Computer Security
[EN] securityvulns.ru no-pyccku


Security vulnerabilities in HP ProCurve switches
Published:09.08.2010
Source:
SecurityVulns ID:11042
Type:remote
Threat Level:
6/10
Description:Unauthorized access, information leak, DoS.
Affected:HP : ProCurve 1800
 HP : ProCurve 2610
 HP : ProCurve 2626
 HP : ProCurve 2650
CVE:CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.)
 CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.)
 CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.)
 CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN02561 SSRT100194 rev.1 - HP ProCurve 2610 Switches running DHCP, Remote Denial of Service (DoS) (09.08.2010)
 documentHP, [security bulletin] HPSBGN02560 SSRT100193 rev.1 - HP ProCurve 2626 and 2650 Switches, Remote Unauthorized Access (09.08.2010)
 documentHP, [security bulletin] HPSBGN02559 SSRT100192 rev.1 - HP ProCurve 2610 Switch In-band Agent, Remote Denial of Service (DoS) (09.08.2010)
 documentHP, [security bulletin] HPSBGN02501 SSRT071407 rev.1 - HP ProCurve 1800 Switches running SNMP, Remote Disclosure of Information (09.08.2010)

EMC Disk Library DoS
Published:09.08.2010
Source:
SecurityVulns ID:11044
Type:remote
Threat Level:
5/10
Affected:EMC : EMC Disk Library 4.0
 EMC : EMC Disk Library 3.3
 EMC : EMC Disk Library 3.2
CVE:CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP.)
Original documentdocumentEMC, ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability (09.08.2010)

QQ Computer Manager DoS
Published:09.08.2010
Source:
SecurityVulns ID:11045
Type:local
Threat Level:
4/10
Description:Crash on IOCTL processing.
Affected:TENCENT : QQ Computer Manager 4.0
Original documentdocumentlilf, QQ Computer Manager TSKsp.sys Driver Local Denial of Service Vulnerability (09.08.2010)

socat buffer overflow
Published:09.08.2010
Source:
SecurityVulns ID:11046
Type:local
Threat Level:
3/10
Description:Buffer overflow on command line arguments parsing.
Affected:SOCAT : socat 1.7
CVE:CVE-2010-2799 (Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2090-1] New socat packages fix arbitrary code execution (09.08.2010)

Cisco Wireless Control System crossite scripting
updated since 09.08.2010
Published:11.08.2010
Source:
SecurityVulns ID:11043
Type:remote
Threat Level:
5/10
Description:Crossite scripting and SQL injection in Web interface.
Affected:CISCO : Wireless Control System 6.0
CVE:CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.)
Original documentdocumentCISCO, Cisco Security Advisory: SQL Injection Vulnerability in Cisco Wireless Control System (11.08.2010)
 documentTom Neaves, Cisco Wireless Control System XSS (09.08.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod