Computer Security
[EN] securityvulns.ru no-pyccku


HP StorageWorks MSA2000 backdoor account
updated since 15.12.2010
Published:17.12.2010
Source:
SecurityVulns ID:11299
Type:remote
Threat Level:
6/10
Description:Hidden backdoor account 'admin' with password '!admin'
Affected:HP : StorageWorks MSA2000
CVE:CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.)
Original documentdocumentHP, [security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access (17.12.2010)
 documentPavel Kankovsky, Re: hidden admin user on every HP MSA2000 G3 (15.12.2010)
 documenthpdisclosure_(at)_anonmail.de, hidden admin user on every HP MSA2000 G3 (15.12.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.12.2010
Source:
SecurityVulns ID:11310
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SLICKMSG : slickMsg 0.7
 POINTERPHP : Pointter PHP Content Management System 1.0
 SOCIALSHARE : Social Share 2010-06-05
CVE:CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.)
 CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies.)
 CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php.)
Original documentdocumentCHECKPOINT, Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277 (17.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "link" and "linkdescription" XSS in Social Share (17.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "titl","url" - Non-persistent XSS in Social Share (17.12.2010)
 documentProCheckUp Research, PR10-06: Cross-domain redirect on PGP Universal Web Messenger (17.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "error" Non-persistent XSS in slickMsg (17.12.2010)
 documentMustLive, Новые уязвимости в eSitesBuilder (17.12.2010)
 documentMark Stanislav, 'Pointter PHP Micro-Blogging Social 'Pointter PHP Content Management System' Unauthorized Privilege Escalation (CVE-2010-4332) (17.12.2010)
 documentMark Stanislav, 'Pointter PHP Micro-Blogging Social Network' Unauthorized Privilege Escalation (CVE-2010-4333) (17.12.2010)

Eucalyptus unauthorized access
Published:17.12.2010
Source:
SecurityVulns ID:11311
Type:remote
Threat Level:
5/10
Description:Old password is not verified during password reset in administration interface.
Affected:EUCALYPTUS : eucalyptus 2.0
CVE:CVE-2010-3905 (The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.)
Original documentdocumentUBUNTU, [USN-1033-1] Eucalyptus vulnerability (17.12.2010)

Alt-N WebAdmin information disclosure
Published:17.12.2010
Source:
SecurityVulns ID:11312
Type:remote
Threat Level:
5/10
Description:It's possible to obtain file source code by adding %20 or %2e to request.
Affected:ALTN : WebAdmin 3.3
 ALTN : U-Mail 9.8
Original documentdocumentwsn1983_(at)_gmail.com, Alt-N WebAdmin Source Code Disclosure (17.12.2010)

HP Discovery & Dependency Mapping Inventory
Published:17.12.2010
Source:
SecurityVulns ID:11313
Type:remote
Threat Level:
5/10
Affected:HP : HP Discovery & Dependency Mapping Inventory 7.51
 HP : HP Discovery & Dependency Mapping Inventory 2.52
 HP : HP Discovery & Dependency Mapping Inventory 7.61
CVE:CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS) (17.12.2010)

HP Power Manager code execution
Published:17.12.2010
Source:
SecurityVulns ID:11314
Type:remote
Threat Level:
5/10
CVE:CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.)
Original documentdocumentHP, [security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code (17.12.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod