Search:Vulnerability:11.01.2009 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

TSC2 Help Desk ActiveX buffer overflow
Published: 11.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9569
Type: client
Level: 5/10
Description: CTab ActiveX buffer overflow

Affected: TSC2 : TSC2 Help Desk 4.1
CVE: CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.)

Original document SECUNIA, Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow (11.01.2009)

Discuss: Read or add your comments to this news (0 comments)

IBM DataPower XS40 Security Gateway DoS
Published: 11.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9572
Type: remote
Level: 5/10
Description: Crash on malformed SSL data.

Affected: IBM : DataPower XS40

Original document erik_(at)_psafe.nl, [IBM Datapower XS40] Denial of Service (11.01.2009)

Discuss: Read or add your comments to this news (0 comments)

NETGEAR WG102 wireless router SNMP information leak
Published: 11.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9573
Type: remote
Level: 5/10
Description: It's possible to retrieve write community with read community

Affected: NETGERAR : Netgear WG102

Original document mad-vaittes_(at)_ida.ing.tu-bs.de, Leak of SNMP write password via SNMP read community in NETGEAR WG102 - Prosafe 802.11g Access Point (11.01.2009)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 11.01.2009
Source:
SecurityVulns ID: 9570
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Xaraya: crossite scripting

Affected: PHPFUSION : vArcade 1.8 module for PHP-Fusion

Original document Matteo Ignaccolo, Plunet BusinessManager failure in access controls and multiple stored cross site scripting (11.01.2009)

r3d.w0rm_(at)_yahoo.com, PHP-Fusion Mod vArcade 1.8 Sql Injection Vulnerability (11.01.2009)

r3d.w0rm_(at)_yahoo.com, PHP-Fusion Mod E-Cart Sql Injection (11.01.2009)

document r3d.w0rm_(at)_yahoo.com, PHP-Fusion Mod Members Bewerb Sql Injection (11.01.2009)

MustLive, Cross-Site Scripting vulnerability in Xaraya (11.01.2009)

Discuss: Read or add your comments to this news (0 comments)

Cisco Global Site Selector Appliances DoS
Published: 11.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9568
Type: remote
Level: 6/10
Description: Crash on malformed DNS requests sequence.

Affected: CISCO : Cisco GSS 4480
CISCO : Cisco GSS 4490
CISCO : Cisco GSS 4491
CISCO : Cisco GSS 4492
CVE: CVE-2008-3819 (dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.)

Original document CISCO, Cisco Security Advisory: Cisco Global Site Selector Appliances DNS Vulnerability (11.01.2009)

Discuss: Read or add your comments to this news (0 comments)

Multiple FTP servers unsafe fgets() vulnerability
updated since 30.09.2008
Published: 11.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9317
Type: remote
Level: 5/10
Description: It's possible to embed additional commands into URLs.

Affected: FREEBSD : FreeBSD 7.0
NETBSD : NetBSD 4.0
OPENBSD : OpenBSD 4.3
CVE: CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.)

Original document FREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd (11.01.2009)

FREEBSD, FreeBSD Security Advisory FreeBSD-SA-09:01.lukemftpd (09.01.2009)

Maksymilian Arciemowicz, multiple vendor ftpd - Cross-site request forgery (30.09.2008)

Discuss: Read or add your comments to this news (0 comments)

CA Service Metric Analysis / CA Service Level Management code execution
Published: 11.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9571
Type: remote
Level: 6/10
Description: It's possible to execute commands with snmp service.

Affected: CA : CA Service Level Management 3.5
CA : CA Service Metric Analysis 11.0
CA : CA Service Metric Analysis 11.1
CVE: CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.)

Original document CA, CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability (11.01.2009)

Discuss: Read or add your comments to this news (0 comments)

test server