Computer Security
[EN] securityvulns.ru no-pyccku


VMWare applications multiple security vulnerabilities
updated since 12.04.2010
Published:19.04.2010
Source:
SecurityVulns ID:10754
Type:local
Threat Level:
5/10
Description:Code execution, privilege escalation, buffer overflow, format string vulnerabilities, DoS, information leaks.
Affected:VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 2.5
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Workstation 6.5
 VMWARE : VMware Player 2.5
 VMWARE : VMware ACE 2.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Fusion 2.0
 VMWARE : VMware ESXi 4.0
 VMWARE : VMware ESX 4.0
 VMWARE : VMware Workstation 7.0
 VMWARE : VMware Player 3.0
 VMWARE : VMware ACE 2.6
 VMWARE : VMware Fusion 3.0
 VMWARE : VMware VIX API for Windows 1.6
CVE:CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.)
 CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.)
 CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk.)
 CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Linux, and VMware Fusion 2.x before 2.0.7 build 246742, allows local users to gain privileges via format string specifiers in process metadata.)
 CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.)
 CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.)
 CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.)
 CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted HexTile-encoded video chunks that trigger heap-based buffer overflows, related to "integer truncation errors.")
 CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding.)
Original documentdocumentAlexandr Polyakov, [DSecRG-09-053] VMware Remoute Console - format string (19.04.2010)
 documentACROS Security, ACROS Security: Local Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-2) (14.04.2010)
 documentACROS Security, ACROS Security: Remote Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-1) (14.04.2010)
 documentIDEFENSE, iDefense Security Advisory 04.09.10: VMware VMnc Codec Heap Overflow Vulnerability (13.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - VMware Products Movie Decoder Heap Overflow Vulnerability (12.04.2010)
 documentSECUNIA, Secunia Research: VMWare VMnc Codec HexTile Encoding Buffer Overflow (12.04.2010)
 documentSECUNIA, Secunia Research: VMWare VMnc Codec HexTile Encoding Two Integer Truncation Vulnerabilities (12.04.2010)
 documentVMWARE, VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues (12.04.2010)

Adobe Acrobat and Reader multiple security vulnerabilities
Published:19.04.2010
Source:
SecurityVulns ID:10768
Type:remote
Threat Level:
8/10
Description:Multiple buffer overflows, memory corruptions, code execution, crossite scripting, DoS conditions.
Affected:ADOBE : Acrobat 9.3
 ADOBE : Reader 9.3
 ADOBE : Acrobat 8.2
 ADOBE : Reader 8.2
CVE:CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.)
 CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201.)
 CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202.)
 CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203.)
 CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204.)
 CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203.)
 CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.)
 CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204.)
 CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193.)
 CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204.)
 CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196.)
 CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196.)
 CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability.")
 CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader GIF Data Buffer Overflow Vulnerability (19.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader JPEG Data Buffer Overflow Vulnerability (19.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader BMP Data Buffer Overflow Vulnerability (19.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader PNG Data Buffer Overflow Vulnerability (19.04.2010)
 documentZDI, ZDI-10-071: Adobe Reader TrueType Font Handling Remote Code Execution Vulnerability (19.04.2010)
 documentADOBE, Security update available for Adobe Reader and Acrobat (19.04.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.04.2010
Source:
SecurityVulns ID:10769
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:E107 : e107 0.7
 APACHE : OFBiz 9.04
 OPENTAPS : Opentaps 1.4
 NEOGIA : Neogia 1.0
 ENTENTEOYA : Entente Oya 1.6
 OPENSCRUTIN : Openscrutin 1.03
 NUCLEUS : Nucleus 3.51
 RJITOP : RJ-iTop 3.0
CVE:CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.)
Original documentdocumentSECUNIA, Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability (19.04.2010)
 documentwsn1983_(at)_gmail.com, RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities (19.04.2010)
 documenteidelweiss, Nucleus CMS v.3.51 (DIR_LIBS) Multiple Vulnerability (19.04.2010)
 documentVUPEN Security Research, VUPEN Web Security Research - WebAsyst Shop-Script Multiple Input Validation Vulnerabilities (19.04.2010)
 documentinfo_(at)_securitylab.ir, Ziggurat CMS Multiple Vulnerabilities (19.04.2010)
 documenteidelweiss, 60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability (19.04.2010)
 documentInj3ct0r.com, Openscrutin 1.03 (RFI/LFI) Multiple File Include Vulnerability (19.04.2010)
 documentJacopo Cappellato, [CVE-2010-0432] Apache OFBiz Multiple XSS Vulnerabilities (19.04.2010)

irssi multiple security vulnerabilities
Published:19.04.2010
Source:
SecurityVulns ID:10770
Type:remote
Threat Level:
5/10
Description:Insufficient SSL certificate and version validation, DoS.
Affected:IRSSI : irssi 0.8
CVE:CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.)
 CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.)
Original documentdocumentUBUNTU, [USN-929-1] irssi vulnerabilities (19.04.2010)

KDE kdm race conditions
Published:19.04.2010
Source:
SecurityVulns ID:10771
Type:local
Threat Level:
5/10
Description:race conditions allow to change file permissions.
Affected:KDE : KDE 3.5
CVE:CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:074 ] kdebase (19.04.2010)

ejabberd XMPP/Jabber server DoS
Published:19.04.2010
Source:
SecurityVulns ID:10772
Type:remote
Threat Level:
5/10
Description:Array overflows on large number of simulationeus c2s messages.
Affected:EJABBERD : ejabberd 2.1
CVE:CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2033-1] New ejabberd packages fix denial of service (19.04.2010)

Cisco Secure Desktop ActiveX code execution
Published:19.04.2010
Source:
SecurityVulns ID:10773
Type:client
Threat Level:
7/10
Description:Web Install ActiveX allows to download and execute code due to failed signature validation.
Affected:CISCO : Cisco Secure Desktop 3.5
CVE:CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.)
Original documentdocumentZDI, ZDI-10-072: Cisco Secure Desktop CSDWebInstaller ActiveX Control Remote Code Execution Vulnerability (19.04.2010)
 documentCISCO, Cisco Security Advisory: Cisco Secure Desktop ActiveX Control Code Execution Vulnerability (19.04.2010)

IBM BladeCenter Management Module DoS
Published:19.04.2010
Source:
SecurityVulns ID:10774
Type:remote
Threat Level:
4/10
Description:DoS on tcp/3900 traffic processing.
Original documentdocumentAlexandr Polyakov, [DSECRG-09-049] IBM BladeCenter Management Module - DoS vulnerability (19.04.2010)

Imperva SecureSphere Web Application Firewall protection bypass
Published:19.04.2010
Source:
SecurityVulns ID:10775
Type:remote
Threat Level:
4/10
Affected:IMPERVA : SecureSphere 7.0
CVE:CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall 5.0.0.5082 through 7.0.0.7078 allow remote attackers to bypass intrusion-prevention functionality via a request that has an appended long string containing an unspecified manipulation.)
Original documentdocumentScott Miles, Imperva SecureSphere Web Application Firewall and Database Firewall Bypass Vulnerability (19.04.2010)

Micropoint Proactive Denfense privilege escalation
Published:19.04.2010
Source:
SecurityVulns ID:10776
Type:local
Threat Level:
5/10
Description:User-controlled kernel memory access on IOCTL processing.
Original documentdocumentdlrow1991_(at)_ymail.com, Micropoint Proactive Denfense Mp110013.sys <= 1.3.10123.0 Local Privilege Escalation Exploit (19.04.2010)
Files:Micropoint Proactive Denfense Mp110013.sys <= 1.3.10123.0 Local Privilege Escalation Exploit

iomega Home Media Network Hard Drive unauthorized access
Published:19.04.2010
Source:
SecurityVulns ID:10777
Type:remote
Threat Level:
5/10
Description:Web interface allows SMB access to device and network it's connected to.
Affected:EMC : Iomega Home Media Network Hard Drive
Original documentdocumentfizix610_(at)_hotmail.com, Unauthenticated Filesystem Access in iomega Home Media Network Hard Drive (19.04.2010)

Visualization Library memory corruption
Published:19.04.2010
Source:
SecurityVulns ID:10778
Type:library
Threat Level:
5/10
Description:Memory corruption on .dat files parsing.
Affected:VISUALIZATIONLIB : Visualization Library 2009.08
CVE:CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library 2009.08.812 allow user-assisted remote attackers to execute arbitrary code via a crafted DAT file, related to the (1) vl::loadDAT and (2) vl::isDAT functions.)
Original documentdocumentSECUNIA, Secunia Research: Visualization Library DAT File Parsing Vulnerabilities (19.04.2010)

Apple Mac OS X multiple security vulnerabilities
updated since 07.04.2010
Published:19.04.2010
Source:
SecurityVulns ID:10746
Type:remote
Threat Level:
7/10
Description:Code execution on Internet Enabled Disk Image files. Multiple vulnerabilities in ImageIO,
CVE:CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.)
 CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.)
Original documentdocumentZDI, ZDI-10-076: Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability (19.04.2010)
 documentZDI, ZDI-10-039: Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability (07.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod