Computer Security
[EN] securityvulns.ru no-pyccku


TRENDnet / Digicom / iPUX / ZoneNet / AirLink101 IP camera products multiple security vulnerabilities
Published:11.06.2011
Source:
SecurityVulns ID:11724
Type:remote
Threat Level:
5/10
Description:Undocumented productmaker:ftvsbannedcode account may access camera via Web interface. Different vulnerabilities allows to obtain full administrative access via this account.
Original documentdocumentroberto.paleari_(at)_emaze.net, Multiple vulnerabilities in several IP camera products (11.06.2011)

Novell iPrint multiple security vulnerabilities
Published:11.06.2011
Source:
SecurityVulns ID:11725
Type:client
Threat Level:
6/10
Description:Code execution via op-printer-list-all-jobs URI handler and cookie, Multiple ActiveX code execution vulnerabilities.
Affected:NOVELL : iPrint Client 5.63
CVE:CVE-2011-1708 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie.)
 CVE-2011-1707 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url.)
 CVE-2011-1706 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.)
 CVE-2011-1705 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url.)
 CVE-2011-1704 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.)
 CVE-2011-1703 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.)
 CVE-2011-1702 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.)
 CVE-2011-1701 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.)
 CVE-2011-1700 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url.)
 CVE-2011-1699 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.)
Original documentdocumentZDI, ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-175: Novell iPrint nipplib.dll file-date-time Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-176: Novell iPrint nipplib.dll driver-version Remote Code Vulnerability (11.06.2011)
 documentZDI, ZDI-11-177: Novell iPrint nipplib.dll core-package Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-178: Novell iPrint nipplib.dll client-file-name Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-179: Novell iPrint nipplib.dll iprint-client-config-info Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-180: Novell iPrint op-printer-list-all-jobs cookie Remote Code Execution Vulnerability (11.06.2011)
 documentZDI, ZDI-11-181: Novell iPrint op-printer-list-all-jobs url Remote Code Execution Vulnerability (11.06.2011)

OProfile privilege escalation
Published:11.06.2011
Source:
SecurityVulns ID:11726
Type:local
Threat Level:
4/10
Description:Privilege escalation via opcontrol
Affected:OPROFILE : OProfile 0.9
CVE:CVE-2011-1760 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2254-1] oprofile security update (11.06.2011)

VMWare Tools privilege escalations
updated since 11.06.2011
Published:11.06.2011
Source:
SecurityVulns ID:11727
Type:local
Threat Level:
5/10
Description:Privilege escalation via mount.vmhgfs and vmware-user-suid-wrapper suid utilities.
Affected:VMWARE : VMware Workstation 7.1
 VMWARE : VMware Player 3.1
 VMWARE : VMware Fusion 3.1
 VMWARE : ESXi 4.1
 VMWARE : ESX 4.1
CVE:CVE-2011-2146 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 though 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.)
 CVE-2011-2145 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 though 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error.")
 CVE-2011-1787 (Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 though 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.)
Original documentdocumentVSR Advisories, VMware Tools Multiple Vulnerabilities (11.06.2011)

VMWare VirtualCenter ActiveX memory corruption
Published:11.06.2011
Source:
SecurityVulns ID:11728
Type:client
Threat Level:
5/10
Description:Tom Sawyer's Default GET Extension Factory ActiveX memory corruption.
Affected:VMWARE : VMWare VirtualCenter 2.5
CVE:CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.03.11: Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability (11.06.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod