Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Flash Player memory corruption
Published:17.06.2011
Source:
SecurityVulns ID:11742
Type:client
Threat Level:
7/10
Affected:ADOBE : Flash Player 10.3
CVE:CVE-2011-2110 (Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.)
Files:Security update available for Adobe Flash Player

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 17.06.2011
Published:19.06.2011
Source:
SecurityVulns ID:11739
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYBLOGGIE : myBloggie 2.1
 E107 : e107 0.7
 JFREE : JFreeChart 1.0
 FREESIMPLESOFT : Free Simple CMS 1.0
 NAGIOS : nagios 3.2
 REDMINE : redmine 1.0
 MINIBLOG : miniblog 1.0
 NETWORK13 : N-13 News 4.0
 LCINGA : lcinga 1.4
 EQDKP : EQDKP Plus 0.6
 MOVABLETYPE : movabletype 4.3
CVE:CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.)
 CVE-2011-1523 (Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2261-1] redmine security update (19.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2263-1] movabletype-opensource security update (19.06.2011)
 documentinfo_(at)_robinverton.de, myBloggie 2.1.6 SQL-Injection, Advanced INSERT INTO Injection technique (19.06.2011)
 documentPatrick Webster, JFreeChart - Path Disclosure vulnerability (19.06.2011)
 documentiPower N/A, EQDKP plus Cross Site Scripting and Bypass file extension (19.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2262-1] moodle security update (19.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23010: Multiple XSS & Local File Inclusion in Free Simple CMS (17.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23008: Multiple XSS & CSRF (Cross-Site Request Forgery) in miniblog (17.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23005: Multiple XSS in N-13 News (17.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23004: Multiple Vulnerabilities in e107 (17.06.2011)
 documentHigh-Tech Bridge Security Research, HTB23012: Gogago YouTube Video Converter ActiveX Control "Download()" Buffer Overflow Vulnerability (17.06.2011)

Adobe Reader / Acrobat multiple security vulnerabilities
updated since 17.06.2011
Published:19.06.2011
Source:
SecurityVulns ID:11740
Type:client
Threat Level:
7/10
Description:Buffer overflow, memory corruption, code execution, cross document scripting
Affected:ADOBE : Reader 10.0
 ADOBE : Acrobat 10.0
CVE:CVE-2011-2106 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2105 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data.)
 CVE-2011-2104 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2103 (Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2102 (Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.)
 CVE-2011-2101 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability.")
 CVE-2011-2100 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.)
 CVE-2011-2099 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098.)
 CVE-2011-2098 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2099.)
 CVE-2011-2097 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2095.)
 CVE-2011-2096 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2095 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097.)
 CVE-2011-2094 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097.)
Original documentdocumentZDI, ZDI-11-218: Adobe Acrobat Reader tesselate.x3d Multimedia Playing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-219: Adobe Acrobat Reader 3difr.x3d Multimedia Playing Remote Code Execution Vulnerability (19.06.2011)
Files:Security updates available for Adobe Reader and Acrobat

Adobe Shockwave Player multiple security vulnerabilities
updated since 17.06.2011
Published:19.06.2011
Source:
SecurityVulns ID:11741
Type:remote
Threat Level:
8/10
Description:Multiple memory corruptions, buffer overflow, code execution.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2011-2129
 CVE-2011-2127 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2124, and CVE-2011-2128.)
 CVE-2011-2126 (Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2125 (Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2124 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2127, and CVE-2011-2128.)
 CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow.)
 CVE-2011-2122 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119.)
 CVE-2011-2121 (Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2120 (Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2119 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122.)
 CVE-2011-2118 (The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability.")
 CVE-2011-2117 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.)
 CVE-2011-2116 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2111 and CVE-2011-2115.)
 CVE-2011-2115 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted tSAC chunk, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-2111 and CVE-2011-2116.)
 CVE-2011-2114 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.)
 CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2112 (Multiple buffer overflows in IML32.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2111 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2115 and CVE-2011-2116.)
 CVE-2011-2109 (Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2108 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to a "design flaw.")
 CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.)
 CVE-2011-0320 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.)
 CVE-2011-0319 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.)
 CVE-2011-0318 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.)
 CVE-2011-0317 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.)
Original documentdocumentsignaladvisory_(at)_gmail.com, [BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution (19.06.2011)
 documentIDEFENSE, iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability (19.06.2011)
 documentIDEFENSE, iDefense SecurityiDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerabilityr Signedness Vulnerability (19.06.2011)
 documentIDEFENSE, iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability (19.06.2011)
 documentZDI, ZDI-11-200: Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-205: Adobe Shockwave Missing Lctx Chunk Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-206: Adobe Shockwave GIF Decompression Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-211: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk 0xFFFFFF49 Field Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-221: Adobe Shockwave Shockwave 3d Asset.x32 DEMX 0xFFFFFF45 Field Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, TPTI-11-07: Adobe Shockwave iml32.dll CSWV Chunk Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-204: Adobe Shockwave TextXtra Text Element Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-207: Adobe Shockwave tSAC Chunk String Termination Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-210: Adobe Shockwave rcsL Chunk Parsing Misallocation Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, TPTI-11-08: Adobe Shockwave iml32.dll DEMX Chunk GIF Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, TPTI-11-11: Adobe Shockwave Lnam Chunk Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-209: Adobe Shockwave rcsL Substructure Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-212: Adobe Shockwave KEY* Chunk Invalid Size Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-213: Adobe Shockwave rcsL Trusted Offset Chunk Processing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-214: Adobe Shockwave CASt Chunk Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-220: Adobe Shockwave Director File rcsL Chunk Multiple Opcode Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-201: Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-202: Adobe Shockwave rcsL String Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-208: Adobe Shockwave rcsL Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, TPTI-11-10: Adobe Shockwave dirapi.dll rcsL Chunk Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentIDEFENSE, iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability (19.06.2011)
 document , ZDI-11-222: Adobe Shockwave Shockwave 3d Asset.x32 DEMX Chunk Substructure Count Remote Code Execution Vulnerability (17.06.2011)
 documentZDI, ZDI-11-203: Adobe Shockwave xtcL Chunk Parsing Integer Overflow Remote Code Execution Vulnerability (17.06.2011)
 documentZDI, ZDI-11-216: Adobe Shockwave rcsL Chunk 16-bit Field Parsing Remote Code Execution Vulnerability (17.06.2011)
 documentZDI, ZDI-11-217: Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability (17.06.2011)
 documentZDI, ZDI-11-215: Adobe Shockwave DEMX Chunk Multiple Field Parsing Remote Code Execution Vulnerability (17.06.2011)
Files:Security update available for Adobe Shockwave Player

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod