Computer Security
[EN] securityvulns.ru no-pyccku


EMC Celerra Network Attached Storage appliance unauthorized access
updated since 16.08.2010
Published:09.09.2010
Source:
SecurityVulns ID:11081
Type:remote
Threat Level:
6/10
Description:Full NFS access from predefined list of IP addresses is enabled by default.
CVE:CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests.)
Original documentdocumentEMC, ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing. (09.09.2010)
 documentTrustwave Advisories, TWSL2010-003: Unauthorized access to root NFS export on EMC Celerra NAS appliance (16.08.2010)

RSA Access Manager Server / Agent vulnerabilities
Published:09.09.2010
Source:
SecurityVulns ID:11121
Type:remote
Threat Level:
5/10
Description:Few restriction bypass vulnerabilities
Affected:EMC : RSA Access Manager Server 5.5
 EMC : RSA Access Manager Server 6.0
 EMC : RSA Access Manager Server 6.1
 EMC : RSA Access Manager Agent 4.7
CVE:CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors.)
 CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors.)
Original documentdocumentEMC, ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSA® Access Manager Agent when working with RSA® Adaptive Authentication. (09.09.2010)
 documentEMC, ESA-2010-014: RSA, The Security Division of EMC, releases security hot fixes for potential vulnerability in RSA® Access Manager Server under certain conditions. (09.09.2010)

mountall privilege escalation
Published:09.09.2010
Source:
SecurityVulns ID:11122
Type:local
Threat Level:
5/10
Description:udev rule file unsafe permissions.
Affected:MOUNTALL : mountall 2.15
CVE:CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.)
Original documentdocumentUBUNTU, [USN-985-1] mountall vulnerability (09.09.2010)

HP ProLiant G6 Lights-Out 100 DoS
Published:09.09.2010
Source:
SecurityVulns ID:11123
Type:remote
Threat Level:
5/10
Affected:HP : Lights out 100
CVE:CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02574 SSRT100038 rev.1 - HP ProLiant G6 Lights-Out 100, Remote Management, Denial of Service (DoS) (09.09.2010)

HP-UX Software Distributor privilege escalation
Published:09.09.2010
Source:
SecurityVulns ID:11124
Type:remote
Threat Level:
5/10
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
CVE:CVE-2010-2712 (Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02552 SSRT100062 rev.1 - HP-UX running Software Distributor (sd), Local Privilege Increase, Unauthorized Access (09.09.2010)

HP Insight Diagnostics Online Edition crosisite scripting
Published:09.09.2010
Source:
SecurityVulns ID:11125
Type:remote
Threat Level:
5/10
CVE:CVE-2010-3003 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02571 SSRT100034 rev.1 - HP Insight Diagnostics Online Edition, Remote Cross Site Scripting (XSS) (09.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod