 |
|
|
|
| GRUB 2 password bypass | | Published: |  | 10.12.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10461 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Error in password protection allows to boot system by guessing first character of the password. |
| Affected: |  | GNU : GRUB 2 1.97 | | CVE: |  | CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.) |
| CA Service Desk crossite scripting | | Published: | | 10.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10463 | | Type: | | remote | | Level: | | 5/10 | | Description: | | freeaccess.spl and webengine CGIs are vulnerable to crossite scripting. |
| Affected: | | CA : CA Service Desk 12.1 | | CVE: | | CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.) |
HP OpenView NNM multiple security vulnerabilities
updated since 09.12.2009 | | Published: | | 10.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10460 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple vulnerabilities in different CGI applications. |
| Affected: | | HP : OpenView Network Node Manager 7.51 | | CVE: | | CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.) | | | | CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.) | | | | CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.) | | | | CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.) | | | | CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.) | | | | CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.) | | | | CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.) | | | | CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.) | | | | CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.) | | | | CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.) | | | | CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.) |
| Original document |  | HP, [security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (10.12.2009) |
| | | ZDI, TPTI-09-13: HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability (10.12.2009) |
| | | ZDI, TPTI-09-12: HP OpenView NNM ovalarm.exe CGI Accept-Language Stack Overflow Vulnerability (09.12.2009) |
| | | ZDI, TPTI-09-10: HP OpenView NNM webappmon.exe CGI Host Header Buffer Overflow Vulnerability (09.12.2009) |
| | | ZDI, TPTI-09-09: HP OpenView NNM ovsessionmgr.exe userid/passwd Heap Overflow Vulnerability (09.12.2009) |
| | | ZDI, TPTI-09-08: HP OpenView NNM ovlogin.exe CGI userid/passwd Heap Overflow Vulnerability (09.12.2009) |
| | | ZDI, ZDI-09-095: Hewlett-Packard OpenView NNM Snmp.exe Oid Variable Buffer Overflow Vulnerability (09.12.2009) |
| | | ZDI, ZDI-09-097: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability (09.12.2009) |
| | | ZDI, ZDI-09-096: Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable vsprintf Overflow Vulnerability (09.12.2009) |
| | | ZDI, ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities (09.12.2009) |
Microsoft Windows Intel Indeo codecs multiple
updated since 09.12.2009 | | Published: | | 10.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10456 | | Type: | | library | | Level: | | 8/10 | | Description: | | Multiple vulnerabilities on video files parsing. |
Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009 | | Published: | | 10.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10453 | | Type: | | client | | Level: | | 9/10 | | Description: | | Multiple memory corruptions, code execution. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | CVE: | | CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.) | | | | CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.") | | | | CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.) | | | | CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.) | | | | CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability.") |
Microsoft Wordpad / Office Text Converters memory corruption
updated since 09.12.2009 | | Published: | | 10.12.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 10454 | | Type: | | client | | Level: | | 6/10 | | Description: | | Memory corruption on Office 97 documents parsing. |
Symantec Veritas multiple applications unauthorized access
updated since 10.12.2009 | | Published: | | 15.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10462 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Authentication bypass in TCP/14300 VRTSweb.exe allows code execution. |
| Affected: | | HP : HP-UX 11.23 | | | | HP : HP-UX 11.31 | | | | SYMANTEC : Backup Exec Continuous Protection Server 12.5 | | | | SYMANTEC : Veritas NetBackup Operations Manager 6.5 | | | | SYMANTEC : Veritas Backup Reporter 6.6 | | | | SYMANTEC : Veritas Storage Foundation 3.5 | | | | SYMANTEC : Veritas Storage Foundation for Windows High Availability 5.1 | | | | SYMANTEC : Veritas Storage Foundation for High Availability 3.5 | | | | SYMANTEC : Veritas Storage Foundation for Oracle 5.0 | | | | SYMANTEC : Veritas Storage Foundation for DB2 5.0 | | | | SYMANTEC : Veritas Storage Foundation for Sybase 5.0 | | | | SYMANTEC : Veritas Storage Foundation for Oracle Real Application Cluster 5.0 | | | | SYMANTEC : Veritas Storage Foundation Manager 1.1 | | | | SYMANTEC : Veritas Storage Foundation Manager 2.0 | | | | SYMANTEC : Veritas Cluster Server 5.0 | | | | SYMANTEC : Veritas Cluster Server One 2.0 | | | | SYMANTEC : Veritas Application Director 1.1 | | | | SYMANTEC : Veritas Cluster Server Management Console 5.5 | | | | SYMANTEC : Veritas Storage Foundation Cluster File System 5.0 | | | | SYMANTEC : Veritas Storage Foundation Cluster File System for Oracle RAC 5.0 | | | | SYMANTEC : Veritas Command Central Storage 5.1 | | | | SYMANTEC : Veritas Command Central Enterprise Reporter 5.1 | | | | SYMANTEC : Veritas Command Central Storage Change Manager 5.1 | | | | SYMANTEC : Veritas MicroMeasure 5.0 | | | | SYMANTEC : VRTSweb 5.0 | | CVE: | | CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1) |
|
|
|
|
|
|
|
|
