Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.12.2009
Source:
SecurityVulns ID:10479
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:HORDE : Horde 3.3
 CETERACMS : Cetera CMS 2.9
 SITECORE : Sitecore Staging Module 5.4
 QUIXPLORER : QuiXplorer 2.4
Original documentdocumentISecAuditors Security Advisories, [ISecAuditors Security Advisories] QuiXplorer <=2.4.1beta Remote Code Execution vulnerability (17.12.2009)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Horde 3.3.5 "PHP_SELF" Cross-Site Scripting vulnerability (17.12.2009)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20091217-0 :: Authentication bypass and file manipulation in Sitecore Staging Module (17.12.2009)
 documentMustLive, Vulnerabilities in Cetera CMS (17.12.2009)

Nullsoft WinAmp multiple security vulnerabilities
Published:17.12.2009
Source:
SecurityVulns ID:10480
Type:client
Threat Level:
7/10
Description:Buffer overflows and integer overflows on Oktalyzer, Ultratracker, Impulse Tracker files parsing, JPEG, PNG.
Affected:NULLSOFT : Winamp 5.56
CVE:CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.)
 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.)
 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities (17.12.2009)
 documentSECUNIA, Secunia Research: Winamp Oktalyzer Parsing Integer Overflow Vulnerability (17.12.2009)
 documentSECUNIA, Secunia Research: Winamp Ultratracker File Parsing Buffer Overflow (17.12.2009)
 documentSECUNIA, Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow (17.12.2009)
 documentSECUNIA, Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows (17.12.2009)

Mozilla Firefox multiple security vulnerabilities
Published:17.12.2009
Source:
SecurityVulns ID:10481
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions on HTML and media formats parsing, NTLM reflection attacks, location spoofing, privilege escalation, information leak.
Affected:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.0
 MOZILLA : Firefox 3.5
CVE:CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects.)
 CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.)
 CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.)
 CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.)
 CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.)
 CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.)
 CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues.")
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2009-70 (17.12.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-65 (17.12.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-66 (17.12.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-67 (17.12.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-68 (17.12.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-69 (17.12.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-71 (17.12.2009)

VMWare vCenter / ESX / WebWorks Help crossite scripting
Published:17.12.2009
Source:
SecurityVulns ID:10482
Type:remote
Threat Level:
5/10
Affected:VMWARE : VMware Server 2.0
 VMWARE : VMware ESX 4.0
 VMWARE : vCenter 4.0
 VMWARE : VMWare Lab Manager 4.0
CVE:CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.)
Original documentdocumentVMWARE, VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues (17.12.2009)

Cisco ASA SSL VPN protection bypass
Published:17.12.2009
Source:
SecurityVulns ID:10484
Type:remote
Threat Level:
5/10
Description:It's possible to bypass URL filtering feature.
Affected:CISCO : Cisco ASA 5500
Original documentdocumentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Cisco ASA <= 8.x VPN SSL module Clientless URL-list control bypass (17.12.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod