Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.01.2011
Source:
SecurityVulns ID:11343
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPNUK : PHP-Nuke 8.1
 WIKLINK : WikLink 0.1
 WHCMS : whCMS 0.115
 CAMBIOCMS : Cambio 0.5
 DIAFAN : diafan.CMS 4.3
 VAMSOFT : VaM Shop 1.6
 ENERGINE : Energine 2.3
 JAFCMS : JAF-CMS 4.0
 MHONARC : MHonArc 2.6
CVE:CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.)
 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.)
Original documentdocumentMustLive, XSS и IAA уязвимости в PHP-Nuke (11.01.2011)
 documentMANDRIVA, [ MDVSA-2011:003 ] MHonArc (11.01.2011)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "fold" and "site" SQL Injections in WikLink (11.01.2011)
 documentchin4b0y, Persistent Cross Site Scripting Vulnerability In JAF-CMS ver 4.0_RC_2 (11.01.2011)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, Stored XSS vulnerability in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, Path disclosure in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Energine (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in VaM Shop (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in diafan.CMS (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Cambio (11.01.2011)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in whCMS (11.01.2011)

NewV SmartClient ActiveX multiple security vulnerabilities
Published:11.01.2011
Source:
SecurityVulns ID:11344
Type:client
Threat Level:
5/10
Description:Buffer overflows, files access, code execution.
Affected:NEWV : NewV smartclient 1.0
Original documentdocumentyuguo.cn_(at)_gmail.com, NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute (11.01.2011)
 documentwsn1983_(at)_gmail.com, NewvCommon.ocx ActiveX Insecure Method Vulnerability (11.01.2011)
 documentwsn1983_(at)_gmail.com, NewvCommon.ocx ActiveX Remote Code Execution Vulnerability (11.01.2011)

SGI Irix kernel integer overflow
Published:11.01.2011
Source:
SecurityVulns ID:11345
Type:local
Threat Level:
5/10
Description:Integer overflow in SGI_XLV_ATTR_GET syscall.
Affected:SGI : Irix 6.5
Original documentdocumentDigit Security Research, Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service (11.01.2011)

Wireshark buffer overflow
updated since 11.01.2011
Published:20.01.2011
Source:
SecurityVulns ID:11346
Type:remote
Threat Level:
5/10
Description:Buffer overflow on ENTTEC DMX RLE decompression and MAC-LTE parsing.
Affected:WIRESHARK : Wireshark 1.2
CVE:CVE-2011-0444 (Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.)
 CVE-2010-4538 (Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:007 ] wireshark (20.01.2011)
 documentMANDRIVA, [ MDVSA-2011:002 ] wireshark (11.01.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod