Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel information leak
Published:10.11.2010
Source:
SecurityVulns ID:11250
Type:local
Threat Level:
5/10
Description:It's possible to access kernel uninitialied memory by using BPF filters.
Affected:LINUX : kernel 2.6
Original documentdocumentDan Rosenberg, Kernel 0-day (10.11.2010)

libmbfl / {H{ information leak
Published:10.11.2010
Source:
SecurityVulns ID:11251
Type:library
Threat Level:
5/10
Description:under some conditions portion of uninitialized memory is returned.
Affected:PHP : PHP 5.3
 LIBMBFL : Libmbfl 1.1
CVE:CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).)
Original documentdocumentMANDRIVA, [ MDVSA-2010:225-1 ] libmbfl (10.11.2010)

libvpx library / Google Chrome buffer overflow
Published:10.11.2010
Source:
SecurityVulns ID:11254
Type:library
Threat Level:
5/10
Description:Buffer overflow on WebM file parsing.
Affected:GOOGLE : Chrome 7.0
 LIBVPX : libvpx 0.9
CVE:CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.)
Original documentdocumentUBUNTU, [USN-1015-1] libvpx vulnerability (10.11.2010)

ISC DHCP server DoS
Published:10.11.2010
Source:
SecurityVulns ID:11253
Type:remote
Threat Level:
5/10
Description:Crash on Relay-Forward packet with empty link-address field.
Affected:ISC : dhcp 4.0
 ISC : dhcp 4.1
 DHCP : dhcp 4.2
CVE:CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:226 ] dhcp (10.11.2010)

Microsoft Forefront Unified Access Gateway multiple security vulnerabilities
Published:10.11.2010
Source:
SecurityVulns ID:11249
Type:remote
Threat Level:
5/10
Description:Crossite scripting, form redirection.
Affected:MICROSOFT : Forefront Unified Access Gateway 2010
CVE:CVE-2010-2736
 CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability.")
 CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability.")
 CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-089 - Important Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) (10.11.2010)

Microsoft Office multiple security vulnerabilities
updated since 10.11.2010
Published:15.11.2010
Source:
SecurityVulns ID:11248
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions, buffer overflows, integer overflows.
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Office 2010
 MICROSOFT : Office for Mac 2011
CVE:CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.)
 CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability.")
 CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability.")
 CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability.")
 CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability.")
 CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability.")
 CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability.")
Original documentdocumentACROS Security, Additional information on the Microsoft Office 2010 binary planting bugs (15.11.2010)
 documentIDEFENSE, iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability (10.11.2010)
 documentACROS Security, ASPR #2010-11-10-3: Remote Binary Planting in Microsoft Excel 2010 (10.11.2010)
 documentACROS Security, ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010 (10.11.2010)
 documentACROS Security, ASPR #2010-11-10-1: Remote Binary Planting in Microsoft PowerPoint 2010 (10.11.2010)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint PP7X32.DLL Record Parsing Vulnerability (10.11.2010)
 documentSECUNIA, Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability (10.11.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-088 - Important Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) (10.11.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) (10.11.2010)
Files:Microsoft Security Bulletin MS10-087 - Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
 Microsoft Security Bulletin MS10-088 - Important Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)

D-Link DIR-300/320/600/615 unauthorized access
updated since 10.11.2010
Published:01.12.2010
Source:
SecurityVulns ID:11252
Type:remote
Threat Level:
5/10
Description:It's possible to change administration password without knowledge of old password.
Affected:DLINK : D-Link DIR-300
 DLINK : D-Link DIR-320
 DLINK : D-Link DIR-600
 DLINK : D-Link DIR-615
Original documentdocumentKarol Celinski, Re: D-Link DIR-300 authentication bypass (01.12.2010)
 documentKarol Celinski, Re: D-Link DIR-300 authentication bypass (20.11.2010)
 documentasmo, Re: D-Link DIR-300 authentication bypass (16.11.2010)
 documentKarol Celinski, D-Link DIR-300 authentication bypass (10.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod