Computer Security
[EN] securityvulns.ru no-pyccku


HP Data Protector Express privilege escalation
updated since 11.09.2010
Published:17.09.2010
Source:
SecurityVulns ID:11130
Type:remote
Threat Level:
5/10
Description:Buffer overflow in DtbClsLogin
Affected:HP : HP Data Protector Express 3.5
 HP : HP Data Protector Express 4.0
CVE:CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.)
 CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.)
Original documentdocumentZDI, ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability (17.09.2010)
 documentHP, [security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local (11.09.2010)
 documentHP, [security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code (11.09.2010)

Nokia E72 smartphone protection bypass
Published:17.09.2010
Source:
SecurityVulns ID:11150
Type:local
Threat Level:
4/10
Description:Keyboard is not locked during password validation.
Affected:NOKIA : Nokia E72
Original documentdocumentEwerson GuimarŠ³es (Crash) - Dclabs, [DCA-00016 - Nokia E72 Keyboard Password bypass] (17.09.2010)

cvsnt unauthorized access
Published:17.09.2010
Source:
SecurityVulns ID:11151
Type:remote
Threat Level:
7/10
Description:Directory traversal via branch name.
CVE:CVE-2010-1326 (perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2108-1] New cvsnt package fixes arbitrary code execution (17.09.2010)

3Com OfficeConnect Gigabit VPN Firewall crossite scripting
Published:17.09.2010
Source:
SecurityVulns ID:11153
Type:remote
Threat Level:
5/10
Affected:HP : 3Com OfficeConnect Gigabit VPN Firewall
CVE:CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP System Management Homepage (SMH) was originally assigned CVE-2010-3010 due to a CNA error, but CVE-2010-3012 is the appropriate identifier for the SMH issue.)
Original documentdocumentHP, [security bulletin] HPSBGN02577 SSRT100224 rev.2 - 3Com OfficeConnect Gigabit VPN Firewall (3CREVF100-73), Remote Cross Site Scripting (XSS) (17.09.2010)

Flock browser crossite scripting
Published:17.09.2010
Source:
SecurityVulns ID:11154
Type:client
Threat Level:
5/10
Description:Multiple crossite scripting vulnerabilities.
CVE:CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.)
 CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.)
 CVE-2010-1236 (The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.)
 CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.)
Original documentdocumentFLOCK, [FLOCK-SA-2010-04] Flock Browser: window.open() Method Javascript Same-Origin Policy Violation (XSS) (17.09.2010)
 documentFLOCK, [FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS) (17.09.2010)
 documentFLOCK, [FLOCK-SA-2010-02] Flock Browser: A malicious RSS feed can bypass cross origin protection (XSS) (17.09.2010)
 documentFLOCK, [FLOCK-SA-2010-01] Flock Browser: A malformed favourite can bypass cross origin protection (XSS) (17.09.2010)

BACnet OPC client buffer overflow
Published:17.09.2010
Source:
SecurityVulns ID:11155
Type:client
Threat Level:
5/10
Description:Buffer overflow on SCADA data parsing.
Original documentdocumentJeremy Brown, BACnet OPC Client Buffer Overflow Exploit (17.09.2010)
Files:BACnet OPC Client Buffer Overflow Exploit

HP System Management Homepage multiple security vulnerabilities
updated since 17.09.2010
Published:27.09.2010
Source:
SecurityVulns ID:11152
Type:remote
Threat Level:
5/10
Description:Crossite scripting, information leak.
Affected:HP : HP System Management Homepage 6.0
 HP : HP System Management Homepage 6.1
CVE:CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to obtain sensitive information via unknown vectors.)
 CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for Linux 6.0 and 6.1 allows remote authenticated users to obtain sensitive information and gain root privileges via unknown vectors.)
 CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.)
Original documentdocumentHP, [security bulletin] HPSBMA02583 SSRT100070 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection (27.09.2010)
 documentHP, [security bulletin] HPSBMA02578 SSRT100069 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Information Disclosure (27.09.2010)
 documentHP, [security bulletin] HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection (27.09.2010)
 documentHP, [security bulletin] HPSBMA02568 SSRT100219 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), HTTP Response Splitting, and Other Vulnerabilities (17.09.2010)
 documentHP, [security bulletin] HPSBMA02566 SSRT100045 rev.1 - HP System Management Homepage (SMH) for Linux, Remote Disclosure of Sensitive Information (17.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod