Computer Security
[EN] securityvulns.ru no-pyccku


CoreHTTP Web server buffer overflow
Published:08.12.2009
Source:
SecurityVulns ID:10448
Type:remote
Threat Level:
5/10
Description:Off-by-one buffer overflow on request method handling.
Affected:COREHTTP : CoreHTTP 0.5
CVE:CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2007-4060.)
Original documentdocumentPatroklos Argyroudis, CVE-2009-3586: CoreHTTP web server off-by-one buffer overflow vulnerability (08.12.2009)

Novell iPrint Client multiple security vulnerabilities
Published:08.12.2009
Source:
SecurityVulns ID:10447
Type:client
Threat Level:
6/10
Description:Buffer overflows in ActiveX.
Affected:NOVELL : iPrint Client 5.30
 NOVELL : iPrint Client 4.38
CVE:CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5.30, and possibly other versions before 5.32 allow remote attackers to execute arbitrary code via vectors related to (1) Date and (2) Time.)
 CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.)
Original documentdocumentSECUNIA, Secunia Research: Novell iPrint Client Date/Time Parsing Buffer Overflow (08.12.2009)
 documentSECUNIA, Secunia Research: Novell iPrint Client "target-frame" Parameter Buffer Overflow (08.12.2009)

HP OpenView Data Protector Application Recovery Manager DoS
updated since 08.12.2009
Published:09.12.2009
Source:
SecurityVulns ID:10446
Type:remote
Threat Level:
5/10
Affected:HP : OpenView Data Protector Application Recovery Manager 6.0
 HP : OpenView Data Protector Application Recovery Manager 5.50
CVE:CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.)
Original documentdocumentZDI, ZDI-09-091: Hewlett-Packard Application Recovery Manager MSG_PROTOCOL Stack Overflow Vulnerability (09.12.2009)
 documentHP, [security bulletin] HPSBMA02481 SSRT090113 rev.1 - HP OpenView Data Protector Application Recovery Manager, Remote Denial (08.12.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod