Computer Security
[EN] securityvulns.ru no-pyccku


Skype multiple security vulnerabilities
Published:15.03.2010
Source:
SecurityVulns ID:10691
Type:client
Threat Level:
7/10
Description:Code execution and unauthorized files access on URI processing.
Affected:SKYPE : Skype 4.1
Original documentdocumentPaul Craig, Skype URI Handler Input Validation (15.03.2010)
 documentZDI, ZDI-10-027: Skype Protocol Handler datapath Argument Injection Remote Code Execution Vulnerability (15.03.2010)
 documentZDI, ZDI-10-028: Skype URI Processing Arbitrary XML File Deletion Vulnerability (15.03.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.03.2010
Published:15.03.2010
Source:
SecurityVulns ID:10690
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EGROUPWARE : Egroupware 1.4
 PHPFUSION : PHP-Fusion 6.01
 DRUPAL : Drupal 6.6
 PHPMYADMIN : phpMyAdmin 3.3
 PHPFUSION : PHP-Fusion 7.0
 CLANPORTAL : Clanportal 1.5
 DESKTOPONNET : DesktopOnNet 3
 DIRECTADMIN : DirectAdmin 1.35
 MOINMOIN : MoinMoin 1.9
 ANANTASOFT : Ananta Gazelle 1.0
CVE:CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.)
 CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.)
 CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.)
Original documentdocumentfaghani_(at)_nsec.ir, Pars CMS SQL Injection Vulnerability (15.03.2010)
 documentfaghani_(at)_nsec.ir, Zigurrat CMS SQL Injection Vulnerability (15.03.2010)
 documentadmin_(at)_bugreport.ir, Ananta Gazelle SQL Injection Vulnerability (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2016-1] New drupal6 packages fix several vulnerabilities (15.03.2010)
 documentDEBIAN, [XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface! (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2013-1] New egroupware packages fix several vulnerabilities (15.03.2010)
 documentDEBIAN, [SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities (15.03.2010)
 documentInj3ct0r.com, DirectAdmin <= v1.35.1 XSS vuln. (15.03.2010)
 documentInj3ct0r.com, deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability (15.03.2010)
 documentInj3ct0r.com, DesktopOnNet 3 Beta9 Local File Include Vulnerability (15.03.2010)
 documentInj3ct0r.com, PHP-Fusion-AP-7.00.2-Rus (search.php) disclosure ways (15.03.2010)
 documentInj3ct0r.com, PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability (15.03.2010)
 documentInj3ct0r.com, PHP-fusion-6-01-18 (members.php) disclosure ways (15.03.2010)
 documentMustLive, Vulnerabilities in VXDate for Joomla (15.03.2010)

SUPERAntiSpyware / SuperADBlocker multiple security vulnerabilities
Published:15.03.2010
Source:
SecurityVulns ID:10693
Type:local
Threat Level:
5/10
Description:Multiple DoS conditions, information leaks, privilege escalation, memory corruptions.
Affected:SUPERANTISPYWARE : SUPERAntiSpyware 4.34
 SUPERADBLOCKER : SuperAdBlocker 4.6
Original documentdocumentLuka Milkovic, Multiple vulnerabilities in SUPERAntiSpyware and Super Ad Blocker (15.03.2010)

Adobe Acrobat and Reader multiple security vulnerabilities
updated since 17.01.2010
Published:15.03.2010
Source:
SecurityVulns ID:10516
Type:client
Threat Level:
8/10
Description:Code executions, memory corruptions, buffer overflow, integer overflow, DoS on PDF parsing.
Affected:ADOBE : Reader 8.1
 ADOBE : Acrobat 8.1
 ADOBE : Reader 9.2
 ADOBE : Acrobat 9.2
 ADOBE : Acrobat 9.3
 ADOBE : Reader 9.3
CVE:CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.)
 CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.)
 CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.)
 CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.)
 CVE-2009-3956 (The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.)
 CVE-2009-3955 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.)
 CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability.")
 CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.)
Original documentdocumentvillys777_(at)_gmail.com, CVE-2010-0188 Exploit Code (15.03.2010)
 documentIDEFENSE, iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability (17.01.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability (17.01.2010)
 documentADOBE, Security updates available for Adobe Reader and Acrobat (17.01.2010)
 documentCERT, US-CERT Technical Cyber Security Alert TA10-013A -- Adobe Reader and Acrobat Vulnerabilities (17.01.2010)
Files:Adobe PDF LibTiff Integer Overflow Code Execution

WebKit / Apple Safari / Google Chrome multiple security vulnerabilities
updated since 15.03.2010
Published:17.03.2010
Source:
SecurityVulns ID:10692
Type:library
Threat Level:
7/10
Description:Use-after-free, integer overflow, clickjacking.
Affected:APPLE : Safari 4.0
 GOOGLE : Chrome 3.0
CVE:CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.)
 CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.)
Original documentdocumentZDI, ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability (17.03.2010)
 documentZDI, ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability (17.03.2010)
 documentMichal Zalewski, ...because you can't get enough of clickjacking (16.03.2010)
 documentZDI, ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability (16.03.2010)
 documentVUPEN Security Research, VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability (15.03.2010)
 documentIDEFENSE, iDefense Security Advisory 03.11.10: Multiple Vendor WebKit HTML Element Use After Free Vulnerability (15.03.2010)
Files:Browsers focus hijack demonstration

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod