Computer Security
[EN] securityvulns.ru no-pyccku


Novell Netware SSH buffer overflow
updated since 06.09.2010
Published:14.09.2010
Source:
SecurityVulns ID:11118
Type:remote
Threat Level:
6/10
Description:Buffer overflow on oversized SCP GET request.
Affected:NOVELL : Netware 6.5
Original documentdocumentZDI, ZDI-10-169: Novell Netware SSHD.NLM Remote Code Execution Vulnerability (14.09.2010)
 documentFrancis Provencher, {PRL} Novell Netware OpenSSH Remote Stack Overflow (06.09.2010)

Apple WebKit / Safari multiple security vulnerabilities
Published:14.09.2010
Source:
SecurityVulns ID:11137
Type:remote
Threat Level:
7/10
Description:Code execution, memory corruptions.
Affected:APPLE : Safari 5.0
 APPLE : Safari 4.1
CVE:CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.)
 CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.)
 CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.)
Original documentdocumentZDI, ZDI-10-170: Apple Safari Webkit Runin Remote Code Execution Vulnerability (14.09.2010)
 documentAPPLE, About the security content of Safari 5.0.2 and Safari 4.1.2 (14.09.2010)

IBM Proventia Mail Security System multiple security vulnerabilities
Published:14.09.2010
Source:
SecurityVulns ID:11138
Type:remote
Threat Level:
6/10
Description:Crossite scripting, code execution, request spoofing.
Affected:IBM : Proventia Network Mail Security System 1.6
 IBM : Proventia Network Mail Security System 2.5
CVE:CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter.)
 CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability.")
 CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks.)
 CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters.)
Original documentdocumentmarian.ventuneac_(at)_gmail.com, MVSA-10-009 / CVE-2010-0155 - IBM Proventia Network Mail Security System - CRLF Injection vulnerability (14.09.2010)
 documentmarian.ventuneac_(at)_gmail.com, MVSA-10-008 / CVE-2010-0154 - IBM Proventia Mail Security System - Insecure Direct Object Reference vulnerability (14.09.2010)
 documentmarian.ventuneac_(at)_gmail.com, MVSA-10-006 / CVE-2010-0153 - IBM Proventia Network Mail Security System - Cross-Site Request Forgery vulnerabilities (14.09.2010)
 documentmarian.ventuneac_(at)_gmail.com, MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities (14.09.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.09.2010
Source:
SecurityVulns ID:11139
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OCSINVENTORY : OCS Inventory NG 1.02
CVE:CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.)
 CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.)
 CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.)
 CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2097-2] New phpmyadmin packages fix several vulnerabilities (14.09.2010)
 documentMANDRIVA, [ MDVSA-2010:178 ] ocsinventory (14.09.2010)

rpm hard links vulnerability
Published:14.09.2010
Source:
SecurityVulns ID:11140
Type:local
Threat Level:
5/10
Description:Race conditions for file spoofing.
Affected:RPM : rpm 4.8
CVE:CVE-2010-2059 (lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.)
 CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:180 ] rpm (14.09.2010)

MailEnable SMTP server DoS conditions
Published:14.09.2010
Source:
SecurityVulns ID:11141
Type:remote
Threat Level:
5/10
Description:Uninitialized memory reference during logging on MAIL FROM / RCPT TO commands.
Affected:MAILENABLE : MailEnable 4.25
CVE:CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error.")
Original documentdocumentSECUNIA, Secunia Research: MailEnable SMTP Service Two Denial of Service Vulnerabilities (14.09.2010)

Wireshark sniffer multiple security vulnerabilities
updated since 14.06.2010
Published:14.09.2010
Source:
SecurityVulns ID:10928
Type:remote
Threat Level:
5/10
Description:Multiple DoS conditions, buffer overflow.
Affected:WIRESHARK : Wireshark 1.2
 WIRESHARK : Wireshark 1.4
CVE:CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.)
 CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.)
 CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.)
 CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
 CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
Original documentdocumentyangdn_(at)_nipc.org.cn, Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service (14.09.2010)
 documentDEBIAN, [SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities (02.09.2010)
 documentMANDRIVA, [ MDVSA-2010:113 ] wireshark (14.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod