Computer Security
[EN] securityvulns.ru no-pyccku


MySQL DoS
Published:11.05.2010
Source:
SecurityVulns ID:10818
Type:local
Threat Level:
4/10
Description:Local user can execute UNINSTALL PLUGIN funtion
Affected:ORACLE : MySQL 5.1
Original documentdocumentMANDRIVA, [ MDVSA-2010:093 ] mysql (11.05.2010)

Linux kernel DoS
Published:11.05.2010
Source:
SecurityVulns ID:10819
Type:local
Threat Level:
5/10
Description:DoS conditions in nfs_wait_on_request, and sg_build_indirect functions.
CVE:CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.)
 CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.)
Original documentdocumentRPATH, rPSA-2010-0037-1 kernel (11.05.2010)

PHP multiple security vulnerabilities
Published:11.05.2010
Source:
SecurityVulns ID:10820
Type:library
Threat Level:
7/10
Description:Multiple information lekages, uninitialized memory access, double free(), integer overflows.
Affected:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.)
 CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.)
 CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.)
 CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.)
 CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.)
 CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.)
 CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.)
 CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.)
Original documentdocumentPHP-SECURITY, MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-008: PHP chunk_split() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, preg_quote() Interruption Information Leak Vulnerability (11.05.2010)
 documentStefan Esser, Month of PHP Security - Summary - 1st May - 10th May (11.05.2010)

Microsoft Windows Mail / Outlook Express integer overflow
Published:11.05.2010
Source:
SecurityVulns ID:10821
Type:client
Threat Level:
5/10
Description:Integer overflow on POP3 or IMAP server reply parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0816 (Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability.")
Original documentdocumentFrancis Provencher, {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow (11.05.2010)
 documentFrancis Provencher, {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow (11.05.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-030 - Critical Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) (11.05.2010)
Files:Microsoft Security Bulletin MS10-030 - Critical Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)

Microsoft VBA buffer overflow
Published:11.05.2010
Source:
SecurityVulns ID:10822
Type:library
Threat Level:
8/10
Description:Buffer overflow on ActiveX elements search on Microsoft Office files parsing.
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-031 - Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213) (11.05.2010)
Files:Microsoft Security Bulletin MS10-031 - Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

MPlayer integer overflow
Published:11.05.2010
Source:
SecurityVulns ID:10823
Type:client
Threat Level:
5/10
Description:Integer overflow on RDT streams playing.
Affected:MPLAYER : MPlayer 1.0
Original documentdocumentDEBIAN, [SECURITY] [DSA 2044-1] New mplayer packages fix arbitrary code execution (11.05.2010)

dvipng / TeX Live memory corruption
Published:11.05.2010
Source:
SecurityVulns ID:10824
Type:local
Threat Level:
4/10
Description:Memory corruption on DVI files processing.
Affected:DVIPNG : dvipng 1.12
CVE:CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.)
 CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.)
 CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.)
 CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
Original documentdocumentUBUNTU, [USN-937-1] TeX Live vulnerabilities (11.05.2010)
 documentUBUNTU, [USN-936-1] dvipng vulnerability (11.05.2010)

PCRE library buffer overflow
Published:11.05.2010
Source:
SecurityVulns ID:10825
Type:library
Threat Level:
6/10
Description:Buffer overflow on regular expresssion compilation.
Affected:PCRE : PCRE 8.01
Original documentdocumentMichael Santos, PCRE compile workspace overflow (11.05.2010)

fetchmail resources exhaustion
Published:11.05.2010
Source:
SecurityVulns ID:10826
Type:client
Threat Level:
4/10
Description:Memory exhaustion on debugging information printing.
Affected:FETCHMAIL : fetchmail 6.3
CVE:CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.)
Original documentdocumentMatthias Andree, fetchmail security announcement fetchmail-SA-2010-02 (CVE-2010-1167) (11.05.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 11.05.2010
Published:13.05.2010
Source:
SecurityVulns ID:10817
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 CLANTIGER : ClanTiger 1.1
 FAMILICMS : Family Connections 2.2
 ADVANCEDPOLL : Advanced Poll 2.08
 ORANGEHRM : OrangeHRM 2.5
 CMSMADESIMPLE : CMS Made Simple 1.7
 JAWS : jaws 0.8
 ECSHOP : ECShop 2.7
 SOURCEFABRIC : Campsite 3.3
 CLANSPHERE : ClanSphere 2009.0
 DELUXEBB : DeluxeBB 1.3
 EFRONTLEARNING : Efront 3.6
 S9Y : Serendipity 1.5
 XINHA : Xinha 0.96
 REZERVI : REZERVI 3.0
CVE:CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.)
 CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.)
 CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.)
Original documentdocumentMustLive, Vulnerability in tagcloud for Kasseler CMS (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave 3D Blocks Field Code Execution Vulnerability (CVE-2010-1283) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave 3D Two Remote Code Execution Vulnerabilities (CVE-2010-1284) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129) (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability (13.05.2010)
 documenteidelweiss, 29o3 CMS (LibDir) Multiple Remote File Inclusion Vulnerability (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in Saurus CMS (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in DynamiXgate Affiliate Store Builder (11.05.2010)
 documentMustLive, Vulnerability in widget Cumulus for BlogEngine.NET (11.05.2010)
 documentMANDRIVA, [ MDVSA-2010:092 ] cacti (11.05.2010)
 documenteidelweiss, REZERVI (root) Remote Command Execution Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, ClanTiger Shoutbox Module s_email SQL Injection vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability (11.05.2010)
 documentStefan Esser, Month of PHP Security - Summary - 1st May - 10th May (11.05.2010)
 documentvulns_(at)_wintercore.com, [Wintercore Research] Consona Products - Multiple vulnerabilities (11.05.2010)
 documentlis cker, Injection of ECShop apps. (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Jaws (11.05.2010)
 documentHanno Bock, pmwiki: persistent cross site scripting (XSS), CVE-2010-1481 (11.05.2010)
 documentHanno Bock, CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482 (11.05.2010)
 documentZakar Miklуs, SA00001-2010 (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in EasyPublish CMS (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Advanced Poll (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in EasyPublish CMS (11.05.2010)
 documentBUGTRAQ, XSS vulnerability in Advanced Poll (11.05.2010)
 documentSalvatore "drosophila" Fresta, Family Connections 2.2.3 Multiple Remote Vulnerabilities (11.05.2010)
 documentmd.r00t.defacer_(at)_gmail.com, Turnkey Innovations SQL Injection Vulnerability (11.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod