Computer Security
[EN] securityvulns.ru no-pyccku


McAfee ePolicy Orchestrator security vulnerability
updated since 15.07.2013
Published:16.07.2013
Source:
SecurityVulns ID:13167
Type:remote
Threat Level:
7/10
Description:Few vulnerabilities are used in-the-wild to compromise corporate networks.
Affected:MCAFEE : ePolicy Orchestrator 4.5
 MCAFEE : ePolicy Orchestrator 4.6
CVE:CVE-2013-0141 (Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.)
 CVE-2013-0140 (SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.)
Original documentdocumentMCAFEE, Re: Multiple vulnerabilities in McAfee ePO 4.6.6 (16.07.2013)
 documentNCIRC INFOSEC EVAL, Multiple vulnerabilities in McAfee ePO 4.6.6 (15.07.2013)
 documentCERT, TA13-193A: Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO) (15.07.2013)

PHP memory corruption
updated since 15.07.2013
Published:16.07.2013
Source:
SecurityVulns ID:13189
Type:library
Threat Level:
7/10
Description:Memory corruption in XML parsing, jdtojewish function DoS.
Affected:PHP : PHP 5.3
CVE:CVE-2013-4635 (Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.)
 CVE-2013-4113 (ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.)
Original documentdocumentGabriel Maggiotti, Re: [ MDVSA-2013:195 ] php (16.07.2013)
 documentMANDRIVA, [ MDVSA-2013:195 ] php (15.07.2013)

squid DoS
updated since 16.07.2013
Published:29.07.2013
Source:
SecurityVulns ID:13190
Type:remote
Threat Level:
7/10
Description:Crash on invalid Host: header.
Affected:SQUID : squid 3.3
CVE:CVE-2013-4115 (Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:199 ] squid (29.07.2013)
 documentHI-TECH ., Squid-3.3.5 DoS PoC (16.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod