Computer Security
[EN] securityvulns.ru no-pyccku


Your Own Personal Server Web-Server buffer overflow
Published:11.09.2010
Source:
SecurityVulns ID:11128
Type:remote
Threat Level:
5/10
Description:Buffer overflow on request headers parsing.
Affected:YOPS : YOPS 2009-11-30
Original documentdocumentRodrigo Escobar, [DCA-00015] YOPS Web Server Remote Command Execution (11.09.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 11.09.2010
Published:12.09.2010
Source:
SecurityVulns ID:11131
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:HORDE : Horde 3.3
 CUBECART : CubeCart 4.3
 TYPO3 : typo3 4.3
 JOOMLA : Aardvertiser 2.1
 ZENPHOTO : Zenphoto 1.3
 JOOMLA : Clantools 1.5
 CHILLIYCMS : chillyCMS 1.1
 SMBIND : smbind 0.4
 OPENCLASSIFIELDS : Open Classifieds 1.3
 NETARTMEDIA : Real Estate Portal 2.0
 NETARTMEDIA : iBoutique.MALL 1.2
 POWERSTORE : PowerStore 3
 IBPRO : IB Pro CMS 1.0
 IBPRO : IB Pro CMS 2.0
 MEMBERMANAGEMENT : Member Management System 4.0
Original documentdocumentr0t, Member Management System v 4.0 XSS vuln. (12.09.2010)
 documentMustLive, Уязвимости в IB Promotion Advanced Business Web Suite (12.09.2010)
 documentr0t, NetArtMEDIA Car Portal v2.0 XSS vuln. (12.09.2010)
 documentr0t, PowerStore™ 3 XSS vuln. (12.09.2010)
 documentr0t, iBoutique.MALL 1.2 XSS vuln. (12.09.2010)
 documentr0t, NetArtMEDIA Real Estate Portal v2.0 XSS vuln. + NetArtMEDIA lfi. (12.09.2010)
 documentr0t, Open Classifieds version 1.7.0.2 XSS Vuln. (12.09.2010)
 documentDEBIAN, [SECURITY] [DSA-2103-1] New smbind packages fix sql injection (12.09.2010)
 documentadmin_(at)_bugreport.ir, chillyCMS Multiple Vulnerabilities (12.09.2010)
 documentsattler_(at)_solidmedia.de, Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities (12.09.2010)
 documentsattler_(at)_solidmedia.de, Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability (12.09.2010)
 documentMoritz Naumann, XSS in Horde Application Framework <=3.3.8, icon_browser.php (12.09.2010)
 documentBogdan Calin, Security problems in Zenphoto version 1.3 (12.09.2010)
 documentDEBIAN, [SECURITY] [DSA 2098-2] New typo3-src packages fix regression (12.09.2010)
 documentsattler_(at)_solidmedia.de, Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability (12.09.2010)
 documentBogdan Calin, SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3 (11.09.2010)

HP Data Protector Express privilege escalation
updated since 11.09.2010
Published:17.09.2010
Source:
SecurityVulns ID:11130
Type:remote
Threat Level:
5/10
Description:Buffer overflow in DtbClsLogin
Affected:HP : HP Data Protector Express 3.5
 HP : HP Data Protector Express 4.0
CVE:CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.)
 CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.)
Original documentdocumentZDI, ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability (17.09.2010)
 documentHP, [security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local (11.09.2010)
 documentHP, [security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code (11.09.2010)

Linux kernel multiple security vulnerabilities
updated since 11.09.2010
Published:20.09.2010
Source:
SecurityVulns ID:11129
Type:local
Threat Level:
6/10
Description:DoS conditions, CIFS client privilege escalation, do_anonymous_page privilege escalation, information leak in XFS, privilege escalation in compat_alloc_user_space().
Affected:LINUX : kernel 2.6
CVE:CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.)
 CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.)
 CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.)
 CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.)
 CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.)
 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.)
 CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.)
 CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.)
 CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues (20.09.2010)
 documentMANDRIVA, [ MDVSA-2010:172 ] kernel (11.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod