Computer Security
[EN] securityvulns.ru no-pyccku


Checkpoint VPN privilege escalation
Published:15.03.2011
Source:
SecurityVulns ID:11501
Type:local
Threat Level:
5/10
Description:It's possible to obtain Local System privileges.
Original documentdocumentThierry Zoller, Checkpoint VPN - Priviledge Escalation (15.03.2011)

QNX Neutrino RTOS privilege escalation
Published:15.03.2011
Source:
SecurityVulns ID:11502
Type:local
Threat Level:
5/10
Description:It's possible to overwrite files via LD_DEBUG_OUTPUT for suid applications.
Affected:QNX : Neutrino RTOS 6.5
Original documentdocumentTim Brown, Medium severity flaw in QNX Neutrino RTOS (15.03.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.03.2011
Published:16.03.2011
Source:
SecurityVulns ID:11499
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WAGORA : W-Agora 4.2
 SAP : NetWeaver 7.0
 JOOMLA : Joomla! 1.5
 FGSSTUDIO : WebManager-Pro 7.4
 BBPRESS : bbPress 1.0
 JOOMLA : Joomla! 1.6
 LOTUSCMS : LotusCMS 3.0
 XTCOMMERCE : xt:Commerce 4.0
 OXIDESALES : OXID eShop 4.4
 SUGARCRM : SugarCRM 6.1
Original documentdocumentAlexandr Polyakov, [DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS (16.03.2011)
 documentMustLive, XSS, LFI и BT уязвимости в W-Agora (16.03.2011)
 documentAlexandr Polyakov, [DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS (16.03.2011)
 documentRedTeam Pentesting, [RT-SA-2011-002] SugarCRM list privilege restriction bypass (15.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22877: Path disclosure in xt:Commerce (15.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22882: Path disclosure in OXID eShop (15.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22888: File Content Disclosure in LotusCMS (15.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22883: XSS vulnerability in LotusCMS (15.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22884: XSS vulnerability in LotusCMS (15.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22885: XSS vulnerability in LotusCMS (15.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22886: XSRF (CSRF) in LotusCMS (15.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22887: XSS vulnerability in LotusCMS (15.03.2011)
 documentcdx.security_(at)_gmail.com, BoutikOne Multiples SQL Injection Vulnerability (15.03.2011)
 documentAlexandr Polyakov, [DSECRG-11-009] SAP NetWaver XI SOAP Adapter - XSS (15.03.2011)
 documentAlexandr Polyakov, [DSECRG-11-010] SAP NetWeaver logon.html - XSS (15.03.2011)
 documentYGN Ethical Hacker Group, Joomla! 1.6.0 | SQL Injection Vulnerability (15.03.2011)
 documentYGN Ethical Hacker Group, Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability (15.03.2011)
 documentYGN Ethical Hacker Group, bbPress 1.0.2 <= Cross Site Scripting Vulnerability (15.03.2011)
 documentYGN Ethical Hacker Group, bbPress 1.0.2 <= Cross Site Scripting Vulnerability (15.03.2011)
 documentMustLive, IAA и XSS уязвимости в CMS WebManager-Pro (15.03.2011)
 documentMustLive, Уязвимость в sfWpCumulusPlugin для symfony (15.03.2011)

HP Client Automation code execution
updated since 15.03.2011
Published:23.03.2011
Source:
SecurityVulns ID:11500
Type:remote
Threat Level:
5/10
Description:Code execution with radexecd.exe (TCP/3465).
CVE:CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentZDI, ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability (23.03.2011)
 documentHP, [security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code (15.03.2011)

Apache Tomcat protection bypass
updated since 15.03.2011
Published:17.05.2011
Source:
SecurityVulns ID:11503
Type:library
Threat Level:
5/10
Description:@ServletSecurity parameters are ignored.
Affected:APACHE : Tomcat 7.0
CVE:CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.)
 CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.)
 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.)
Original documentdocumentAPACHE, [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass (17.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass (15.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod