Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.04.2011
Source:
SecurityVulns ID:11601
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WEBSPELL : webSPELL 4.2
 INTERRA : InTerra Blog Machine 1.84
 TIMTHUMB : TimThumb 1.24
 PROFPROJECTS : Universal Post Manager 1.0
 DALBUM : Dalbum 1.43
 WORDPRESS : SocialGrid 2.3
 WORDPRESS : WP-StarsRateBox 1.1
 OCOMON : Ocomon 2.6
 CPASSMAN : Collaborative Passwords Manager 1.82
Original documentdocumentEwerson Guimarгes (Crash) - Dclabs, [DCA-2011-0011] - Ocomon Multiple SQL Injection (19.04.2011)
 documentMustLive, Уязвимости во многих темах для ExpressionEngine (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22939: Multiple SQL Injection in Universal Post Manager wordpress plugin (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22943: XSS in Dalbum (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22934: SQL Injection in WP-StarsRateBox wordpress plugin (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22932: Multiple XSS in webSPELL (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22933: Multiple Path disclosure in webSPELL (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22935: Multiple XSS in WP-StarsRateBox wordpress plugin (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22940: XSS in SocialGrid wordpress plugin (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22941: CSRF (Cross-Site Request Forgery) in Dalbum (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22942: Path disclousure in Dalbum (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22937: Path disclosure in Universal Post Manager wordpress plugin (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22938: Multiple XSS in Universal Post Manager wordpress plugin (19.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22931: XSS vulnerability in InTerra Blog Machine (19.04.2011)

IBM Tivoli Directory Server buffer overflow
Published:19.04.2011
Source:
SecurityVulns ID:11602
Type:remote
Threat Level:
7/10
Description:Buffer overflow in LDAP (TCP/389) CRAM-MD5 authentication.
CVE:CVE-2011-1206 (Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information.)
Original documentdocumentZDI, ZDI-11-136: IBM Tivoli Directory Server ibmslapd.exe SASL Bind Request Remote Code Execution Vulnerability (19.04.2011)

EMC RSA Adaptive Authenticatio crossite scripting
updated since 19.04.2011
Published:19.04.2011
Source:
SecurityVulns ID:11603
Type:remote
Threat Level:
5/10
Description:Flash file crossite scripting.
Affected:RSA : AOOP 5.7
 RSA : AOOP 6.0
CVE:CVE-2011-1422 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.)
Original documentdocumentEMC, ESA-2011-014: RSA, The Security Division of EMC, announces the release of Adaptive Authentication (On-Premise) Flash File Security Patch (19.04.2011)

EMC Networker weak permissions
Published:19.04.2011
Source:
SecurityVulns ID:11604
Type:local
Threat Level:
5/10
Description:Weak permissions for executable file.
Affected:EMC : NetWorker 7.6
CVE:CVE-2011-1421 (EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.)
Original documentdocumentEMC, ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability (19.04.2011)

KDE KHTML crossite scripting
Published:19.04.2011
Source:
SecurityVulns ID:11606
Type:library
Threat Level:
5/10
Description:Crossite scripting via error pages.
Affected:KDE : KDE 4.3
 KDE : KDE 4.4
 KDE : KDE 4.5
CVE:CVE-2011-1168 (Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.)
Original documentdocumentUBUNTU, [USN-1110-1] KDE-Libs vulnerabilities (19.04.2011)

KDE KGet directory traversal
Published:19.04.2011
Source:
SecurityVulns ID:11607
Type:client
Threat Level:
5/10
Description:Directory traversal via filename.
Affected:KDE : KDE 4.3
 KDE : KDE 4.4
 KDE : KDE 4.5
CVE:CVE-2011-1586 (Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.)
Original documentdocumentUBUNTU, [USN-1114-1] KDENetwork vulnerability (19.04.2011)

CA TotalDefence multiple security vulnerabilities
Published:19.04.2011
Source:
SecurityVulns ID:11608
Type:remote
Threat Level:
7/10
Description:SQL injection, directory traversal, information leakage, unauthorized access.
Affected:CA : CA Total Defense 12.0
CVE:CVE-2011-1655 (The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service.)
 CVE-2011-1654 (Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx.)
 CVE-2011-1653 (Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.)
Original documentdocumentZDI, ZDI-11-126: CA Total Defense Suite Heartbeat Web Service Remote Code Execution Vulnerability (19.04.2011)
 documentZDI, ZDI-11-128: CA Total Defense Suite UnassignFunctionalUsers Stored Procedure SQL Injection Vulnerability (19.04.2011)
 documentZDI, ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability (19.04.2011)
 documentZDI, ZDI-11-129: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability (19.04.2011)
 documentZDI, ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability (19.04.2011)
 documentZDI, ZDI-11-131: CA Total Defense Suite NonAssignedUserList Stored Procedure SQL Injection Vulnerability (19.04.2011)
 documentZDI, ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability (19.04.2011)
 documentZDI, ZDI-11-133: CA Total Defense Suite UNC Management Console DeleteReports SQL Injection Vulnerability (19.04.2011)
 documentZDI, ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability (19.04.2011)
 documentCA, CA20110413-01: Security Notice for CA Total Defense (19.04.2011)

Apple WebKit / Safari multiple security vulnerabilities
updated since 19.04.2011
Published:21.04.2011
Source:
SecurityVulns ID:11605
Type:client
Threat Level:
7/10
Description:Integer overflow, use-after-free.
Affected:APPLE : Safari 5.0
CVE:CVE-2011-1344 (Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.)
 CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.)
Original documentdocumentZDI, ZDI-11-138: Webkit Undefined DOM Prototype Attach Remote Code Execution Vulnerability (21.04.2011)
 documentZDI, ZDI-11-139: Webkit Anonymous Frame Remote Code Execution Vulnerability (21.04.2011)
 documentZDI, ZDI-11-140: Webkit Detached Body Element Remote Code Execution Vulnerability (21.04.2011)
 documentZDI, ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability (19.04.2011)
 documentZDI, ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability (19.04.2011)
 documentVUPEN Security Research, VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) (19.04.2011)
 documentAPPLE, About the security content of Safari 5.0.5 (19.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod