Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Web servers information leak
Published:09.02.2010
Source:
SecurityVulns ID:10598
Type:remote
Threat Level:
7/10
Description:It's possible to access script sources and/or bypass access restrictions by using Windows 8.3 filenames and space characters.
Affected:CHEROKEE : Cherokee 0.99
 NGINX : Nginx Web Server 0.7
 NGINX : Nginx Web Server 0.8
 MONGOOSE : Mongoose 2.8
 WLMP : WLMP 1.1
Original documentdocumentinfo_(at)_securitylab.ir, mongoose Space Character Remote File Disclosure Vulnerability (09.02.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers (09.02.2010)

TVUPlayer ActiveX code execution
Published:09.02.2010
Source:
SecurityVulns ID:10600
Type:remote
Threat Level:
5/10
Description:Insecure method allows local files access.
Affected:TVUNETWORKS : TVUPlayer 2.4
Original documentdocumentAlexandr Polyakov, [DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method (09.02.2010)

JDownloader download manager code execution
Published:09.02.2010
Source:
SecurityVulns ID:10597
Type:client
Threat Level:
6/10
Description:TCP/9666 port HTTP interface used for application management is vulnerable to form redirection attacks.
Affected:JDOWNLOADER : JDownloader 0.9
Original documentdocumentMatthias -apoc- Hecker, JDownloader Remote Code Execution (09.02.2010)

Clearweb GeFest Web HomeServer directory traversal
Published:09.02.2010
Source:
SecurityVulns ID:10599
Type:remote
Threat Level:
5/10
Description:It's possible to access files behind web root.
Affected:CLEARWEB : GeFest Web HomeServer 1.0
Original documentdocumentsecurity_(at)_corelan.be, CORELAN-10-010 - GeFest Web HomeServer v1.0 Remote Directory Traversal Vulnerability (09.02.2010)

Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities
updated since 09.02.2010
Published:10.02.2010
Source:
SecurityVulns ID:10601
Type:remote
Threat Level:
9/10
Description:Multiple memory corruptions in ICMPv6, IPSec, TCP implementations.
Affected:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability.")
 CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability.")
 CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability.")
 CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-009 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) (09.02.2010)
Files:Microsoft Security Bulletin MS10-009 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod