Computer Security
[EN] securityvulns.ru no-pyccku


Objectivity/DB unauthorized access
Published:18.01.2011
Source:
SecurityVulns ID:11352
Type:remote
Threat Level:
5/10
Description:It's possible to execute commands without authentication.
Affected:OBJECTIVITY : Objectivity/DB 10
Original documentdocumentJeremy Brown, Objectivity/DB Lack of Authentication Remote Exploit (18.01.2011)
Files:Objectivity/DB Lack of Authentication Remote Exploit

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.01.2011
Source:
SecurityVulns ID:11353
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SEOPANEL : Seo Panel 2.2
 CONTAO : Contao CMS 2.9
 IBM : Cognos Business Intelligence 8.4
CVE:CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default_news or (2) sponsors cookies, which are not properly handled by (a) controllers/index.ctrl.php or (b) controllers/settings.ctrl.php.)
Original documentdocumentMustLive, Уязвимость в b-cumulus (18.01.2011)
 documentSpala Ferenc, SECURITY ADVISORY IBM Cognos 8 Business Intelligence 8.4.1 (18.01.2011)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue (18.01.2011)
 documentMark Stanislav, 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331) (18.01.2011)

Prewikka weak permissions
Published:18.01.2011
Source:
SecurityVulns ID:11354
Type:local
Threat Level:
5/10
Description:Weak permission for configuration file with database password.
Affected:PREWIKKA : Prewikka 0.9
CVE:CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password.)
Original documentdocumentGENTOO, [ GLSA 201101-07 ] Prewikka: password disclosure (18.01.2011)

SAP Management Console security vulnerabilities
Published:18.01.2011
Source:
SecurityVulns ID:11355
Type:remote
Threat Level:
5/10
Description:Information leakage, DoS.
Affected:SAP : SAP 6.40
 SAP : SAP 7.20
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2011-002] SAP Management Console Information Disclosure (18.01.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-001] SAP Management Console Unauthenticated Service Restart (18.01.2011)

ICQ update server spoofing
Published:18.01.2011
Source:
SecurityVulns ID:11356
Type:m-i-t-m
Threat Level:
5/10
Description:Server and updates identity is not checked during automated update.
Affected:ICQ : ICQ 7.2
Original documentdocumentDaniel Seither, Remote Code Execution in ICQ 7 (18.01.2011)
Files:ICQ Update File Creator
 Fake ICQ update server

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod