Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Shockwave Player integer overflows
updated since 20.01.2010
Published:21.01.2010
Source:
SecurityVulns ID:10535
Type:client
Threat Level:
7/10
Description:Integer overflows and buffer overflow on Shockwave processing.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers to execute arbitrary code via (2) an unspecified 3D block in a Shockwave file, leading to memory corruption; or (3) a crafted 3D model in a Shockwave file, leading to heap memory corruption.)
 CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.)
Original documentdocumentSECUNIA, Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow (21.01.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability (20.01.2010)

gzip integer overflow
Published:21.01.2010
Source:
SecurityVulns ID:10544
Type:library
Threat Level:
7/10
Description:Integer overflow on LZW decompression.
Affected:gzip : gzip 1.3
CVE:CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:019 ] gzip (21.01.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.01.2010
Source:
SecurityVulns ID:10545
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VPASP : VP-ASP Shopping Cart 6.50
Original documentdocumentkw3rln_(at)_ratati.org, vBulletin nulled (validator.php) files/directories disclosure (21.01.2010)
 documentCodeScan Labs, Insufficient User Input Validation in VP-ASP 6.50 Demo Code (21.01.2010)
 documentinfo_(at)_securitylab.ir, eWebeditor Directory Traversal Vulnerability (21.01.2010)

Cisco CiscoWorks Internetwork Performance Monitor buffer overflow
Published:21.01.2010
Source:
SecurityVulns ID:10547
Type:remote
Threat Level:
6/10
Description:Buffer overflow on CORBA GIP request processing.
Affected:CISCO : CiscoWorks IPM 2.6
CVE:CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA General Inter-ORB Protocol (GIOP) request, related to a "third-party component," aka Bug ID CSCsv62350.)
Original documentdocumentZDI, ZDI-10-004: Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability (21.01.2010)
 documentCISCO, Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability (21.01.2010)

HP Power Manager code execution
updated since 05.11.2009
Published:21.01.2010
Source:
SecurityVulns ID:10370
Type:remote
Threat Level:
5/10
Description:Buffer overflow during authentication via web form. Buffer overflow in /goform/formExportDataLogs, directory traversal.
Affected:HP : HP Power Manager 4.2
CVE:CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.)
 CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.)
 CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.)
Original documentdocumentSECUNIA, Secunia Research: HP Power Manager "formExportDataLogs" Directory Traversal (21.01.2010)
 documentSECUNIA, Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow (20.01.2010)
 documentHP, [security bulletin] HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code (20.01.2010)
 documentHP, [security bulletin] HPSBMA02474 SSRT090107 rev.2 - HP Power Manager, Remote Execution of Arbitrary Code (20.01.2010)
 documentZDI, ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability (08.11.2009)
 documentHP, [security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code (05.11.2009)

RealNetworks RealPlayer multiple security vulnerabilities
updated since 21.01.2010
Published:02.02.2010
Source:
SecurityVulns ID:10548
Type:client
Threat Level:
6/10
Description:Memory corruptions, buffer overflows on different codecs and media formats.
Affected:REAL : RealPlayer 10.0
 REAL : RealPlayer 11.0
CVE:CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.)
 CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.)
 CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.)
 CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.)
 CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.)
 CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow.")
 CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.)
 CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow (02.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability (02.02.2010)
 documentZDI, ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-007: RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-006: RealNetworks RealPlayer GIF Handling Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability (21.01.2010)
 documentZDI, ZDI-10-005: RealNetworks RealPlayer ASMRulebook Remote Code Execution Vulnerability (21.01.2010)

SAP Web AS multiple security vulnerabilities
updated since 21.01.2010
Published:22.02.2010
Source:
SecurityVulns ID:10546
Type:local
Threat Level:
5/10
Description:Code execution with Internet Communication Framework, information leak, crossite scripting, directory traversal.
Affected:SAP : NetWeaver 6.40
 SAP : NetWeaver 7.00
 SAP : NetWeaver 7.01
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal (22.02.2010)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection (22.02.2010)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector (22.02.2010)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2010-001] SAP WebAS Integrated ITS Remote Command Execution (21.01.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod