Computer Security
[EN] securityvulns.ru no-pyccku


Adobe Shockwave multiple security vulnerabilities
updated since 12.05.2010
Published:21.05.2010
Source:
SecurityVulns ID:10828
Type:client
Threat Level:
9/10
Description:Multiple buffer overflows, integer overflows, memory corruptions, code executions.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.)
 CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.)
 CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.)
 CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.)
 CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.)
 CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.)
 CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.)
 CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.)
 CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.)
 CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.)
 CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.)
 CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.)
 CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.)
 CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.)
 CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.)
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.)
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.)
Original documentdocumentmac68k_(at)_gmail.com, [Kil13r-SA-20100513] Adobe Flash Player 10.0 Denial Of Service Vulnerability (21.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption (12.05.2010)
 documentIDEFENSE, iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite (12.05.2010)
 documentADOBE, Security update available for Shockwave Player (12.05.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0405] Adobe Director Invalid Read (12.05.2010)
 documentZDI, ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability (12.05.2010)

MIT Kerberos 5 GSS-API library DoS
Published:21.05.2010
Source:
SecurityVulns ID:10853
Type:library
Threat Level:
5/10
Description:NULL pointer dereference in server side code.
Affected:MIT : krb5 1.8
CVE:CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.)
Original documentdocumentMIT, MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref (21.05.2010)

USR5463 wireless router crossite scripting
Published:21.05.2010
Source:
SecurityVulns ID:10854
Type:remote
Threat Level:
4/10
Description:Crossite scripting via configuration page.
Affected:USR : USR5463
Original documentdocumentsh4v_(at)_n3t-datagrams.net, XSS bug in US Robotics firmware USR5463-v0_06.bin (21.05.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.05.2010
Source:
SecurityVulns ID:10855
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 LISKCMS : LiSK CMS 4.4
 OCPRODUCTS : ocPortal 4.3
Original documentdocumentVUPEN Security Research, Cacti Multiple Parameter Cross Site Scripting Vulnerabilities (21.05.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in NPDS REvolution (21.05.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in LiSK CMS (21.05.2010)
 documentepixoip, SDS Parent Connect SQL Injection (21.05.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in ocPortal (21.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in LiSK CMS (21.05.2010)
 documentMustLive, Vulnerability in widget FlashTagCloud for Blogsa (21.05.2010)
 documentinfo_(at)_securitylab.ir, Smart Douran CMS Remote File Download (21.05.2010)

Linux Mint 9 symbolic links vulnerability
Published:21.05.2010
Source:
SecurityVulns ID:10856
Type:local
Threat Level:
5/10
Description:mintUpdate utility symbolic links vulnerability.
Original documentdocumentL4teral, Linux Mint 8 mintUpdate Insecure Temporary File Creation (21.05.2010)

Orbit Downloader directory traversal
Published:21.05.2010
Source:
SecurityVulns ID:10857
Type:client
Threat Level:
5/10
Description:metalink files directory traversal.
Affected:ORBITDOWNLOADER : Orbit Downloader 3.0
Original documentdocumentSECUNIA, Secunia Research: Orbit Downloader metalink "name" Directory Traversal (21.05.2010)

HP-UX NFS/ONCplus DoS
Published:21.05.2010
Source:
SecurityVulns ID:10858
Type:remote
Threat Level:
5/10
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
CVE:CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.)
Original documentdocumentHP, [security bulletin] HPSBUX02523 SSRT100036 rev.1 - HP-UX Running ONCPlus, Remote Denial of Service (DoS), Increase in Privilege (21.05.2010)

X.Org X11R7 memory corruption
Published:21.05.2010
Source:
SecurityVulns ID:10859
Type:local
Threat Level:
5/10
Description:Memory corruption on client application request processing.
Affected:XORG : X11 7.1
 XORG : X.Org 1.4
CVE:CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.)
Original documentdocumentUBUNTU, [Suspected Spam][USN-939-1] X.org vulnerabilities (21.05.2010)

Wireshark memory corruption
Published:21.05.2010
Source:
SecurityVulns ID:10860
Type:remote
Threat Level:
5/10
Description:Memory corruption on DOCSIS protocol parsing.
CVE:CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:099 ] wireshark (21.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod