 |
|
|
|
Quick Heal Antiviral products weak permissions
updated since 13.10.2009 | | Published: |  | 16.12.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10308 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Weak permissions on installation folder. |
| Kaspersky Lab Multiple products privilege escalation | | Published: | | 16.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10475 | | Type: | | local | | Level: | | 6/10 | | Description: | | BASES directory contains executable files and has weak security permissions. |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 16.12.2009 | | Source: | | | | SecurityVulns ID: | | 10477 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | CACTI : cacti 0.8 | | | | FAMILICMS : Family Connections 2.1 | | | | WORDPRESS : WP-Forum 2.3 | | CVE: |  | CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.) | | | | CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.) |
| VideoCache for squid privilege escalation | | Published: | | 16.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10476 | | Type: | | local | | Level: | | 4/10 | | Description: | | It's possible to elevate privileges from squid to root user if root executes vccleane script. |
| Easy File Sharing Web Server information leak | | Published: | | 16.12.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10478 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Access to files.sdb file is allowed. |
Cisco WebEx Recording Format Player multiple security vulnerabilities
updated since 16.12.2009 | | Published: | | 02.02.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10474 | | Type: | | client | | Level: | | 5/10 | | Description: | | Multiple vulnerabilities on .wrf / .arf files parsing. |
| Affected: | | CISCO : Cisco WebEx Recording Format Player 27.10 | | | | CISCO : Cisco WebEx Recording Format Player 27.21 | | CVE: | | CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed.) | | | | CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.) | | | | CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.) | | | | CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044.) | | | | CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.) | | | | CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044.) | | | | CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.) | | | | CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.) | | | | CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879.) | | | | CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.) | | | | CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.) | | | | CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.) |
|
|
|
|
|
|
|
|
