Computer Security
[EN] securityvulns.ru no-pyccku


Real Player multiple security vulnerabilities
updated since 14.12.2010
Published:21.12.2010
Source:
SecurityVulns ID:11295
Type:client
Threat Level:
8/10
Description:Buffer overflows on RA5, RealMedia, AAC etc.
Affected:REAL : RealPlayer 11.0
 REAL : RealPlayer SP 1.1
 REAL : RealPlayer 12.0
CVE:CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted audio stream in a RealMedia file.)
 CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file.)
Original documentdocumentSECUNIA, Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability (20.12.2010)
 documentSECUNIA, Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability (20.12.2010)
 documentSECUNIA, Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability (20.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004) (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003) (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005) (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30) (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31) (14.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability (14.12.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.12.2010
Source:
SecurityVulns ID:11319
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SOCIALSHARE : Social Share 2010-06-05
 IMPRESSCMS : ImpressCMS 1.2
 HTMLEDIT : HTML-EDIT CMS 3.1
 HABARI : Habari 0.6
 GETSIMPLE : GetSimple CMS 2.03
 INJADER : Injader CMS 2.4
 HYCUS : Hycus CMS 1.0
 ELCOM : CommunityManager.NET 6.7
 CALIBRE : Calibre 0.7
Original documentdocumentJanek Vind, [waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34 (21.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : Authentication Bypass by SQL Injection in Social Share (21.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "postid" SQL Injection in Social Share (21.12.2010)
 documentSense of Security, Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004 (21.12.2010)
 documentHigh-Tech Bridge Security Research, LFI in Hycus CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in Hycus CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Injader CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in Injader CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in Injader CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Injader CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in Hycus CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in Hycus CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, SQL injection in Hycus CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, Path disclosure in GetSimple CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Habari (21.12.2010)
 documentHigh-Tech Bridge Security Research, SQL Injection in HTML-EDIT CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, Path disclosure in Habari (21.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Habari (21.12.2010)
 documentHigh-Tech Bridge Security Research, XSS in HTML-EDIT CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, Path disclosure in HTML-EDIT CMS (21.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in ImpressCMS (21.12.2010)

SAP Crystal Reports ActiveX buffer overflow
Published:21.12.2010
Source:
SecurityVulns ID:11320
Type:client
Threat Level:
6/10
Description:Buffer overflow in ServerResourceVersion property of CrystalReports12.CrystalPrintControl.1 control.
CVE:CVE-2010-2590 (Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.)
Original documentdocumentSECUNIA, Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow (21.12.2010)

BSD systems CARDP protocol DoS
Published:21.12.2010
Source:
SecurityVulns ID:11321
Type:remote
Threat Level:
5/10
Description:It's possible to bring all nodes to backup state by using replay attack.
Affected:OPENBSD : OpenBSD 4.8
Original documentdocumentSam Banks, OpenBSD CARP Hash Vulnerability (21.12.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod