Computer Security
[EN] securityvulns.ru no-pyccku


Sun VirtualBox DoS
Published:11.03.2010
Source:
SecurityVulns ID:10678
Type:local
Threat Level:
5/10
Affected:SUN : xVM VirtualBox 1.6
 SUN : xVM VirtualBox 2.0
 SUN : xVM VirtualBox 2.1
 SUN : xVM VirtualBox 2.2
CVE:CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:059 ] virtualbox (11.03.2010)

kvm multiple security vulnerabilities
Published:11.03.2010
Source:
SecurityVulns ID:10680
Type:local
Threat Level:
5/10
Description:DoS, privilege escalation.
Affected:KVM : kvm 72
CVE:CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.)
 CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.)
 CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.)
 CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities (11.03.2010)

Apache mod_isapi uninitialized pointer function call
Published:11.03.2010
Source:
SecurityVulns ID:10686
Type:remote
Threat Level:
7/10
Description:Uunder some conditions function from dynamic library is called by it's address after library is unloaded.
Affected:APACHE : Apache 2.2
CVE:CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers.")
Original documentdocumentSense of Security, Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002 (11.03.2010)

Spamassasin milter plugin shell characters vulnerability
Published:11.03.2010
Source:
SecurityVulns ID:10687
Type:remote
Threat Level:
8/10
Description:Shell characters vulnerability via RCPT TO: command.
Affected:SPAMASSASIN : spamassasin-milter 0.3
Original documentdocumentKingcope Kingcope, Spamassassin Milter Plugin Remote Root (11.03.2010)

Integer overflow in Autonomy KeyView / Symantec antiviral applications
Published:11.03.2010
Source:
SecurityVulns ID:10684
Type:library
Threat Level:
7/10
Description:Buffer overflow on Microsoft Office documents parsing.
Affected:IBM : Lotus Notes 8.5
CVE:CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.04.10: Autonomy KeyView OLE Document Integer Overflow Vulnerability (11.03.2010)

Microsoft Excel multiple security vulnerabilities
updated since 10.03.2010
Published:11.03.2010
Source:
SecurityVulns ID:10676
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows, memory corruptions, code execution.
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability.")
 CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability.")
 CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability.")
 CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXTUPLE record is broken up into several records," aka "Microsoft Office Excel MDXTUPLE Record Heap Overflow Vulnerability.")
 CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability.")
 CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.09.10: Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability (11.03.2010)
 documentIDEFENSE, iDefense Security Advisory 03.09.10: Microsoft Excel MDXSET Record Heap Overflow Vulnerability (11.03.2010)
 documentIDEFENSE, iDefense Security Advisory 03.09.10: Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability (11.03.2010)
 documentIDEFENSE, iDefense Security Advisory 03.09.10: Microsoft Excel Sheet Object Type Confusion Vulnerability (10.03.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel Record Processing Code Execution Vulnerability (10.03.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-1103: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability (10.03.2010)
 documentZDI, ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability (10.03.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-017 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) (10.03.2010)
Files:Microsoft Security Bulletin MS10-017 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.03.2010
Source:
SecurityVulns ID:10677
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DVBBS : Dvbbs 7.1
 DVBBS : Dvbbs 8.2
 TYPO3 : typo3 4.2
 WORDPRESS : WordPress 2.9
 KANDIDATCMS : Kandidat CMS 1.3
 CHATON : Chaton 1.5
 TDIARY : tdiary 2.2
 TIMECLOCKSOFTWAR : Employee Timeclock 0.99
 BBSMAX : BBSMAX 4.2
 BBSMAX : BBSMAX 4.1
 BBSMAX : BBSMAX 3.0
 TYPO3 : typo3 4.3
 CROOGO : Croogo CMS 1.2
 BBSXP : BBSXP 2008
 CA : SiteMinder 6.0
CVE:CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.)
 CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name.")
 CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.)
Original documentdocumentInj3ct0r.com, Kandidat CMS versions 1.3.1 Cross Site Scripting Vulnerability (11.03.2010)
 documentYaniv Miron, Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerability (11.03.2010)
 documentCA, CA20100304-01: Security Notice for CA SiteMinder (11.03.2010)
 documentlis cker, [xss] a xss on "ThreadID" parameter in BBSXP 2008 from china (11.03.2010)
 documentMaciej Gojny, SQL injection vulnerability in Natychmiast CMS (11.03.2010)
 documentlis cker, [xss] a xss on "action" parameter in BBSMAX (11.03.2010)
 documentlis cker, [XSS] i found a xss on "page" parameter in "eccredit.php" in Dvbbs < 8.3.0 (11.03.2010)
 documentMaciej Gojny, SQL injection vulnerability in wILD CMS (11.03.2010)
 documentPaulino Calderon, Croogo CMS 1.2 Cross Site Scripting Vulnerabilities (11.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities (11.03.2010)
 documentlis cker, [xss] a xss on "threadid" parameter in BBSMAX (11.03.2010)
 documentSECUNIA, Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities (11.03.2010)
 documentSECUNIA, Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure (11.03.2010)
 documentSECUNIA, Secunia Research: Employee Timeclock Software Backup Information Disclosure (11.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2009-1] New tdiary packages fix cross-site scripting (11.03.2010)
 documentInj3ct0r.com, Chaton <= 1.5.2 Local File Include Vulnerability (11.03.2010)
 documentMustLive, Brute Force and Insufficient Authorization vulnerabilities in WordPress (11.03.2010)

XNView buffer overflow
Published:11.03.2010
Source:
SecurityVulns ID:10679
Type:local
Threat Level:
4/10
Description:Integer overflow on DICOM images parsing leading to buffer overflow.
Affected:XNVIEW : XnView 1.97
CVE:CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.)
Original documentdocumentSECUNIA, Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability (11.03.2010)

GNU tar / cpio buffer overflow
Published:11.03.2010
Source:
SecurityVulns ID:10681
Type:client
Threat Level:
5/10
Description:Buffer overflow in rmt code implementation
Affected:SYMANTEC : Symantec Mail Security for Domino 7.5
 GNU : tar 1.23
 GNU : cpio 2.11
 SYMANTEC : Symantec Mail Security for Domino 8.0
 SYMANTEC : Symantec Mail Security for Microsoft Exchange 6.0
CVE:CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.)
Original documentdocumentJakob Lell, CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio (11.03.2010)

HP OpenView Performance Insight code execution
Published:11.03.2010
Source:
SecurityVulns ID:10682
Type:remote
Threat Level:
6/10
Description:It's possible to upload JSP page to server.
Affected:HP : Performance Insight 5.4
CVE:CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.)
Original documentdocumentZDI, ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability (11.03.2010)
 documentHP, [security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands (11.03.2010)

Juniper Secure Access crossite scripting
Published:11.03.2010
Source:
SecurityVulns ID:10683
Type:remote
Threat Level:
5/10
Description:editbk.cgi crossite scripting
Affected:JUNIPER : Juniper IVE OS 6.3
 JUNIPER : Juniper IVE OS 6.4
 JUNIPER : Juniper IVE OS 6.5
Original documentdocumentSecurity Lists NL, Juniper SA Series Cross Site Scripting Issue (11.03.2010)

ncpfs multiple security vulnerabilities
Published:11.03.2010
Source:
SecurityVulns ID:10685
Type:local
Threat Level:
5/10
Description:DoS conditions, information disclosure.
Affected:NCPFS : ncpfs 2.2
CVE:CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.)
 CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.)
 CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.)
Original documentdocumentDan Rosenberg, ncpfs, Multiple Vulnerabilities (11.03.2010)

Yahoo Player buffer overflow
Published:11.03.2010
Source:
SecurityVulns ID:10688
Type:local
Threat Level:
4/10
Description:Buffer overflow on .m3u files parsing.
Affected:YAHOO : Yahoo Player 1.0
Original documentdocumentInj3ct0r.com, Yahoo Player 1.0 (.m3u) Local Buffer Overflow PoC (11.03.2010)
Files:Yahoo Player 1.0 (.m3u) Local Buffer Overflow PoC

dpkg directory traversal
updated since 11.03.2010
Published:07.01.2011
Source:
SecurityVulns ID:10689
Type:client
Threat Level:
4/10
Description:Directory traversal on package content extraction.
Affected:DEBIAN : dpkg 1.14
CVE:CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.)
 CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal (07.01.2011)
 documentDEBIAN, [SECURITY] [DSA 2011-1] New dpkg packages fix path traversal (11.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod