:

IPSWITCH : Imail 11.01

Original document

security_(at)_corelan.be, CORELAN-10-009 : Ipswitch IMAIL 11.01 multiple vulnerabilities (reversible encryption + weak ACL) (08.02.2010)

Files:		Ipswitch IMail Server - IMAP4 Server (IMail 11.01) Password Decryptor
Discuss:		Read or add your comments to this news (0 comments)

libmikmod multiple buffer overflows updated since 08.02.2010
Published:		14.08.2010
Source:		BUGTRAQ
SecurityVulns ID:		10594
Type:		library
Level:		5/10
Description:		Multiple overflows on Impulse Tracker and Ultratracker format parsing.

Affected:		MIKMOD : libmikmod 3.1
CVE:		CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.)
		CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.)
		CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.)

Original document		DEBIAN, [SECURITY] [DSA 2081-1] New libmikmod packages fix arbitrary code execution (14.08.2010)
		SECUNIA, Secunia Research: libmikmod Module Parsing Vulnerabilities (08.02.2010)

Discuss:

Read or add your comments to this news (0 comments)