Computer Security
[EN] securityvulns.ru no-pyccku


Cherokee Web-server DoS
updated since 05.11.2009
Published:14.06.2010
Source:
SecurityVulns ID:10376
Type:remote
Threat Level:
5/10
Description:Crash on DOS special device name.
Original documentdocumentinfo_(at)_securitylab.ir, Cherokee Web Server 0.5.3 Multiple Vulnerabilities (14.06.2010)
 documentdaniel.crowley_(at)_coresecurity.com, Re: Cherokee Web Server 0.5.4 Denial Of Service (05.11.2009)

Microsoft Windows win32k privilege escalation
updated since 08.06.2010
Published:14.06.2010
Source:
SecurityVulns ID:10909
Type:local
Threat Level:
6/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability.")
 CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability.")
 CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Kernel "GetDCEx()" Memory Corruption Vulnerability (CVE-2010-0484) (14.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-032 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) (08.06.2010)
Files:Microsoft Security Bulletin MS10-032 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)

Microsoft Office multiple security vulnerabilities
updated since 09.06.2010
Published:14.06.2010
Source:
SecurityVulns ID:10913
Type:client
Threat Level:
7/10
Description:Code execution via embedded COM objects, multiple Excel memory corruptions
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2010-1263 (Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability.")
 CVE-2010-1254 (The installation for Microsoft Open XML File Format Converter for Mac sets insecure ACLs for the /Applications folder, which allows local users to execute arbitrary code by replacing the executable with a Trojan Horse, aka "Mac Office Open XML Permissions Vulnerability.")
 CVE-2010-1253 (Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability.")
 CVE-2010-1252 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability.")
 CVE-2010-1251 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability.")
 CVE-2010-1250 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability.")
 CVE-2010-1249 (Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.)
 CVE-2010-1248 (Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability.")
 CVE-2010-1247 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.)
 CVE-2010-1246 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability.")
 CVE-2010-1245 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.)
 CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.)
 CVE-2010-0823 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.)
 CVE-2010-0822 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability.")
 CVE-2010-0821 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249) (14.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel HFPicture Buffer Overflow Vulnerability (CVE-2010-1248) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel WOPT Heap Corruption Vulnerability (CVE-2010-0824) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel RTD Stack Overflow Vulnerability (CVE-2010-1246) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel SxView Memory Corruption Vulnerability (CVE-2010-1245) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel RTD Heap Corruption Vulnerability (CVE-2010-1247) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow Vulnerability (CVE-2010-0822) (09.06.2010)
 documentZDI, ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability (09.06.2010)
 documentZDI, ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability (09.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-038 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) (09.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-036 - Important Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) (09.06.2010)
Files:Microsoft Security Bulletin MS10-036 - Important Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
 Microsoft Security Bulletin MS10-038 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.06.2010
Source:
SecurityVulns ID:10922
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:Plume : Plume CMS 1.2
 MODX : MODx CMS 1.0
 ANECMS : AneCMS 1.3
 BLUEARC : IgnitionSuite 3.0
Original documentdocumentInj3ct0r.com, Infinity 0-day Denial of Service (14.06.2010)
 documentInj3ct0r.com, ClipBucket AdminPanel edit site Vulnerability (14.06.2010)
 documentPatrick Webster, Paessler - PRTG Traffic Grapher XSS (14.06.2010)
 documentPatrick Webster, Blue Arc Group - IgnitionSuite CMS WebDMailer unsubscribe issue (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [CORE-2010-0415] SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-069]Invision Power Board - stored Cross site Scripting (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-068]Anantasoft Gazelle CMS - change admin password via Cross-site Request Forgery (14.06.2010)
 documentx0.root_(at)_gmail.com, Awcm Cms Local File Inclusion Vulnerability (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-071]phpFaber CMS - Multiple stored Cross-site Scripting issues (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability (14.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in MODx CMS and Application Framework (14.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in AneCMS (14.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in MODx CMS and Application Framework (14.06.2010)
 documentHigh-Tech Bridge Security Research, Stored XSS vulnerability in AneCMS blog module (14.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in MODx CMS (14.06.2010)

Perl protection bypass
Published:14.06.2010
Source:
SecurityVulns ID:10923
Type:local
Threat Level:
5/10
Description:Safe.pm protection bypass
Affected:PERL : perl 5.10
CVE:CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.)
 CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods.")
Original documentdocumentMANDRIVA, [ MDVSA-2010:115 ] perl (14.06.2010)

Microsoft Internet Explorer code execution
Published:14.06.2010
Source:
SecurityVulns ID:10924
Type:client
Threat Level:
8/10
Description:It's possible to execute code via hcp:// handler.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentTavis Ormandy, Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly (14.06.2010)

Multiple Sourcefire weak encryption vulnerability
Published:14.06.2010
Source:
SecurityVulns ID:10926
Type:m-i-t-m
Threat Level:
6/10
Description:Same private key is used in all devices.
Affected:SOURCEFIRE : Sourcefire Defense Center 1000
 SOURCEFIRE : Sourcefire 3D Sensor 1000
 SOURCEFIRE : Sourcefire 3D Sensor 2000
 SOURCEFIRE : Sourcefire 3D Sensor 9900
Original documentdocumentZDI, ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability (14.06.2010)

pcsc-lite buffer overflow
Published:14.06.2010
Source:
SecurityVulns ID:10927
Type:local
Threat Level:
5/10
Description:PCSCD buffer overflow
Affected:PCSCLITE : pcsc-lite 1,4
CVE:CVE-2010-0407 (Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2059-1] New pcsc-lite packages fix privilege escalation (14.06.2010)

Apache mod_proxy_http information leak
updated since 14.06.2010
Published:19.08.2010
Source:
SecurityVulns ID:10925
Type:remote
Threat Level:
4/10
Description:Under some conditions, server reply may be sent to wrong client.
Affected:APACHE : Apache 2.2
CVE:CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.)
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:153 ] apache (19.08.2010)
 documentAPACHE, [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068 (14.06.2010)

Wireshark sniffer multiple security vulnerabilities
updated since 14.06.2010
Published:14.09.2010
Source:
SecurityVulns ID:10928
Type:remote
Threat Level:
5/10
Description:Multiple DoS conditions, buffer overflow.
Affected:WIRESHARK : Wireshark 1.2
 WIRESHARK : Wireshark 1.4
CVE:CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.)
 CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.)
 CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.)
 CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
 CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
Original documentdocumentyangdn_(at)_nipc.org.cn, Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service (14.09.2010)
 documentDEBIAN, [SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities (02.09.2010)
 documentMANDRIVA, [ MDVSA-2010:113 ] wireshark (14.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod