 |
|
|
|
| Microsoft Windows Active Directory Federation Service multiple security vulnerabilities | | Published: |  | 09.12.2009 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 10451 | | Type: |  | remote | | Level: |  | 7/10 | | Description: |  | Code execution, session hijack. |
| Affected: |  | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows 2008 Server | | CVE: |  | CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability.") | | | | CVE-2009-2508 (The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability.") |
| Microsoft Internet Authentication Service multiple security vulnerabilities | | Published: | | 09.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10452 | | Type: | | remote | | Level: | | 7/10 | | Description: | | MS-CHAP authentication bypass, memory corruption. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability.") | | | | CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability.") |
| Adobe Flash Player multiple security vulnerabilities | | Published: | | 09.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10457 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Buffer overflow on JPEG parsing, integer overflow on ActionScript execution. |
| Affected: | | ADOBE : Flash Player 10.0 | | | | ADOBE : AIR 1.5 | | CVE: | | CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820.) | | | | CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.) | | | | CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers.") | | | | CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.) | | | | CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.) | | | | CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability.") | | | | CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.) |
| Mozilla Firefox dialog spoofing | | Published: | | 09.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10449 | | Type: | | client | | Level: | | 4/10 | | Description: | | It's possible to spoof form URL. |
| CVE: | | CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.) | | | | CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.) |
| Microsoft Windows DoS | | Published: | | 09.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10450 | | Type: | | remote | | Level: | | 7/10 | | Description: | | LSASS DoS on ISAKMP IPSec messages parsing. |
| Microsoft Project memory corruption | | Published: | | 09.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10455 | | Type: | | client | | Level: | | 6/10 | | Description: | | Memory corruption on Microsoft Office files parsing. |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 09.12.2009 | | Source: | | | | SecurityVulns ID: | | 10459 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
HP OpenView Data Protector Application Recovery Manager DoS
updated since 08.12.2009 | | Published: | | 09.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10446 | | Type: | | remote | | Level: | | 5/10 |
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation
updated since 04.12.2009 | | Published: | | 09.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10441 | | Type: | | local | | Level: | | 5/10 | | Description: | | Application executes all executables with predefined names found in system. |
| ntp server DoS | | Published: | | 09.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10458 | | Type: | | remote | | Level: | | 5/10 | | Description: | | NTP packet from the spoofed address of server itself causes resources exhaustion. |
| Affected: | | NTP : ntp 4.2 | | CVE: | | CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.) |
HP OpenView NNM multiple security vulnerabilities
updated since 09.12.2009 | | Published: | | 10.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10460 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple vulnerabilities in different CGI applications. |
| Affected: | | HP : OpenView Network Node Manager 7.51 | | CVE: | | CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.) | | | | CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.) | | | | CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.) | | | | CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.) | | | | CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.) | | | | CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.) | | | | CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.) | | | | CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.) | | | | CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.) | | | | CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.) | | | | CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.) |
| Original document |  | HP, [security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (10.12.2009) |
| | | ZDI, TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability (10.12.2009) |
| | | ZDI, TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability (09.12.2009) |
| | | ZDI, TPTI-09-10: HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow Vulnerability (09.12.2009) |
| | | ZDI, TPTI-09-09: HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow Vulnerability (09.12.2009) |
| | | ZDI, TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability (09.12.2009) |
| | | ZDI, ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability (09.12.2009) |
| | | ZDI, ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability (09.12.2009) |
| | | ZDI, ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability (09.12.2009) |
| | | ZDI, ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities (09.12.2009) |
Microsoft Windows Intel Indeo codecs multiple
updated since 09.12.2009 | | Published: | | 10.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10456 | | Type: | | library | | Level: | | 8/10 | | Description: | | Multiple vulnerabilities on video files parsing. |
Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009 | | Published: | | 10.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10453 | | Type: | | client | | Level: | | 9/10 | | Description: | | Multiple memory corruptions, code execution. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | CVE: | | CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.) | | | | CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.") | | | | CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.) | | | | CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.) | | | | CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability.") |
Microsoft Wordpad / Office Text Converters memory corruption
updated since 09.12.2009 | | Published: | | 10.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10454 | | Type: | | client | | Level: | | 6/10 | | Description: | | Memory corruption on Office 97 documents parsing. |
|
|
|
|
|
|
|
|
