Computer Security
[EN] securityvulns.ru no-pyccku


IBM DataPower XS40 Security Gateway DoS
Published:11.01.2009
Source:
SecurityVulns ID:9572
Type:remote
Threat Level:
5/10
Description:Crash on malformed SSL data.
Affected:IBM : DataPower XS40
Original documentdocumenterik_(at)_psafe.nl, [IBM Datapower XS40] Denial of Service (11.01.2009)

NETGEAR WG102 wireless router SNMP information leak
Published:11.01.2009
Source:
SecurityVulns ID:9573
Type:remote
Threat Level:
5/10
Description:It's possible to retrieve write community with read community
Affected:NETGERAR : Netgear WG102
Original documentdocumentmad-vaittes_(at)_ida.ing.tu-bs.de, Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point (11.01.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.01.2009
Source:
SecurityVulns ID:9570
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Xaraya: crossite scripting
Affected:PHPFUSION : vArcade 1.8 module for PHP-Fusion
Original documentdocumentMatteo Ignaccolo, Plunet BusinessManager failure in access controls and multiple stored cross site scripting (11.01.2009)
 documentr3d.w0rm_(at)_yahoo.com, PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability (11.01.2009)
 documentr3d.w0rm_(at)_yahoo.com, PHP-Fusion Mod E-Cart Sql Injection (11.01.2009)
 documentr3d.w0rm_(at)_yahoo.com, PHP-Fusion Mod Members Bewerb Sql Injection (11.01.2009)
 documentMustLive, Cross-Site Scripting vulnerability in Xaraya (11.01.2009)

Cisco Global Site Selector Appliances DoS
Published:11.01.2009
Source:
SecurityVulns ID:9568
Type:remote
Threat Level:
6/10
Description:Crash on malformed DNS requests sequence.
Affected:CISCO : Cisco GSS 4480
 CISCO : Cisco GSS 4490
 CISCO : Cisco GSS 4491
 CISCO : Cisco GSS 4492
CVE:CVE-2008-3819 (dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Global Site Selector Appliances DNS Vulnerability (11.01.2009)

Multiple FTP servers unsafe fgets() vulnerability
updated since 30.09.2008
Published:11.01.2009
Source:
SecurityVulns ID:9317
Type:remote
Threat Level:
5/10
Description:It's possible to embed additional commands into URLs.
Affected:FREEBSD : FreeBSD 7.0
 NETBSD : NetBSD 4.0
 OPENBSD : OpenBSD 4.3
CVE:CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd (11.01.2009)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd (09.01.2009)
 documentMaksymilian Arciemowicz, multiple vendor ftpd - Cross-site request forgery (30.09.2008)

CA Service Metric Analysis / CA Service Level Management code execution
Published:11.01.2009
Source:
SecurityVulns ID:9571
Type:remote
Threat Level:
6/10
Description:It's possible to execute commands with snmp service.
Affected:CA : CA Service Level Management 3.5
 CA : CA Service Metric Analysis 11.0
 CA : CA Service Metric Analysis 11.1
CVE:CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.)
Original documentdocumentCA, CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability (11.01.2009)

TSC2 Help Desk ActiveX buffer overflow
Published:11.01.2009
Source:
SecurityVulns ID:9569
Type:client
Threat Level:
5/10
Description:CTab ActiveX buffer overflow
Affected:TSC2 : TSC2 Help Desk 4.1
CVE:CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.)
Original documentdocumentSECUNIA, Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow (11.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod