Computer Security
[EN] securityvulns.ru
no-pyccku

  

vlc player integer overflow
Published:10.06.2011
Source:BUGTRAQ
SecurityVulns ID:11720
Type:local
Level:4/10
Description:Integer overflow on XSPF playlists parsing.
Affected:VLC : vlc 1.1
CVE:CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2257-1] vlc security update (10.06.2011)

HP OpenView Storage Data Protector code execution
Published:10.06.2011
Source:BUGTRAQ
SecurityVulns ID:11722
Type:remote
Level:5/10
Affected:HP : OpenView Storage Data Protector 6.11
 HP : OpenView Storage Data Protector 6.0
 HP : OpenView Storage Data Protector 6.10
CVE:CVE-2011-1864 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code (10.06.2011)

HP Service Manager / HP Service Center multiple security vulnerabilities
Published:10.06.2011
Source:BUGTRAQ
SecurityVulns ID:11723
Type:remote
Level:5/10
Description:Uauthorized access, privilege escalation, information leakage, HTTP session hijack, crossite scripting.
Affected:HP : HP Service Manager 9.21
 HP : HP Service Manager 9.20
 HP : HP Service Manager 7.11
 HP : HP Service Manager 7.02
 HP : HP Service Manager client 9.21
 HP : HP Service Manager client 9.20
 HP : HP Service Manager client 7.11
 HP : HP Service Manager client 7.02
 HP : HP Service Center 6.2
 HP : HP Service Center client 6.2
CVE:CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.)
 CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.)
 CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.)
 CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.)
 CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.)
 CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XS (10.06.2011)

Oracle Java multiple security vulnerabilities
updated since 10.06.2011
Published:19.06.2011
Source:BUGTRAQ
SecurityVulns ID:11721
Type:library
Level:9/10
Description:Multiple integer overflows on ICC profiles parsing. Java Web Start shell commands execution.
Affected:ORACLE : Jre 6.0
 ORACLE : JDK 6.0
CVE:CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
Original documentdocumentZDI, TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability (19.06.2011)
 documentZacheusz Siedlecki, Java HotSpot Cryptographic Provider signature verification vulnerability (11.06.2011)
 documentZDI, ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru