 |
|
|
|
| HTC Touch2 memory corruption | | Published: |  | 11.12.2011 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 12077 | | Type: |  | local | | Level: |  | 3/10 | | Description: |  | Memory corruption on 3g2 video files processing. |
| CA SiteMidner crossite scripting | | Published: | | 11.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12078 | | Type: | | remote | | Level: | | 5/10 | | Description: | | login.fcc crossite scripting |
| Affected: |  | CA : SiteMinder 6 | | | | CA : SiteMinder 12 | | CVE: |  | CVE-2011-4054 (Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.) |
| HP Application Lifestyle Management symbolic links vulnerability | | Published: | | 11.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12080 | | Type: | | local | | Level: | | 5/10 | | Description: | | Insecurty temporary files creation. |
| ISC DHCP DoS | | Published: | | 11.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12081 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Incorrect regular expressions handling. |
| Affected: | | ISC : DHCP 4.1 | | | | ISC : DHCP 4.2 | | CVE: | | CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.) |
| chasen library buffer overflow | | Published: | | 11.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12082 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on text string parsing. |
| CVE: | | CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string.) |
Novell ZENworks Asset Management directory traversal
updated since 14.04.2011 | | Published: | | 11.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 11595 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Directory traversal on file upload. |
| Affected: | | NOVELL : ZENworks Asset Management 7.5 | | CVE: | | CVE-2011-2653 (Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.) | | | | CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.) |
RealNetworks RealPlayer multiple security vulnerabilities
updated since 05.12.2011 | | Published: | | 11.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12071 | | Type: | | client | | Level: | | 7/10 | | Description: | | Multiple vulnerabilities on different media formats parsing. |
| Affected: | | REAL : RealPlayer 14.0 | | | | REAL : Mac RealPlayer 12.0 | | CVE: | | CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.) | | | | CVE-2011-4259 (Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.) | | | | CVE-2011-4258 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.) | | | | CVE-2011-4256 (The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.) | | | | CVE-2011-4255 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.) | | | | CVE-2011-4253 (Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.) | | | | CVE-2011-4252 (The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.) | | | | CVE-2011-4251 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.) | | | | CVE-2011-4250 (Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.) | | | | CVE-2011-4248 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.) |
| Original document |  | ZDI, ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability (11.12.2011) |
| | | ZDI, ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability (11.12.2011) |
| | | ZDI, ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability (05.12.2011) |
| | | ZDI, ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability (05.12.2011) |
| | | ZDI, ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability (05.12.2011) |
| | | ZDI, ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability (05.12.2011) |
| | | ZDI, ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability (05.12.2011) |
| | | ZDI, ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability (05.12.2011) |
| | | ZDI, ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability (05.12.2011) |
| | | ZDI, ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability (05.12.2011) |
| Trend Micro Control Manager buffer overflow | | Published: | | 11.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12083 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow on TCP/20101 request parsing. |
Asterisk SIP processing security vulnerabilities
updated since 11.12.2011 | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12079 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS, information leakage. |
D-Link DSL-500T / D-Link DAP 1150 multiple security vulnerabilities
updated since 11.12.2011 | | Published: | | 15.02.2012 | | Source: | | MustLive | | SecurityVulns ID: | | 12076 | | Type: | | remote | | Level: | | 3/10 | | Description: | | Web administration interface crossite request forgery, authentication bypass, directory traversal. |
|
|
|
|
|
|
|
|
