Computer Security

Search:Vulnerability:21.12.2010
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.12.2010
Source:
SecurityVulns ID:11319
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SOCIALSHARE : Social Share 2010-06-05
 IMPRESSCMS : ImpressCMS 1.2
 HTMLEDIT : HTML-EDIT CMS 3.1
 HABARI : Habari 0.6
 GETSIMPLE : GetSimple CMS 2.03
 INJADER : Injader CMS 2.4
 HYCUS : Hycus CMS 1.0
 ELCOM : CommunityManager.NET 6.7
 CALIBRE : Calibre 0.7
Original documentdocumentJanek Vind, [waraxe-2010-SA#077] - Multiple Vulnerabilities in Calibre 0.7.34 (21.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : Authentication Bypass by SQL Injection in Social Share (21.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "postid" SQL Injection in Social Share (21.12.2010)
 documentSense of Security, Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004 (21.12.2010)
 documentadvisory_(at)_htbridge.ch, LFI in Hycus CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL injection in Hycus CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Injader CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL injection in Injader CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL injection in Injader CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Injader CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL injection in Hycus CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL injection in Hycus CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL injection in Hycus CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, Path disclosure in GetSimple CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Habari (21.12.2010)
 documentadvisory_(at)_htbridge.ch, SQL Injection in HTML-EDIT CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, Path disclosure in Habari (21.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in Habari (21.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS in HTML-EDIT CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, Path disclosure in HTML-EDIT CMS (21.12.2010)
 documentadvisory_(at)_htbridge.ch, XSS vulnerability in ImpressCMS (21.12.2010)
Discuss:Read or add your comments to this news (0 comments)

BSD systems CARDP protocol DoS
Published:21.12.2010
Source:BUGTRAQ
SecurityVulns ID:11321
Type:remote
Level:5/10
Description:It's possible to bring all nodes to backup state by using replay attack.
Affected:OPENBSD : OpenBSD 4.8
Original documentdocumentSam Banks, OpenBSD CARP Hash Vulnerability (21.12.2010)
Discuss:Read or add your comments to this news (0 comments)

Real Player multiple security vulnerabilities
updated since 14.12.2010
Published:21.12.2010
Source:BUGTRAQ
SecurityVulns ID:11295
Type:client
Level:8/10
Description:Buffer overflows on RA5, RealMedia, AAC etc.
Affected:REAL : RealPlayer 11.0
 REAL : RealPlayer SP 1.1
 REAL : RealPlayer 12.0
CVE:CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted audio stream in a RealMedia file.)
 CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file.)
Original documentdocumentSECUNIA, Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability (20.12.2010)
 documentSECUNIA, Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability (20.12.2010)
 documentSECUNIA, Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability (20.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004) (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003) (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005) (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30) (14.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31) (14.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability (14.12.2010)
Discuss:Read or add your comments to this news (0 comments)

SAP Crystal Reports ActiveX buffer overflow
Published:21.12.2010
Source:BUGTRAQ
SecurityVulns ID:11320
Type:client
Level:6/10
Description:Buffer overflow in ServerResourceVersion property of CrystalReports12.CrystalPrintControl.1 control.
CVE:CVE-2010-2590 (Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.)
Original documentdocumentSECUNIA, Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow (21.12.2010)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru