Computer Security
[EN] securityvulns.ru no-pyccku


RealNetworks RealPlayer multiple security vulnerabilities
updated since 05.12.2011
Published:11.12.2011
Source:
SecurityVulns ID:12071
Type:client
Threat Level:
7/10
Description:Multiple vulnerabilities on different media formats parsing.
Affected:REAL : RealPlayer 14.0
 REAL : Mac RealPlayer 12.0
CVE:CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.)
 CVE-2011-4259 (Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.)
 CVE-2011-4258 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.)
 CVE-2011-4256 (The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2011-4255 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.)
 CVE-2011-4253 (Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2011-4252 (The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.)
 CVE-2011-4251 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.)
 CVE-2011-4250 (Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2011-4248 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.)
Original documentdocumentZDI, ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability (11.12.2011)
 documentZDI, ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability (11.12.2011)
 documentZDI, ZDI-11-331 : RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability (05.12.2011)
 documentZDI, ZDI-11-332 : RealNetworks RealPlayer Malformed AAC File Parsing Remote Code Execution Vulnerability (05.12.2011)
 documentZDI, ZDI-11-333 : RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability (05.12.2011)
 documentZDI, ZDI-11-334 : RealNetworks RealPlayer genr Sample Size Parsing Remote Code Execution Vulnerability (05.12.2011)
 documentZDI, ZDI-11-335 : RealNetworks RealPlayer RV10 Sample Height Parsing Remote Code Execution Vulnerability (05.12.2011)
 documentZDI, ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability (05.12.2011)
 documentZDI, ZDI-11-337 : RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability (05.12.2011)
 documentZDI, ZDI-11-338 : RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability (05.12.2011)

HTC Touch2 memory corruption
Published:11.12.2011
Source:
SecurityVulns ID:12077
Type:local
Threat Level:
3/10
Description:Memory corruption on 3g2 video files processing.
Affected:HTC : HTC Touch2 T3333
Original documentdocumentsignaladvisory_(at)_gmail.com, [SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption (11.12.2011)

CA SiteMidner crossite scripting
Published:11.12.2011
Source:
SecurityVulns ID:12078
Type:remote
Threat Level:
5/10
Description:login.fcc crossite scripting
Affected:CA : SiteMinder 6
 CA : SiteMinder 12
CVE:CVE-2011-4054 (Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.)
Original documentdocumentCA, CA20111208-01: Security Notice for CA SiteMinder (11.12.2011)

HP Application Lifestyle Management symbolic links vulnerability
Published:11.12.2011
Source:
SecurityVulns ID:12080
Type:local
Threat Level:
5/10
Description:Insecurty temporary files creation.
Affected:HP : HP Application Lifestyle Management 11
Original documentdocument0a29 40, 0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11 (11.12.2011)

ISC DHCP DoS
Published:11.12.2011
Source:
SecurityVulns ID:12081
Type:remote
Threat Level:
5/10
Description:Incorrect regular expressions handling.
Affected:ISC : dhcp 4.1
 DHCP : dhcp 4.2
CVE:CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.)

chasen library buffer overflow
Published:11.12.2011
Source:
SecurityVulns ID:12082
Type:remote
Threat Level:
5/10
Description:Buffer overflow on text string parsing.
CVE:CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2361-1] chasen security update (11.12.2011)

Trend Micro Control Manager buffer overflow
Published:11.12.2011
Source:
SecurityVulns ID:12083
Type:remote
Threat Level:
6/10
Description:Buffer overflow on TCP/20101 request parsing.
Original documentdocumentZDI, ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability (11.12.2011)

Novell ZENworks Asset Management directory traversal
updated since 14.04.2011
Published:11.12.2011
Source:
SecurityVulns ID:11595
Type:remote
Threat Level:
5/10
Description:Directory traversal on file upload.
Affected:NOVELL : ZENworks Asset Management 7.5
CVE:CVE-2011-2653 (Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.)
 CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.)
Original documentdocumentZDI, ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability (11.12.2011)
 documentZDI, ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability (14.04.2011)

Asterisk SIP processing security vulnerabilities
updated since 11.12.2011
Published:26.12.2011
Source:
SecurityVulns ID:12079
Type:remote
Threat Level:
5/10
Description:DoS, information leakage.
Affected:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
Original documentdocumentBen Williams, Exploit for Asterisk Security Advisory AST-2011-013 (26.12.2011)
 documentASTERISK, AST-2011-014: Remote crash possibility with SIP and the "automon" feature enabled (11.12.2011)
 documentASTERISK, AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings (11.12.2011)
Files:SIP Username Enumerator for Asterisk (UDP) Security Advisory AST-2011-013, CVE-2011-4597

D-Link DSL-500T / DAP 1150 / DAP-1320 multiple security vulnerabilities
updated since 11.12.2011
Published:14.06.2014
Source:
SecurityVulns ID:12076
Type:remote
Threat Level:
4/10
Description:Web administration interface crossite request forgery, authentication bypass, directory traversal.
Affected:DLINK : D-Link DSL-500T
 DLINK : D-Link DAP-1150
 DLINK : D-Link DAP-1320
Original documentdocumentMustLive, Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150 (14.06.2014)
 documentMustLive, CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150 (14.06.2014)
 documentMustLive, Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150 (04.05.2014)
 documentMustLive, Exploit for D-Link DAP 1150 (11.03.2013)
 documentMustLive, AoF and CSRF vulnerabilities in D-Link DAP 1150 (15.02.2012)
 documentMustLive, Multiple CSRF, DoS and XSS vulnerabilities in D-Link DAP 1150 (15.02.2012)
 documentMustLive, CSRF, DT and AB vulnerabilities in D-Link DSL-500T ADSL Router (26.12.2011)
 documentMustLive, Vulnerabilities in D-Link DAP 1150 (12.12.2011)
 documentMustLive, Vulnerabilities in D-Link DSL-500T ADSL Router (11.12.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod