Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.05.2011
Source:
SecurityVulns ID:11672
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MITEL : Mitel Audio and Web Conferencing 4.4
 EMC : ourceOne Email Management 6.6
 EMC : ourceOne Email Management 6.5
Original documentdocumentEMC, ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability (16.05.2011)
 documentProCheckUp Research, PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing) (16.05.2011)

FastStone multiple security vulnerabilities
Published:16.05.2011
Source:
SecurityVulns ID:11673
Type:local
Threat Level:
4/10
Description:Multiple vulnerabilities on ZIP files processing.
Original documentdocumentStefan Kanthak, Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer (16.05.2011)

Linux kernel ICMP DoS
Published:16.05.2011
Source:
SecurityVulns ID:11674
Type:remote
Threat Level:
8/10
Description:Crash on ICMP handling may be blindly remotely exploited from spoofed addresses.
Affected:LINUX : kernel 2.6
Original documentdocumentroberto.paleari_(at)_emaze.net, Linux Kernel 2.6.38 Remote NULL Pointer Dereference (16.05.2011)

Novell eDirectoryr / Netware DoS
Published:16.05.2011
Source:
SecurityVulns ID:11675
Type:remote
Threat Level:
5/10
Description:Memory exhaustion on LDAP-SSL processing.
Original documentdocumentHenri Lindberg, NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon (16.05.2011)
Files:Exploits Novell eDirectory/Netware LDAP-SSL daemon vulnerability

Adobe Audition buffer overflow
Published:16.05.2011
Source:
SecurityVulns ID:11677
Type:local
Threat Level:
3/10
Description:Buffer overflow on .ses files parsing.
Affected:ADOBE : Audition 3.0
CVE:CVE-2011-0615 (Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data in unspecified fields in the TRKM chunk in an Audition Session (aka .ses) file, related to inconsistent use of character data types.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0204: Adobe Audition vulnerability processing malformed session file (16.05.2011)

apr / Apache mod_autoindex DoS
updated since 16.05.2011
Published:21.05.2011
Source:
SecurityVulns ID:11676
Type:remote
Threat Level:
5/10
Description:CPU resources exhaustion on request to indexed files with long names.
Affected:APACHE : apr 1.4
CVE:CVE-2011-1928 (The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.)
 CVE-2011-0419 (Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:095 ] apr (21.05.2011)
 documentMaksymilian Arciemowicz, Multiple Vendors libc/fnmatch(3) DoS (incl apache poc) (16.05.2011)
 documentDEBIAN, [SECURITY] [DSA 2237-1] apr security update (16.05.2011)

Wireshark multiple security vulnerabilities
updated since 16.05.2011
Published:02.06.2011
Source:
SecurityVulns ID:11678
Type:remote
Threat Level:
4/10
Description:Multiple vulnerabilities on .pcap files parsing.
CVE:CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.)
 CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.)
 CVE-2011-1590 (The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:105 ] wireshark (02.06.2011)
 documentMANDRIVA, [ MDVSA-2011:083 ] wireshark (16.05.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod