Computer Security
[EN] securityvulns.ru no-pyccku


Sophos Anti-Virus privilege escalation
Published:15.06.2010
Source:
SecurityVulns ID:10929
Type:client
Threat Level:
5/10
Description:Memory corruptio on system calls processing.
Original documentdocumentZDI, TPTI-10-03: Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation Vulnerability (15.06.2010)

McAfee UTM Firewall crossite scripting
Published:15.06.2010
Source:
SecurityVulns ID:10931
Type:remote
Threat Level:
4/10
Description:Crossite scripting in administration interface.
Original documentdocumentAdam Baldwin, McAfee UTM Firewall Help Reflected Cross-Site Scripting (15.06.2010)

D-Link DI-604 router vulnerabilities
Published:15.06.2010
Source:
SecurityVulns ID:10932
Type:remote
Threat Level:
4/10
Description:Crossite scripting, buffer overflow in administration interface.
Affected:DLINK : D-Link DI-604
Original documentdocumentEwerson GuimarŠ³es (Crash) - Dclabs, Dlink Di-604 router authenticated user ping tool Xss and DoS (15.06.2010)

Cisco Unified Contact Center Express directory traversal
Published:15.06.2010
Source:
SecurityVulns ID:10934
Type:remote
Threat Level:
6/10
Description:Directory traversal in TCP/6295 service, DoS.
Affected:CISCO : Cisco Unified Contact Center Express 8.0
 CISCO : Cisco Unified Contact Center Express 7.0
 CISCO : Cisco Unified Contact Center Express 6.0
 CISCO : Cisco Unified Contact Center Express 5.0
CVE:CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.)
 CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message.)
Original documentdocumentCISCO, Cisco Security Advisory: Vulnerabilities in Cisco Unified Contact Center Express (15.06.2010)

Cisco Application Extension Platform privilege escalation
Published:15.06.2010
Source:
SecurityVulns ID:10935
Type:local
Threat Level:
5/10
Description:Privileged actions may be performed by unprivileged user via API.
Affected:CISCO : Cisco Application Extension Platform 1.0
 CISCO : Cisco Application Extension Platform 1.1
 CISCO : Cisco Application Extension Platform 1.5
CVE:CVE-2010-1572 (Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Application Extension Platform Privilege Escalation Vulnerability (15.06.2010)

Linksys WAP54G access point unauthroized access
updated since 15.06.2010
Published:23.06.2010
Source:
SecurityVulns ID:10933
Type:remote
Threat Level:
6/10
Description:Debug interface with hardcoded Gemtek/gemtekswd account is available.
Affected:LINKSYS : Linksys WAP54G
Original documentdocumentCristofaro Mune, IS-2010-003 - Linksys WAP54Gv3 debug.cgi Cross-Site Scripting (23.06.2010)
 documentCristofaro Mune, IS-2010-002 - Linksys WAP54Gv3 Remote Debug Root Shell (15.06.2010)

Juniper Secure Access crossite scripting
updated since 15.06.2010
Published:18.07.2010
Source:
SecurityVulns ID:10930
Type:remote
Threat Level:
4/10
Description:Administration interface crossite scripting.
Original documentdocumentProCheckUp Research, PR09-16: Juniper Secure Access series (Juniper IVE) Cross-Site Scripting Vulnerability (18.07.2010)
 documentProCheckUp Research, PR09-17: Juniper Secure Access seriers (Juniper IVE) authenticated XSS & REDIRECTION (15.06.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod