Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Flash Media Server DoS
Published:12.08.2011
Source:
SecurityVulns ID:11850
Type:remote
Threat Level:
5/10
Description:Memory corruption.
Affected:ADOBE : Flash Media Server 4.0
 ADOBE : Flash Media Server 3.5
CVE:CVE-2011-2132 (Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, allows attackers to cause a denial of service (memory corruption) via unspecified vectors.)
Files:Security update available for Adobe Flash Media Server

Adobe Photoshop memory corruption
Published:12.08.2011
Source:
SecurityVulns ID:11852
Type:local
Threat Level:
4/10
Description:Memory corruption on GIF parsing.
Affected:ADOBE : Photoshop CS5
 ADOBE : Photoshop CS5.1
CVE:CVE-2011-2131 (Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file.)
Files:Security update available for Adobe Photoshop CS5

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.08.2011
Source:
SecurityVulns ID:11853
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SQUIRRELMAIL : squirrelmail 1.4
 ADOBE : RoboHelp 9.0
 ADOBE : RoboHelp Server 9
 MAMBO : Mambo CMS 4.6
 TYPO3 : typo3 4.5
CVE:CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.)
 CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.)
 CVE-2011-2133 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js.)
 CVE-2011-2023 (Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.)
 CVE-2010-4555 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page.)
 CVE-2010-4554 (functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2289-1] typo3-src security update (12.08.2011)
 documentists_(at)_yehg.net, Mambo CMS 4.6.x (4.6.5) | SQL Injection (12.08.2011)
Files:Security updates available for RoboHelp

libavcodec / FFmpeg / MPlayer buffer overflow
Published:12.08.2011
Source:
SecurityVulns ID:11855
Type:library
Threat Level:
5/10
Description:Buffer overflow in CAVS decoding.
Affected:MPLAYER : MPlayer 1.0
 LIBAVCODEC : libavcodec 0.7
 FFMPEG : FFmpeg 0.7
CVE:CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.)
Original documentdocumentDaniele Bianco, [oCERT-2011-002] libavcodec insufficient boundary check (12.08.2011)

CA ARCserve D2D unauthorized access
updated since 26.07.2011
Published:12.08.2011
Source:
SecurityVulns ID:11817
Type:remote
Threat Level:
6/10
Description:Information leakage and code execution while processing TCP/8014 HTTP RPC request.
Affected:CA : ARCserve D2D 15
Original documentdocumentCA, CA20110809-01: Security Notice for CA ARCserve D2D (12.08.2011)
 documentCA, Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials (10.08.2011)
 documentrgod, CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution (26.07.2011)

HP Palm WebOS crossite scripting
Published:12.08.2011
Source:
SecurityVulns ID:11856
Type:client
Threat Level:
5/10
Description:Crossite scripting in Contacts and Calendar applications.
Affected:HP : webOS 3.0
CVE:CVE-2011-2409 (Cross-site scripting (XSS) vulnerability in the Calendar application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-2408 (Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code (12.08.2011)
 documentHP, [security bulletin] HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code (12.08.2011)

HP ProLiant SL Advanced Power Manager unauthorized access
Published:12.08.2011
Source:
SecurityVulns ID:11857
Type:remote
Threat Level:
5/10
Affected:HP : SL-APM 1.11
CVE:CVE-2011-2405 (The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBHF02699 SSRT100592 rev.1 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure (12.08.2011)

Adobe Shockwave Player multiple security vulnerabilities
updated since 12.08.2011
Published:17.08.2011
Source:
SecurityVulns ID:11849
Type:remote
Threat Level:
7/10
Description:Multiple memory corruptions.
Affected:ADOBE : Shockwave Player 11.6
CVE:CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file.)
 CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4308.)
 CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19) (17.08.2011)
Files:Security update available for Adobe Shockwave Player

Adobe Flash Player multiple security vulnerabilities
updated since 12.08.2011
Published:27.08.2011
Source:
SecurityVulns ID:11851
Type:client
Threat Level:
8/10
Description:Memory corruptions, buffer overflows, integer overflows, crossite scripting.
Affected:ADOBE : Flash Player 10.3
 ADOBE : AIR 2.7
CVE:CVE-2011-2425 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.)
 CVE-2011-2417 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.)
 CVE-2011-2416 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.)
 CVE-2011-2415 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.)
 CVE-2011-2414 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.)
 CVE-2011-2140 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.)
 CVE-2011-2139 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.)
 CVE-2011-2138 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.)
 CVE-2011-2137 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.)
 CVE-2011-2136 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.)
 CVE-2011-2135 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.)
 CVE-2011-2134 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.)
 CVE-2011-2130 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.)
Original documentdocumentZDI, ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability (27.08.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21) (17.08.2011)
 documentZDI, ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability (17.08.2011)
 documentIDEFENSE, iDefense Security Advisory 08.09.11: Adobe Flash Player ActionScript Display Memory Corruption Vulnerability (12.08.2011)
 documentIDEFENSE, iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow (12.08.2011)
Files:Security update available for Adobe Flash Player

HP Easy Printer Care Software ActiveX unauthorized access
updated since 12.08.2011
Published:16.01.2012
Source:
SecurityVulns ID:11854
Type:client
Threat Level:
6/10
Description:Files write access is possible.
CVE:CVE-2011-4787 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.)
 CVE-2011-4786 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.)
 CVE-2011-2404 (The HPTicketMgr.dll ActiveX control in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors.)
Original documentdocumentZDI, ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability (16.01.2012)
 documentZDI, ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability (16.01.2012)
 documentZDI, ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability (17.08.2011)
 documentHP, [security bulletin] HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code (12.08.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod