Computer Security
[EN] securityvulns.ru no-pyccku


Oracle Sun Java WebStart code execution
Published:12.04.2010
Source:
SecurityVulns ID:10752
Type:client
Threat Level:
8/10
Description:Characters injection during javaws/javaws.exe launch allows dynamic library execution in specified location.
Original documentdocumentReversemode, JAVA web start arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading (0day) (12.04.2010)

WinSoftMagic Photo Editor buffer overflow
Published:12.04.2010
Source:
SecurityVulns ID:10753
Type:local
Threat Level:
4/10
Description:Buffer overflow on .PNG files parsing.
Original documentdocumenteidelweiss, WinSoftMagic Photo Editor .PNG File Buffer Overflow (12.04.2010)
Files:Exploits WinSoftMagic Photo Editor .PNG File Buffer Overflow

Apple QuickTime/iTunes multiple security vulnerabilities
updated since 05.04.2010
Published:12.04.2010
Source:
SecurityVulns ID:10740
Type:library
Threat Level:
8/10
Description:Multiple vulnerabilities on FLC, PICT and multiple graphics and video formats parsing.
Affected:QUICKTIME : QuickTime 7.6
 APPLE : iTunes 9.0
CVE:CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.)
 CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value.)
 CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.)
 CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression.)
 CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression.)
 CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.)
 CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.)
 CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.)
 CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.)
 CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.)
 CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.)
 CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.)
 CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA.)
 CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.)
 CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.)
Original documentdocumentZDI, ZDI-10-068: Apple QuickTime H.263 Array Index Parsing Remote Code Execution Vulnerability (12.04.2010)
 documentZDI, ZDI-10-067: Apple QuickTime Pict BkPixPat Remote Code Execution Vulnerability (07.04.2010)
 documentZDI, ZDI-10-045: Apple QuickTime MPEG-1 genl Atom Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-044: Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-043: Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-042: Apple QuickTime MediaVideo Compressor Name Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-041: Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-040: Apple QuickTime RLE Bit Depth Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-038: Apple QuickTime QDMC/QDM2 Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-037: Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-036: Apple QuickTime H.263 PictureHeader Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-035: Apple QuickTime genl Atom Remote Code Execution Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Apple iTunes ColorSync Profile Integer Overflow Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Apple Quicktime PICT Processing Integer Overflow Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Apple Quicktime FLC Encoded Movie Heap Overflow Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Apple Quicktime PICT Handling Heap Overflow Vulnerability (05.04.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.04.2010
Source:
SecurityVulns ID:10751
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PULSECMS : Pulse CMS 1.2
 ANECMS : AneCMS 1.0
Original documentdocumentadmin_(at)_bugreport.ir, AneCMS Multiple Vulnerabilities (12.04.2010)
 documentSECUNIA, Secunia Research: Pulse CMS Arbitrary File Upload Vulnerability (12.04.2010)
 documentSECUNIA, Secunia Research: Pulse CMS Cross-Site Request Forgery (12.04.2010)
 documentInj3ct0r.com, MKPortal Anekdot module XSS Vulnerability (12.04.2010)
 documentInj3ct0r.com, MKPortal Contact module XSS Vulnerability (12.04.2010)
 documentMustLive, Vulnerabilities in com_bookman for Joomla (12.04.2010)
 documentInj3ct0r.com, vBulletin 0-day Denial Of Service Exploit (12.04.2010)
Files:vBulletin Denial Of Service Exploit

VMWare applications multiple security vulnerabilities
updated since 12.04.2010
Published:19.04.2010
Source:
SecurityVulns ID:10754
Type:local
Threat Level:
5/10
Description:Code execution, privilege escalation, buffer overflow, format string vulnerabilities, DoS, information leaks.
Affected:VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 2.5
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Workstation 6.5
 VMWARE : VMware Player 2.5
 VMWARE : VMware ACE 2.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Fusion 2.0
 VMWARE : VMware ESXi 4.0
 VMWARE : VMware ESX 4.0
 VMWARE : VMware Workstation 7.0
 VMWARE : VMware Player 3.0
 VMWARE : VMware ACE 2.6
 VMWARE : VMware Fusion 3.0
 VMWARE : VMware VIX API for Windows 1.6
CVE:CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.)
 CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.)
 CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.)
 CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.)
 CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.)
 CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.)
 CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.)
 CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors.")
 CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.)
Original documentdocumentAlexandr Polyakov, [DSecRG-09-053] VMware Remoute Console - format string (19.04.2010)
 documentACROS Security, ACROS Security: Local Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-2) (14.04.2010)
 documentACROS Security, ACROS Security: Remote Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-1) (14.04.2010)
 documentIDEFENSE, iDefense Security Advisory 04.09.10: VMware VMnc Codec Heap Overflow Vulnerability (13.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - VMware Products Movie Decoder Heap Overflow Vulnerability (12.04.2010)
 documentSECUNIA, Secunia Research: VMWare VMnc Codec HexTile Encoding Buffer Overflow (12.04.2010)
 documentSECUNIA, Secunia Research: VMWare VMnc Codec HexTile Encoding Two Integer Truncation Vulnerabilities (12.04.2010)
 documentVMWARE, VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (12.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod