Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.07.2010
Source:
SecurityVulns ID:11002
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPWCMS : PHPWCMS 1.4
 PLIGG : Pligg CMS 1.0
 PIXIE : pixie 1.0
 FESTOS : FestOS 2.3
 BABYGEKKO : Gekko Web Builder 0.90
 DSITE : DSite CMS 4.81
 CPANEL : cPanel 11.25
Original documentdocumentthomas_(at)_jsthosting.com, cPanel XSS Vulnerability (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in DSite CMS (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Gekko Web Builder (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Pligg search module (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Taggon CMS (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in WebPress (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in WebPress (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in phpwcms (16.07.2010)
 documentHigh-Tech Bridge Security Research, Stored XSS vulnerability in Pixie (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Pixie (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in FestOS (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Pixie (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in FestOS (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Pixie (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in WebPress (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in phpwcms (16.07.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in WebPress (16.07.2010)

VTE control characters vulnerability
Published:16.07.2010
Source:
SecurityVulns ID:11003
Type:library
Threat Level:
5/10
Description:Control characters are not checked when setting window or icon title, making it possible to insert terminal ESC-sequences.
Affected:VTE : vte 0.24
CVE:CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.)
Original documentdocumentUBUNTU, [USN-962-1] VTE vulnerability (16.07.2010)

Novell Groupwise multiple security vulnerabilities
updated since 16.07.2010
Published:22.07.2010
Source:
SecurityVulns ID:11000
Type:remote
Threat Level:
6/10
Description:Buffer overflow for stack buffer (stack overrun) on Webaccess Proxy feature. Buffer overflow in IMAP.
Affected:NOVELL : GroupWise 8.0
Original documentdocumentZDI, ZDI-10-135: Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities (22.07.2010)
 documentZDI, ZDI-10-129: Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability (18.07.2010)
 documentFrancis Provencher, {PRL} Novell Groupwise Internet Agent Stack Overflow (18.07.2010)
 documentFrancis Provencher, {PRL} Novell Groupwise Webaccess Stack Overflow (16.07.2010)

freetype library multiple security vulnerabilities
updated since 16.07.2010
Published:27.11.2011
Source:
SecurityVulns ID:11001
Type:library
Threat Level:
6/10
Description:Memory corruptions on fonts parsing.
Affected:FREETYPE : FreeType 2.3
 APPLE : MacOS X 10.5
 FREETYPE : FreeType 2.4
CVE:CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.)
 CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.)
 CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.)
 CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.)
 CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.)
 CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.)
 CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.)
 CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.)
 CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.)
 CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.)
 CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-1797 (Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2155-1] freetype security update (03.02.2011)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch (10.11.2010)
 documentDEBIAN, [SECURITY] [DSA-2116-1] New freetype packages integer overflow (06.10.2010)
 documentUBUNTU, [USN-972-1] FreeType vulnerabilities (19.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities (16.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod