Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.04.2009
Source:
SecurityVulns ID:9808
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Openads: code execution
Affected:OPENADS : Openads 2.4
 HORDE : Horde 3.2
 EXJUNE : Exjune Guestbook 2
 ADAPTBB : AdaptBB 1.0
 GEEKLOG : Geeklog 1.5
 LGASOFT : SASPCMS 0.9
 NET2FTP : net2ftp 0.97
CVE:CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.)
 CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.)
 CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.)
Original documentdocumentc1c4tr1z_(at)_voodoo-labs.org, net2ftp <= 0.97 Cross-Site Scripting/Request Forgery (10.04.2009)
 documentMatthew Dempsky, Adgregate ShopAd widget validation is vulnerable to replay attack (10.04.2009)
 documentadmin_(at)_bugreport.ir, SASPCMS Multiple Vulnerabilities (10.04.2009)
 documentSalvatore "drosophila" Fresta, AdaptBB 1.0 Beta Multiple Remote Vulnerabilities (10.04.2009)
 documentrgod, Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability (10.04.2009)
 documentrgod, Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit (10.04.2009)
 documentalphanix00_(at)_gmail.com, Exjune Guestbook v2 Remote Database Disclosure Exploit (10.04.2009)
 documentMustLive, Code Execution vulnerability in Openads (10.04.2009)
Files:Exjune Guestbook v2 Remote Database Disclosure Exploit
 Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit

Wireshark multiple security vulnerabilities
Published:10.04.2009
Source:
SecurityVulns ID:9809
Type:remote
Threat Level:
6/10
Description:PROFINET protocol dissector format string vulnerability, Check Point High-Availability Protocol (CPHAP) dissector DoS, .rf5 file parses DoS.
Affected:WIRESHARK : Wireshark 1.0
CVE:CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.)
 CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.)
 CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:088 ] wireshark (10.04.2009)

HP ProCurve Manager unauthorized access
Published:10.04.2009
Source:
SecurityVulns ID:9810
Type:remote
Threat Level:
5/10
Affected:HP : ProCurve Manager 2.3
CVE:CVE-2007-4514
Original documentdocumentHP, [security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Data (10.04.2009)

multipath-tools weak permissions
Published:10.04.2009
Source:
SecurityVulns ID:9812
Type:remote
Threat Level:
5/10
Description:Weak permissions for control socket.
Affected:MULTIPATHTOOLS : multipath-tools 0.4
CVE:CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service (10.04.2009)

IBM BladeCenter Advanced Management Module multiple security vulnerabilities
Published:10.04.2009
Source:
SecurityVulns ID:9813
Type:remote
Threat Level:
5/10
Description:Crossite scripting, information leak.
Affected:IBM : BladeCenter E
 IBM : BladeCenter H
 IBM : BladeCenter HT
 IBM : BladeCenter S
 IBM : BladeCenter T
 IBM : BladeCenter JS12
 IBM : BladeCenter JS21
 IBM : BladeCenter JS22
 IBM : BladeCenter HC10
 IBM : BladeCenter HS12
 IBM : BladeCenter HS20
 IBM : BladeCenter HS21
 IBM : BladeCenter LS20
 IBM : BladeCenter LS21
 IBM : BladeCenter LS41
 IBM : BladeCenter QS21
 IBM : BladeCenter QS22
Original documentdocumentHenri Lindberg - Smilehouse Oy, IBM BladeCenter Advanced Management Module Multiple vulnerabilities (10.04.2009)

EMC Replistor buffer overflow
Published:10.04.2009
Source:
SecurityVulns ID:9814
Type:remote
Threat Level:
6/10
Description:Integer overflows in system services leads to buffer overflow.
Affected:EMC : RepliStor 6.2
 EMC : RepliStor 6.3
CVE:CVE-2009-1119 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow.)
Original documentdocumentFORTINET, FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability (10.04.2009)

Cisco ASA Adaptive Security Appliance / Cisco PIX Security Appliance multiple security vulnerabilities
Published:10.04.2009
Source:
SecurityVulns ID:9816
Type:remote
Threat Level:
6/10
Description:VPN authentication bypass, multiple DoS conditions.
Affected:CISCO : PIX 7.0
 CISCO : PIX 7.1
 CISCO : PIX 7.2
 CISCO : PIX 8.0
 CISCO : Adaptive Security Appliance 7.0
 CISCO : Adaptive Security Appliance 7.1
 CISCO : Adaptive Security Appliance 7.2
 CISCO : Adaptive Security Appliance 8.0
CVE:CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.)
 CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.)
 CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet.)
 CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet.)
 CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet.)
 CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances (10.04.2009)

tunapie multiple security vulnerabilities
Published:10.04.2009
Source:
SecurityVulns ID:9817
Type:local
Threat Level:
5/10
Description:Unfiltered shell characters vulnerability, symlink vulnerability.
Affected:TUNAPIE : Tunapie 2.1
CVE:CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.)
 CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities (10.04.2009)

GOM Player buffer overflow
Published:10.04.2009
Source:
SecurityVulns ID:9818
Type:local
Threat Level:
4/10
Description:Buffer overflow on .srt files parsing.
Affected:GOMPLAYER : GOM Player 2.1
Original documentdocumentSecurity Vulnerability Research Team, [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability (10.04.2009)

Windows ZIP folders buffer overflow
updated since 13.10.2004
Published:10.04.2009
Source:
SecurityVulns ID:4087
Type:library
Threat Level:
5/10
Description:Integer overflow in DynaZip (DUNZIP32.DLL) library on oversized filename in archive.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 IBM : Lotus Notes 6.5
 CHECKMARK : MultiLedger 6.0
 INNERMEDIA : DynaZip 3.0
 INNERMEDIA : DynaZip 4.0
 INNERMEDIA : DynaZip 5.0
 MCAFEE : VirusScan 10.0
 DTSEARCH : dtSearch 7.10
 HP : OpenView Performance Agent C.04.60
 HP : OpenView Performance Agent C.04.70
 HP : OpenView Performance Agent C.04.72
CVE:CVE-2008-4420 (Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.)
Original documentdocumentHP, [security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code (10.04.2009)
 documentJuha-Matti Laurio, IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability (07.09.2006)
 documentJuha-Matti Laurio, McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability (30.03.2006)
 documentJuha-Matti Laurio, dtSearch DUNZIP32.dll Buffer Overflow Vulnerability (21.12.2005)
 documentSECURITEAM, [NT] CheckMark MultiLedger Buffer Overflow Vulnerability (DUNZIP32.dll) (31.10.2005)
 documentEEYE, [Full-Disclosure] EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability (13.10.2004)
 documentMICROSOFT, Microsoft Security Bulletin MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) (13.10.2004)
Files:Microsoft Windows Vulnerability in Compressed (zipped) Folders (MS04-034) exploit
 Microsoft Security Bulletin MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)

Ghsotscript / XPDF / CUPS pdftops buffer overflow
updated since 10.04.2009
Published:18.04.2009
Source:
SecurityVulns ID:9811
Type:remote
Threat Level:
6/10
Description:Buffer overflow on JBIG2 decoding.
Affected:KDE : KDE 3.5
 CUPS : cups 1.3
 XPDF : xpdf 3.02
 GHOSTSCRIPT : Ghostscript 8.64
CVE:CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.)
 CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.)
 CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.)
 CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.)
 CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.)
 CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.)
 CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.)
 CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.)
 CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn.")
 CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.)
 CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.)
Original documentdocumentSECUNIA, Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability (18.04.2009)
 documentSECUNIA, Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow (18.04.2009)
 documentSECUNIA, Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow (10.04.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod