Computer Security
[EN] securityvulns.ru no-pyccku


Subversion DoS
Published:09.03.2011
Source:
SecurityVulns ID:11486
Type:remote
Threat Level:
5/10
Description:Crash on lock request processing.
Affected:SUBVERSION : Subversion 1.6
CVE:CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2181-1] subversion security update (09.03.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.03.2011
Source:
SecurityVulns ID:11485
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CUBECART : CubeCart 2.0
 PHPNUKE : PHP-Nuke 8.0
 MCCONTENTMANAGER : MC Content Manager 10.1
 WORDPRESS : Inline Gallery 0.3
 WORDPRESS : Cool Video Gallery 1.3
 WORDPRESS : GRAND Flash Album Gallery 0.55
 WORDPRESS : 1 Flash Gallery 0.2
 WORDPRESS : PhotoSmash 1.0
 RECORDPRESS : RecordPress 0.3
 ICINGA : Icinga 1.2
 ICINGA : Icinga 1.3
 KODAK : Kodak InSite 5.5
 MUTARE : EVM 2.2
 QUICKPOLLS : Quick Polls 1.0
 WEBENSIO : LMS Web Ensino 2011-02
 TOTVS : Microsiga Protheus 10
CVE:CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.)
Original documentdocumentFlavio do Carmo Junior aka waKKu, [DCA-2011-0002]: TOTVS ERP Microsiga Protheus - Users Enumeration (09.03.2011)
 documentFlavio do Carmo Junior aka waKKu, [DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection (09.03.2011)
 documentMark Stanislav, 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099) (09.03.2011)
 documentmikispag_(at)_gmail.com, XSS in CubeCart <= 2.0.7 (09.03.2011)
 documentTravis Lee, Mutare Software EVM - CSRF and XSS Vulnerabilities (09.03.2011)
 documentvulns_(at)_dionach.com, InSite Troubleshooting Cross-Site Scripting (09.03.2011)
 documentvulns_(at)_dionach.com, Kodak InSite Login Page Cross-Site Scripting (09.03.2011)
 documentsschurtz_(at)_t-online.de, Cross-Site Scripting vulnerabilities in Icinga (09.03.2011)
 documentirancrash_(at)_gmail.com, RecordPress Multiple Vulnerabilities (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22871: File Content Disclosure in GRAND Flash Album Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22867: XSS in PhotoSmash wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22868: XSS in 1 Flash Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22869: SQL Injection in 1 Flash Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22870: SQL Injection in GRAND Flash Album Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22872: Path disclosure in Cool Video Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22873: XSS in Inline Gallery wordpress plugin (09.03.2011)
 documentMustLive, Cross-Site Scripting уязвимости в MC Content Manager (09.03.2011)
 documentMustLive, Новые уязвимости в PHP-Nuke (09.03.2011)

Microsoft Windows multiple security vulnerabilities
Published:09.03.2011
Source:
SecurityVulns ID:11487
Type:remote
Threat Level:
6/10
Description:Unsafe library loading, code execution with .dvr-ms files.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability.")
 CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability.")
 CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability.")
 CVE-2010-3146 (Untrusted search path vulnerability in Microsoft Office Groove 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mso.dll or GroovePerfmon.dll that is located in the same folder as a .vcg or .gta file.)
Files:Microsoft Security Bulletin MS11-015 - Critical Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
 Microsoft Security Bulletin MS11-016 - Important Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
 Microsoft Security Bulletin MS11-017 - Important Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod