Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.03.2010
Published:18.03.2010
Source:
SecurityVulns ID:10694
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EFRONT : eFront 3.5
 NENSOR : Nensor CMS 2.01
 QuickSilver : Quicksilver Forums 1.4
 POWERDNS : PowerDNS Administrator 1.1
 QSF : QSF Portal 1.4
 SAHANA : Sahana 0.6
 SOOFTSAURUS : SOFTSAURUS 2.01
 DOJO : Dojo Toolkit SDK 1.4
CVE:CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.)
Original documentdocumentInj3ct0r.com, SweetRice 0.6.0 Remote File Inclusion Vulnerabilities (18.03.2010)
 documentInj3ct0r.com, Nensor CMS 2.01 Multiple Remote Vulnerabilities (18.03.2010)
 documentedgard.chammas_(at)_beyond-security.org, Sun Java System Communication Express CSRF via HPP (18.03.2010)
 documentlabs_(at)_gdssecurity.com, Multiple DOM-Based XSS in Dojo Toolkit SDK (18.03.2010)
 documentJeromie Jackson, SugarCRM Stored XSS vulnerability (18.03.2010)
 documentInj3ct0r.com, SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities (18.03.2010)
 documentChristopher, CORE-2010-0311 - eSahana 0.6.2.2 Authentication Bypass (18.03.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums Backup Information Disclosure (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure (18.03.2010)
 documentInj3ct0r.com, Nensor CMS 2.01 Multiple Remote Vulnerabilities (18.03.2010)

SAP MaxDB code execution
Published:18.03.2010
Source:
SecurityVulns ID:10698
Type:remote
Threat Level:
7/10
Description:Buffer overflow on TCP/7210 request parsing.
Original documentdocumentZDI, ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability (18.03.2010)

QuickZip buffer overflow
Published:18.03.2010
Source:
SecurityVulns ID:10700
Type:local
Threat Level:
5/10
Description:Buffer overflow on .zip files parsing.
Original documentdocumentsecurity_(at)_corelan.be, QuickZip 0day detailed write-up (18.03.2010)

libpng DoS
Published:18.03.2010
Source:
SecurityVulns ID:10699
Type:library
Threat Level:
5/10
Description:Resources exhaustion on data decompression in png_decompress_chunk().
Affected:libpng : libpng 1.2
 libpng : libpng 1.0
 libpng : libpng 1.4
CVE:CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.)

Windisc buffer overflow
Published:18.03.2010
Source:
SecurityVulns ID:10696
Type:local
Threat Level:
3/10
Description:Buffer overflow on Banzhaf (.bnz) files parsing.
Affected:WINDISC : Windisc 1.3
Original documentdocumentsecurity_(at)_corelan.be, [CORELAN-10-13] - Windisc Local Stack BOF (18.03.2010)

Microsoft Virtual PC protection bypass
Published:18.03.2010
Source:
SecurityVulns ID:10697
Type:local
Threat Level:
4/10
Description:Invalid memory regions protection for memory >2GB allows to bypass Windows memory protection techniques for guest system.
Affected:MICROSOFT : Virtual Server 2005
 MICROSOFT : Virtual PC 2007
 MICROSOFT : Windows 7
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability (18.03.2010)

httpdx DoS
Published:18.03.2010
Source:
SecurityVulns ID:10701
Type:remote
Threat Level:
5/10
Description:Crash on malformed HTTP request.
Affected:HTTPDX : httpdx 1.5
Original documentdocumentMehdi Mahdjoub - Sysdream IT Security Services, Vulnerability httpdx v1.5.3 (18.03.2010)

MediaCoder buffer overflow
Published:18.03.2010
Source:
SecurityVulns ID:10702
Type:local
Threat Level:
3/10
Description:Buffer overflow on .lst files parsing.
Affected:MEDIACODER : MediaCoder 0.7
Original documentdocumentInj3ct0r.com, MediaCoder (.lst) file local Buffer Overflow Exploit (18.03.2010)
Files:MediaCoder .lst file local buffer overflow exploit

Miranda IM TLS encryption vulnerability
updated since 18.03.2010
Published:07.04.2010
Source:
SecurityVulns ID:10695
Type:m-i-t-m
Threat Level:
5/10
Description:Under some conditions TLS is not used for Jabber server connection regradless of settings.
Affected:MIRANDA : Miranda IM 0.8
Original documentdocumentJan Schejbal, Miranda IM silent TLS failure (18.03.2010)
Files:Miranda IM TLS MitM Proof of Concept

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod