Computer Security
[EN] securityvulns.ru no-pyccku


HP Managed Printing Administration multiple security vulnerabilities
updated since 26.12.2011
Published:09.01.2012
Source:
SecurityVulns ID:12115
Type:remote
Threat Level:
6/10
Description:Buffer overflows, unauthorized files access, directory raversal.
CVE:CVE-2011-4169 (Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.)
 CVE-2011-4168 (Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.)
 CVE-2011-4167 (Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.)
 CVE-2011-4166 (Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.)
Original documentdocumentHP, [security bulletin] HPSBPI02732 SSRT100435 rev.1 - HP Managed Printing Administration, Remote Execution of Arbitrary Code and Other Vulnerabilities (09.01.2012)
 documentZDI, ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities (09.01.2012)
 documentZDI, ZDI-11-354 : HP Managed Printing Administration jobDelivery Multiple Vulnerabilities (26.12.2011)
 documentZDI, ZDI-11-353 : HP Managed Printing Administration MPAUploader.dll Remote Code Execution Vulnerability (26.12.2011)
 documentZDI, ZDI-11-352 : HP Managed Printing Administration jobAcct Multiple Vulnerabilities (26.12.2011)

IpTools security vulnerabilities
Published:09.01.2012
Source:
SecurityVulns ID:12126
Type:remote
Threat Level:
5/10
Description:rcmd buffer overflow, Web server directory traversal.
Affected:IPTOOLS : IpTools 0.1
Original documentdocumentdemonalex_(at)_163.com, IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability (09.01.2012)
 documentdemonalex_(at)_163.com, IpTools - Rcmd Remote Overflow Vulnerability (09.01.2012)
Files:IpTools(0.1.4) - Rcmd Remote Crash PoC

HServer webserver directory traversal
Published:09.01.2012
Source:
SecurityVulns ID:12128
Type:remote
Threat Level:
5/10
Description:Directory traversal with HTML-encoded requests.
Affected:HSERVER : HServer 0.1
Original documentdocumentdemonalex_(at)_163.com, HServer webserver - Directory Traversal Vulnerability (09.01.2012)

ffmpeg library multiple security vulnerabilities
Published:09.01.2012
Source:
SecurityVulns ID:12129
Type:remote
Threat Level:
6/10
Description:Multiple memory corruptions on QDM2, VP5, VP6, VMD and SVQ1 files parsing.
CVE:CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed.")
 CVE-2011-4364 (Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.)
 CVE-2011-4353 (The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.)
 CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2378-1] ffmpeg security update (09.01.2012)

HP Database Archiving Software code execution
Published:09.01.2012
Source:
SecurityVulns ID:12131
Type:remote
Threat Level:
6/10
CVE:CVE-2011-4163 (Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.)
Original documentdocumentHP, [security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code (09.01.2012)

'super' script execution buffer overflow
Published:09.01.2012
Source:
SecurityVulns ID:12132
Type:local
Threat Level:
5/10
Description:Buffer overflow during logging.
Affected:SUPER : super 3.30
CVE:CVE-2011-2776 (Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2383-1] super security update (09.01.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.01.2012
Source:
SecurityVulns ID:12133
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 SQLITEMANAGER : SQLiteManager 1.2
 BIGACE : BigACE 2.7
 IMPRESSPAGES : ImpressPages CMS 1.0
 WORDPRESS : Register Plus Redux 3.7
 VERTIGO : VertrigoServ 2.25
 GGB : Ggb Guestbook 0.3
 APACHE : Struts 2.3
 ORCHARD : Orchard 1.3
 TEXTPATTERN : Textpattern 4.4
 OPENEMR : OpenEMR 4.1
 BUGZILLA : Bugzilla 4.1
 MAVILIGUESTBOOK : mavili guestbook 200711
 OPENKM : OpenKM 5.1
 WINN : Winn Guestbook 2.4
CVE:CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter.)
 CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter.)
 CVE-2011-4824 (SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.)
 CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart.)
 CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php.)
 CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.)
 CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.)
 CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2384-1] cacti security update (09.01.2012)
 documentMustLive, XSS and IAA vulnerabilities in Register Plus Redux for WordPress (09.01.2012)
 documentMustLive, Multiple new vulnerabilities in Register Plus Redux for WordPress (09.01.2012)
 documentMustLive, Vulnerabilities in plugins for MODx CMS, XOOPS, uCoz, Magento and DSP CMS (09.01.2012)
 documenttom, Winn Guestbook v2.4.8c Stored XSS (09.01.2012)
 documentLpSolit_(at)_gmail.com, Security advisory for Bugzilla 4.2rc1, 4.0.3, 3.6.7 and 3.4.13 (09.01.2012)
 documentCyrill Brunschwiler, OpenKM 5.1.7 Privilege Escalation (09.01.2012)
 documentCyrill Brunschwiler, OpenKM 5.1.7 OS Command Execution (XSRF based) (09.01.2012)
 documenttom, Tinyguestbook XSS (09.01.2012)
 documentRedTeam Pentesting, [RT-SA-2012-001] Bugzilla: Cross-Site Scripting in Chart Generator (09.01.2012)
 documentTrustwave Advisories, SQL Injection Vulnerability in OpenEMR 4.1.0 (09.01.2012)
 documentTrustwave Advisories, TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System (09.01.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in ImpressCMS (09.01.2012)
 documentNetsparker Advisories, Open Redirection Vulnerability in Orchard 1.3.9 (09.01.2012)
 documentSEC Consult Vulnerability Lab, NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS (09.01.2012)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 (09.01.2012)
 documentdemonalex_(at)_163.com, Ggb Guestbook - XSS Vulnerabilities (09.01.2012)
 documentsecurity_(at)_infoserve.de, VertrigoServ 2.25 Cross-Site-Scripting vulnerability (09.01.2012)
 documentsecurity_(at)_infoserve.de, SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities (09.01.2012)

Google Chrome https address spoofing
Published:09.01.2012
Source:
SecurityVulns ID:12134
Type:client
Threat Level:
5/10
Description:Few different address spoofing techniques.
Affected:GOOGLE : Chrome 15.0
Original documentdocumentACROS Security, Google Chrome HTTPS Address Bar Spoofing (09.01.2012)
Files:Google Chrome HTTPS Address Bar Spoofing

ipmitool weak permissions
Published:09.01.2012
Source:
SecurityVulns ID:12135
Type:local
Threat Level:
5/10
Description:Weak permissions on pid file creation.
Affected:OPENIPMI : OpenIPMI 1.8
CVE:CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2376-2] ipmitool security update (09.01.2012)

OpenSWAN use-after-free
Published:09.01.2012
Source:
SecurityVulns ID:12136
Type:remote
Threat Level:
7/10
Description:Use-after-free in crypto helper
CVE:CVE-2011-4073 (Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.)
Original documentdocumentOPENSWAN, CVE-2011-4073 Openswan crypto helper crasher (09.01.2012)

Oracle GlassFish Server authentication bypass
updated since 12.05.2011
Published:09.01.2012
Source:
SecurityVulns ID:11668
Type:remote
Threat Level:
5/10
Description:Unauthenticated administration console access via HTTP TRACE requests.
CVE:CVE-2011-1511 (Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.)
Original documentdocumentResearch@NGSSecure, NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability (09.01.2012)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2010-1118: Oracle GlassFish Server Administration Console Authentication Bypass (12.05.2011)

HP OpenView Network Node Manager code execution
updated since 06.11.2011
Published:09.01.2012
Source:
SecurityVulns ID:12023
Type:remote
Threat Level:
5/10
Affected:HP : OpenView Network Node Manager 7.53
CVE:CVE-2011-3167 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.)
 CVE-2011-3166 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.)
 CVE-2011-3165 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.)
Original documentdocumentZDI, ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-12-003 : HP OpenView NNM webappmon.exe parameter Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability (15.12.2011)
 documentHP, [security bulletin] HPSBMU02712 SSRT100649 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (06.11.2011)

Novell Netware security vulnerabilities
updated since 09.01.2012
Published:11.01.2012
Source:
SecurityVulns ID:12127
Type:remote
Threat Level:
5/10
Description:TCP/32778, UDP/32778, UDP/2039, UDP/32779 RPC-based services buffer overflow.
Affected:NOVELL : Netware 6.5
Original documentdocumentZDI, ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability (11.01.2012)
 documentZDI, ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability (09.01.2012)

HP LaserJet P3015 printer unauthorized access
updated since 09.01.2012
Published:11.01.2012
Source:
SecurityVulns ID:12130
Type:remote
Threat Level:
5/10
Description:Web server directory traversal
Affected:HP : LaserJet P3015
CVE:CVE-2011-4785 (Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.)
 CVE-2011-4161 (The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.)
Original documentdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785) (11.01.2012)
 documentHP, [security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files (09.01.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod