Computer Security
[EN] securityvulns.ru no-pyccku


VMWare multiple security vulnerabilities
updated since 08.04.2009
Published:12.04.2009
Source:
SecurityVulns ID:9801
Type:remote
Threat Level:
6/10
Description:Multiple DoS conditions, privilege escalations, buffer overflows in VNnc codec.
Affected:VMWARE : VMware Server 1.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESXi 3.0
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Workstation 6.5
 VMWARE : VMware Player 2.5
 VMWARE : VMware ACE 2.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Fusion 2.0
CVE:CVE-2009-1244 (Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.)
 CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.)
 CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.)
 CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CVE-436.)
 CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CVE-435.)
 CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.)
 CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.)
 CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130 and earlier, and VMware Player 2.5.1 build 126130 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.)
 CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.)
 CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.)
Original documentdocumentVMWARE, VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability (12.04.2009)
 documentVMWARE, VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues (08.04.2009)

OpenSC protection bypass
Published:12.04.2009
Source:
SecurityVulns ID:9820
Type:local
Threat Level:
5/10
Description:It's possible to obtain access to smart card data without entering PIN.
Affected:OPENSC : OpenSC 0.11
CVE:CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:089 ] opensc (12.04.2009)

Chance-i DiViS DVR System multiple security vulnerabilities
Published:12.04.2009
Source:
SecurityVulns ID:9821
Type:remote
Threat Level:
5/10
Description:Web server directory traversal, ActiveX bufer overflow.
Affected:CHANCEI : DiViS DVR System 2.0
Original documentdocumentDSecRG, [DSECRG-09-035] Chance-i DiViS DVR ActiveX - Heap Overflow (12.04.2009)
 documentesearch_(at)_dsecrg.com, [DSECRG-09-036] Chance-i Techno Vision Security System - Directory Traversal File Download (12.04.2009)

ftpdmin buffer overflow
Published:12.04.2009
Source:
SecurityVulns ID:9822
Type:remote
Threat Level:
5/10
Description:RNFR buffer overflow
Affected:FTPDMIN : ftpdmin 0.96
Original documentdocumentrgod, ftpdmin v. 0.96 RNFR remote buffer overflow exploit (12.04.2009)

HP Deskjet 6800 crossite scripting
Published:12.04.2009
Source:
SecurityVulns ID:9823
Type:remote
Threat Level:
4/10
Description:Crossite scripting in web interface
Affected:HP : Deskjet 6840
Original documentdocumentmcyr2_(at)_csc.com, HP Deskjet 6800 XSS in Web Interface (12.04.2009)

Microsoft Internet Explorer DoS
Published:12.04.2009
Source:
SecurityVulns ID:9824
Type:client
Threat Level:
4/10
Description:Browser hangs while trying to determine charset of the text document with large number of random characters.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
Original documentdocumentNam Nguyen, [BMSA 2009-04] Remote DoS in Internet Explorer (12.04.2009)

Wicd information leak
Published:12.04.2009
Source:
SecurityVulns ID:9825
Type:local
Threat Level:
5/10
Description:User can hijack DBus messages intended for Wicd server process.
Affected:WICD : wicd 1.5
CVE:CVE-2009-0489 (The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200904-12 ] Wicd: Information disclosure (12.04.2009)

roundup privilege escalation
Published:12.04.2009
Source:
SecurityVulns ID:9826
Type:local
Threat Level:
5/10
Affected:ROUNDUP : roundup 1.2
Original documentdocumentDEBIAN, [SECURITY] [DSA 1754-1] New roundup packages fix privilege escalation (12.04.2009)

PHP DoS
Published:12.04.2009
Source:
SecurityVulns ID:9827
Type:library
Threat Level:
5/10
Description:Crash on malformed string in JSON_parser.
Affected:PHP : PHP 5.2
CVE:CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:090 ] php (12.04.2009)

OpenAFS multiple security vulnerabilities
Published:12.04.2009
Source:
SecurityVulns ID:9828
Type:remote
Threat Level:
6/10
Description:DoS, buffer overflow.
Affected:OPENAFS : OpenAFS 1.4
 OPENAFS : OpenAFS 1.5
CVE:CVE-2009-1251 (Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.)
 CVE-2009-1250 (The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1768-1] New openafs packages potential code execution (12.04.2009)

PHP safe mode bypass vulneraebility
updated since 24.01.2008
Published:12.04.2009
Source:
SecurityVulns ID:8600
Type:local
Threat Level:
5/10
Description:It's possible to access files behind sandbox directory with cURL module.
Affected:PHP : PHP 5.2
CVE:CVE-2007-4850
Original documentdocumentMaksymilian Arciemowicz, PHP 5.2.9 curl safe_mode & open_basedir bypass (12.04.2009)
 documentMaksymilian Arciemowicz, PHP 5.2.5 cURL safe_mode bypass (24.01.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.04.2009
Published:14.04.2009
Source:
SecurityVulns ID:9819
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. VBulletin: crossite scripting
Affected:IMP : IMP 4.1
 PHPREVISTA : Revista 1.1
 VBULLETIN : vBulletin 3.7
 ABKSOFT : AbleSpace 1.0
 PHPAGENDA : PHP-agenda 2.2
 LOGGIX : Loggix Project 9.4
 DF2 : Dynamic Flash Forum 1.0
 VBULLETIN : vbAnonymizer 3.0
CVE:CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.)
 CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.)
Original documentdocumentDSecRG, [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities (14.04.2009)
 documentMustLive, Vulnerability in vbAnonymizer for vBulletin (14.04.2009)
 documentmarianiscc_(at)_hotmail.com, Re: PHP-Revista Multiple vulnerabilities (14.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting (13.04.2009)
 documentMustLive, Re: Vulnerabilities in vBulletin (13.04.2009)
 documentSalvatore "drosophila" Fresta, Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities (12.04.2009)
 documentSalvatore "drosophila" Fresta, Loggix Project 9.4.5 Blind SQL Injection (12.04.2009)
 documentSalvatore "drosophila" Fresta, PHP-agenda <= 2.2.5 Remote File Overwriting (12.04.2009)
 documentMustLive, Vulnerabilities in vBulletin (12.04.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod