Computer Security

Search:Vulnerability:18.03.2010
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 18.03.2010
Published:18.03.2010
Source:
SecurityVulns ID:10694
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EFRONT : eFront 3.5
 NENSOR : Nensor CMS 2.01
 QuickSilver : Quicksilver Forums 1.4
 POWERDNS : PowerDNS Administrator 1.1
 QSF : QSF Portal 1.4
 SAHANA : Sahana 0.6
 SOOFTSAURUS : SOFTSAURUS 2.01
 DOJO : Dojo Toolkit SDK 1.4
CVE:CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.)
Original documentdocumentInj3ct0r.com, SweetRice 0.6.0 Remote File Inclusion Vulnerabilities (18.03.2010)
 documentInj3ct0r.com, Nensor CMS 2.01 Multiple Remote Vulnerabilities (18.03.2010)
 documentedgard.chammas_(at)_beyond-security.org, Sun Java System Communication Express CSRF via HPP (18.03.2010)
 documentlabs_(at)_gdssecurity.com, Multiple DOM-Based XSS in Dojo Toolkit SDK (18.03.2010)
 documentJeromie Jackson, SugarCRM Stored XSS vulnerability (18.03.2010)
 documentInj3ct0r.com, SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities (18.03.2010)
 documentChristopher, CORE-2010-0311 - eSahana 0.6.2.2 Authentication Bypass (18.03.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums Backup Information Disclosure (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability (18.03.2010)
 documentSECUNIA, Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure (18.03.2010)
 documentInj3ct0r.com, Nensor CMS 2.01 Multiple Remote Vulnerabilities (18.03.2010)
Discuss:Read or add your comments to this news (0 comments)

SAP MaxDB code execution
Published:18.03.2010
Source:BUGTRAQ
SecurityVulns ID:10698
Type:remote
Level:7/10
Description:Buffer overflow on TCP/7210 request parsing.
Original documentdocumentZDI, ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability (18.03.2010)
Discuss:Read or add your comments to this news (0 comments)

QuickZip buffer overflow
Published:18.03.2010
Source:BUGTRAQ
SecurityVulns ID:10700
Type:local
Level:5/10
Description:Buffer overflow on .zip files parsing.
Original documentdocumentsecurity_(at)_corelan.be, QuickZip 0day detailed write-up (18.03.2010)
Discuss:Read or add your comments to this news (0 comments)

libpng DoS
Published:18.03.2010
Source:CVE
SecurityVulns ID:10699
Type:library
Level:5/10
Description:Resources exhaustion on data decompression in png_decompress_chunk().
Affected:libpng : libpng 1.2
 libpng : libpng 1.0
 libpng : libpng 1.4
CVE:CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.)
Discuss:Read or add your comments to this news (0 comments)

Windisc buffer overflow
Published:18.03.2010
Source:BUGTRAQ
SecurityVulns ID:10696
Type:local
Level:3/10
Description:Buffer overflow on Banzhaf (.bnz) files parsing.
Affected:WINDISC : Windisc 1.3
Original documentdocumentsecurity_(at)_corelan.be, [CORELAN-10-13] - Windisc Local Stack BOF (18.03.2010)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Virtual PC protection bypass
Published:18.03.2010
Source:BUGTRAQ
SecurityVulns ID:10697
Type:local
Level:4/10
Description:Invalid memory regions protection for memory >2GB allows to bypass Windows memory protection techniques for guest system.
Affected:MICROSOFT : Virtual Server 2005
 MICROSOFT : Virtual PC 2007
 MICROSOFT : Windows 7
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability (18.03.2010)
Discuss:Read or add your comments to this news (0 comments)

httpdx DoS
Published:18.03.2010
Source:BUGTRAQ
SecurityVulns ID:10701
Type:remote
Level:5/10
Description:Crash on malformed HTTP request.
Affected:HTTPDX : httpdx 1.5
Original documentdocumentMehdi Mahdjoub - Sysdream IT Security Services, Vulnerability httpdx v1.5.3 (18.03.2010)
Discuss:Read or add your comments to this news (0 comments)

MediaCoder buffer overflow
Published:18.03.2010
Source:BUGTRAQ
SecurityVulns ID:10702
Type:local
Level:3/10
Description:Buffer overflow on .lst files parsing.
Affected:MEDIACODER : MediaCoder 0.7
Original documentdocumentInj3ct0r.com, MediaCoder (.lst) file local Buffer Overflow Exploit (18.03.2010)
Files:MediaCoder .lst file local buffer overflow exploit
Discuss:Read or add your comments to this news (0 comments)

Miranda IM TLS encryption vulnerability
updated since 18.03.2010
Published:07.04.2010
Source:BUGTRAQ
SecurityVulns ID:10695
Type:m-i-t-m
Level:5/10
Description:Under some conditions TLS is not used for Jabber server connection regradless of settings.
Affected:MIRANDA : Miranda IM 0.8
Original documentdocumentJan Schejbal, Miranda IM silent TLS failure (18.03.2010)
Files:Miranda IM TLS MitM Proof of Concept
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server