Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSd race conditions (pipe)
updated since 03.10.2009
Published:09.10.2009
Source:
SecurityVulns ID:10281
Type:local
Threat Level:
6/10
Description:Race conditions in pipes close() call allow code execution in kernel context.
Affected:FREEBSD : FreeBSD 6.4
Original documentdocumentPrzemyslaw Frasunek, FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition exploit (09.10.2009)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:13.pipe (03.10.2009)
Files:Exploits FreeBSD <= 6.4 pipeclose()/knlist_cleardel() race condition

FreeBSd race conditions (devfs)
updated since 03.10.2009
Published:09.10.2009
Source:
SecurityVulns ID:10282
Type:local
Threat Level:
6/10
Description:Race conditions between devfs and VFS allow code execution.
Affected:FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 7.2
Original documentdocumentPrzemyslaw Frasunek, FreeBSD 7.2 VFS/devfs race condition exploit (09.10.2009)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:14.devfs (03.10.2009)
Files: FreeBSD 7.2 devfs kevent() race condition exploit

HP printers crossite scripting
updated since 07.10.2009
Published:09.10.2009
Source:
SecurityVulns ID:10296
Type:remote
Threat Level:
4/10
Description:Crossite scripting in Jetdirect web interface for LaserJet and Color LaserJet printers.
CVE:CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and the Embedded Web Server (EWS) on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the (1) Product_URL or (2) Tech_URL parameter in an Apply action to the support_param.html/config script.)
Original documentdocumentDSecRG, [DSECRG-09-048] HP LaserJet printers - Multiple Stored XSS vulnerabilities (09.10.2009)
 documentHP, [security bulletin] HPSBPI02463 SSRT090061 rev.1 - HP LaserJet Printers, HP Color LaserJet Printers, Remote Cross Site Scripting (XSS) (07.10.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.10.2009
Source:
SecurityVulns ID:10301
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VBULLETIN : vBulletin 3.6
 VBULLETIN : vBulletin 3.7
 VBULLETIN : vBulletin 3.8
 DREAMPOLL : DreamPoll 3.1
 DOCEBO : Docebo 3.6
Original documentdocumentAndrea Fabrizi, Docebo Multiple SQL-Injection Vulnerabilities (09.10.2009)
 documentadvisories_(at)_intern0t.net, vBulletin - Multiple Versions - Cross Site Script Redirection (09.10.2009)
 documentmark_(at)_infosecstuff.com, DreamPoll 3.1 Vulnerabilities (09.10.2009)
 documentDazz.band_(at)_hotmail.com, BMW 'inventory.php"<= SQL Injection Vulnerability (09.10.2009)
 documentPaweі Јaskarzewski, QuickCart Multiple vlunerabilities (09.10.2009)

httpdx Web server buffer overflow
Published:09.10.2009
Source:
SecurityVulns ID:10302
Type:remote
Threat Level:
5/10
Description:Buffer overflow on GET response parsing.
Affected:HTTPDX : httpdx 1.4
Original documentdocumentpankaj208_(at)_gmail.com, Remote buffer overflow in httpdx (09.10.2009)

NetPBM DoS
Published:09.10.2009
Source:
SecurityVulns ID:10304
Type:library
Threat Level:
5/10
Description:Crash on displaying image with large height.
Affected:NETPBM : Netpbm 10.35
CVE:CVE-2008-4799 (pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:262 ] netpbm (09.10.2009)

CA Anti-Virus multiple security vulnerabilities
updated since 09.10.2009
Published:13.10.2009
Source:
SecurityVulns ID:10305
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities on RAR archives parsing.
Affected:CA : eTrust Intrusion Detection 3.0
 CA : CA Internet Security Suite 2007
 CA : ARCserve Backup 11.5
 CA : CA Internet Security Suite 2008
 CA : CA Protection Suites 3.1
 CA : CA Anti-Virus 7.1
 CA : CA Anti-Virus 8.1
 CA : CA Anti-Virus 2007
 CA : CA Anti-Virus 2008
 CA : CA Network and Systems Management 11.1
 CA : CA Anti-Virus 2009
 CA : CA Internet Security Suite 2009
 CA : CA Threat Manager 8.1
 CA : CA Secure Content Manager 8.0
 CA : ARCserve Backup 12.5
 CA : CA Common Services 11.1
CVE:CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.)
 CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.)
Original documentdocumentThierry Zoller, [G-SEC 46-2009] Computer Associates multiple products arbritary code execution (13.10.2009)
 documentCA, CA20091008-01: Security Notice for CA Anti-Virus Engine (09.10.2009)

IBM AIX rpc.cmsd buffer overflow
updated since 09.10.2009
Published:02.02.2010
Source:
SecurityVulns ID:10303
Type:remote
Threat Level:
6/10
Description:Buffer overflow on RPC request parsing.
Affected:IBM : AIX 5.3
 IBM : AIX 6.1
 IBM : VIOS 1.4
 IBM : VIOS 1.5
 IBM : VIOS 2.1
Original documentdocumentRodrigo Rubira Branco (BSDaemon), Remote Vulnerability in AIX RPC.cmsd released by iDefense (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 10.07.09: IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability (09.10.2009)
Files:RPC.cmsd remote PoC for AIX 6.1 and lower

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod