Computer Security
[EN] securityvulns.ru no-pyccku


Apple Webkit / Safari multiple security vulnerabilities
updated since 08.08.2010
Published:14.08.2010
Source:
SecurityVulns ID:11040
Type:library
Threat Level:
9/10
Description:Information leak, crossdomain access, buffer overflows, memory corruptions.
Affected:APPLE : Safari 5.0
 APPLE : Safari 4.1
CVE:CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.)
 CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.)
 CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.)
 CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.)
 CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue.")
 CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.)
 CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.)
 CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.)
 CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.)
 CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.)
 CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.)
 CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.)
 CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.)
 CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.)
 CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.)
Original documentdocumentZDI, ZDI-10-154: Apple Webkit Button First-Letter Style Rendering Remote Code Execution Vulnerability (14.08.2010)
 documentZDI, ZDI-10-153: Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability (14.08.2010)
 documentZDI, ZDI-10-152: Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability (14.08.2010)
 documentZDI, ZDI-10-144: Apple Webkit Rendering Counter Remote Code Execution Vulnerability (11.08.2010)
 documentZDI, ZDI-10-146: Apple Webkit Anchor Tag Mouse Click Event Dispatch Remote Code Execution Vulnerability (11.08.2010)
 documentZDI, ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability (08.08.2010)
 documentZDI, ZDI-10-142: Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability (08.08.2010)
 documentAPPLE, About the security content of Safari 5.0.1 and Safari 4.1.1 (08.08.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.08.2010
Source:
SecurityVulns ID:11070
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SQUIRRELMAIL : squirrelmail 1.4
 MAPSERVER : mapserver 5.6
 WORDPRESS : WordPress 3.0
 SYNTAXCMS : SyntaxCMS 1.3
 HU:LIHAN : Onyx 0.3
 HULIHAN : Mystic 0.1
CVE:CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.)
 CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.)
 CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.)
 CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Onyx (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Onyx (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in SyntaxCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in SyntaxCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Edit-X CMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in i-Web Suite (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in i-Web Suite (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, Local File Inclusion in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, Local File Inclusion in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue (14.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution (14.08.2010)

gmime library buffer overflow
Published:14.08.2010
Source:
SecurityVulns ID:11071
Type:library
Threat Level:
5/10
CVE:CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2082-1] New gmime2.2 packages fix arbitrary code execution (14.08.2010)

Quick 'n Easy WEB Server / Quick 'n Easy FTP Server DoS
Published:14.08.2010
Source:
SecurityVulns ID:11072
Type:remote
Threat Level:
5/10
Description:Large number of established connections causes server to crash.
Affected:QUICKNEASY : Quick 'n Easy WEB Server 3.3
 QUICKNEASY : Quick 'n Easy FTP Server 3.2
Original documentdocumentRodrigo Escobar, [DCA-0007] Quick 'n Easy FTP Server v3.2 (14.08.2010)
 documentRodrigo Escobar, [DCA-0008] Quick 'n Easy WEB Server DoS (14.08.2010)

Baby ASP Web Server / FTP Server / POP Server DoS
Published:14.08.2010
Source:
SecurityVulns ID:11073
Type:remote
Threat Level:
5/10
Description:Large number of established connections causes server to crash.
Affected:BABY : Baby FTP Server 1.24
 BABY : Baby ASP Web Server 2.7
 BABY : Baby POP Server 1.04
Original documentdocumentRodrigo Escobar, [DCA-0006] Baby ASP Web Server DoS (14.08.2010)
 documentRodrigo Escobar, [DCA-0004] Baby FTP Server DoS (14.08.2010)
 documentRodrigo Escobar, [DCA-0005] Baby POP Server DoS (14.08.2010)

libpurple library / Pidgin DoS
Published:14.08.2010
Source:
SecurityVulns ID:11074
Type:library
Threat Level:
5/10
Description:NULL pointer dereference on OSCAR protocol messages parsing (ICQ, AIM)
Affected:PIDGIN : pidgin 2.7
 LIBPURPLE : libpurple 2.7
CVE:CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:148 ] pidgin (14.08.2010)

libmikmod multiple buffer overflows
updated since 08.02.2010
Published:14.08.2010
Source:
SecurityVulns ID:10594
Type:library
Threat Level:
5/10
Description:Multiple overflows on Impulse Tracker and Ultratracker format parsing.
Affected:MIKMOD : libmikmod 3.1
CVE:CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.)
 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.)
 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2081-1] New libmikmod packages fix arbitrary code execution (14.08.2010)
 documentSECUNIA, Secunia Research: libmikmod Module Parsing Vulnerabilities (08.02.2010)

TurboFTP FTP Server directory traversal
updated since 20.06.2010
Published:14.08.2010
Source:
SecurityVulns ID:10944
Type:remote
Threat Level:
5/10
Description:Directory traversal via mkdir and move command.
Affected:TURBOSOFT : TurboFTP Server 1.20
Original documentdocumentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in TurboFTP Server (14.08.2010)
 documentleinakesi_(at)_gmail.com, TurboFTP Server Directory Traversal Vulnerability (20.06.2010)

kvirc IRC client multiple security vulnerabilities
updated since 29.06.2010
Published:14.08.2010
Source:
SecurityVulns ID:10961
Type:remote
Threat Level:
5/10
Description:Directory traversal, format string vulnerability.
Affected:KVIRC : kvirc 4.0
CVE:CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.)
 CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.)
 CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2078-1] New kvirc packages fix arbitrary IRC command execution (14.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2065-1] New kvirc packages fix several vulnerabilities (29.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod