Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.04.2011
Source:
SecurityVulns ID:11586
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPALBUMNET : phpAlbum.net 0.4
 WORDPRESS : Mimbo Pro 2.3
Original documentdocumentMustLive, Уязвимости в теме Mimbo Pro для WordPress (14.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22922: XSS vulnerabilities in phpAlbum.net (14.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22923: XSRF (CSRF) in phpAlbum.net (14.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22924: Arbitrary Command Execution in phpAlbum.net (14.04.2011)

MIT Kerberos 5 memory corruption
Published:14.04.2011
Source:
SecurityVulns ID:11587
Type:remote
Threat Level:
5/10
Description:Invalid pointer free() during password change request processing.
Affected:MIT : krb5 1.7
 MIT : krb5 1.8
CVE:CVE-2011-0285 (The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.)
Original documentdocumentMIT, MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285] (14.04.2011)

GIMP multiple security vulnerabilities
Published:14.04.2011
Source:
SecurityVulns ID:11589
Type:local
Threat Level:
4/10
Description:Memory corruption on different data formats parsing.
Affected:GNU : gimp 2.6
CVE:CVE-2011-1782 (Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543.)
 CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.)
 CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.)
 CVE-2010-4542 (Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.)
 CVE-2010-4541 (Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.)
 CVE-2010-4540 (Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.)
Original documentdocumentUBUNTU, [USN-1109-1] GIMP vulnerabilities (14.04.2011)

HP-UX NFS/ONCplus DoS
Published:14.04.2011
Source:
SecurityVulns ID:11590
Type:remote
Threat Level:
5/10
CVE:CVE-2011-0896 (Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS) (14.04.2011)

VLC mediaplayer buffer overflow
Published:14.04.2011
Source:
SecurityVulns ID:11591
Type:local
Threat Level:
5/10
Description:Heap oveflow on MP4 parsing.
Affected:VLC : vlc 1.1
Original documentdocumentDEBIAN, [SECURITY] [DSA 2218-1] vlc security update (14.04.2011)

Linksys WRT54G information leakage
Published:14.04.2011
Source:
SecurityVulns ID:11592
Type:remote
Threat Level:
5/10
Description:Access passwords are stored in the files available via anonymous FTP.
Affected:CISCO : Linksys WRT54G
Original documentdocumentrafdw_(at)_poczta.fm, Linksys WRT54G - read router password from file placed on FTP (14.04.2011)

Microsoft Reader integer overflows
Published:14.04.2011
Source:
SecurityVulns ID:11593
Type:local
Threat Level:
4/10
Description:Integer overflows on different formats parsing.
Original documentdocumentLuigi Auriemma, Vulnerabilities in Microsoft Reader and HIS (14.04.2011)

McAfee Firewall Reporter unauthenticated access
Published:14.04.2011
Source:
SecurityVulns ID:11594
Type:remote
Threat Level:
5/10
Description:Bug in application logic allows authentication bypass.
Original documentdocumentZDI, ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability (14.04.2011)

HP Photosmart printers security vulnerabilities
Published:14.04.2011
Source:
SecurityVulns ID:11596
Type:remote
Threat Level:
5/10
Description:Unauthorized access, crossite scripting.
Affected:HP : Photosmart D110
 HP : Photosmart B110
 HP : Photosmart Plus B210
 HP : Photosmart Premium C310
 HP : Photosmart Premium C510
 HP : ENVY 100 D410
CVE:CVE-2011-1533 (Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1532 (Unspecified vulnerability in the SNMP component on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to obtain sensitive information or modify data via vectors related to the Embedded Web Server (EWS).)
 CVE-2011-1531 (The webscan component in the Embedded Web Server (EWS) on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to read documents on the scan surface via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBPI02656 SSRT090262 rev.1 - Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS) (14.04.2011)

RealNetworks RealPlayer code execution
Published:14.04.2011
Source:
SecurityVulns ID:11597
Type:client
Threat Level:
5/10
Description:Code execution via .rnx files.
CVE:CVE-2011-1426 (The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file.)
Original documentdocumentZDI, ZDI-11-122: RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability (14.04.2011)

TOTVS ERP Microsiga Protheus buffer overflow
Published:14.04.2011
Source:
SecurityVulns ID:11598
Type:remote
Threat Level:
5/10
Description:Buffer overflow on network request parsing.
Original documentdocumentFlavio do Carmo Junior aka waKKu, [DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption (14.04.2011)

VeryPDF PDF Extract TIFF library multiple security vulnerabilities
Published:14.04.2011
Source:
SecurityVulns ID:11599
Type:library
Threat Level:
5/10
Description:Multiple vulnerabilities on PDF parsing.
Original documentdocumentHenri Lindberg, nSense-2011-001: VeryPDF pdf2tif (14.04.2011)

Linux kernel EFI/XFS DoS
updated since 14.04.2011
Published:25.05.2011
Source:
SecurityVulns ID:11588
Type:local
Threat Level:
4/10
Description:Buffer overflow on partiotion GUID parsing.
Affected:LINUX : kernel 2.6
CVE:CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.)
 CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.)
 CVE-2011-0711 (The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.)
Original documentdocumentUBUNTU, [USN-1133-1] Linux kernel vulnerabilities (25.05.2011)
 documentTimo Warns, [PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel (12.05.2011)
 documentTimo Warns, [PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel (14.04.2011)

Novell ZENworks Asset Management directory traversal
updated since 14.04.2011
Published:11.12.2011
Source:
SecurityVulns ID:11595
Type:remote
Threat Level:
5/10
Description:Directory traversal on file upload.
Affected:NOVELL : ZENworks Asset Management 7.5
CVE:CVE-2011-2653 (Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.)
 CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.)
Original documentdocumentZDI, ZDI-11-342 : Novell ZENworks Asset Management Remote Code Execution Vulnerability (11.12.2011)
 documentZDI, ZDI-11-118: Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability (14.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod