Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.02.2011
Source:
SecurityVulns ID:11446
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VANILLAFORUMS : Vanilla Forums 2.0
 DRUPAL : Drupal 6.20
 GDSTARRATING : GD Star Rating 1.9
 COMMENTRATING : Comment Rating 2.9
 STARBOXVOTING : Starbox Voting 2.0
 VOTEITUP : Vote It Up 1.2
 WORDPRESS : Z-Vote 1.1
 CDNVOTE : cdnvote 0.4
 WSNGUEST : WSN Guest 1.24
Original documentdocumentAliaksandr Hartsuyeu, www.eVuln.com : "time" SQL Injection vulnerability in WSN Guest (22.02.2011)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "wsnuser" Cookie SQL Injection vulnerability in WSN Guest (22.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22845: SQL Injection in cdnvote wordpress plugin (22.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22844: XSS in GD Star Rating wordpress plugin (22.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22841: SQL Injection in Comment Rating wordpress plugin (22.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22839: SQL Injection in Z-Vote wordpress plugin (22.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22838: Path disclosure in Vote It Up wordpress plugin (22.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22840: Path disclosure in Starbox Voting wordpress plugin (22.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22842: Path disclosure in Comment Rating wordpress plugin (22.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22843: Path disclosure in GD Star Rating wordpress plugin (22.02.2011)
 documentYGN Ethical Hacker Group, Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability (22.02.2011)
 documentMustLive, Brute Force и Abuse of Functionality уязвимости в Drupal (22.02.2011)
 documentMustLive, Abuse of Functionality уязвимости в Drupal (22.02.2011)
 documentMustLive, Denial of Service vulnerability in Megapolis.Portal Manager (22.02.2011)

Google Chrome multiple security vulonerabilities
Published:22.02.2011
Source:
SecurityVulns ID:11447
Type:client
Threat Level:
7/10
Description:Memory corruptions, crossite scripting, DoS conditions.
Affected:GOOGLE : Chrome 9.0
CVE:CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.)
 CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
 CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
 CVE-2011-0783 (Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting.")
 CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.)
 CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2166-1] chromium-browser security update (22.02.2011)

Cisco Security Agent code execution
Published:22.02.2011
Source:
SecurityVulns ID:11448
Type:remote
Threat Level:
6/10
Description:Code execution via Web management interface.
Affected:CISCO : Cisco Security Agent 5.1
 CISCO : Cisco Security Agent 5.2
CVE:CVE-2011-036
Original documentdocumentZDI, ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability (22.02.2011)
 documentCISCO, Cisco Security Advisory: Management Center for Cisco Security Agent Remote Code Execution Vulnerability (22.02.2011)

telepathy-gabble stream hijacking
Published:22.02.2011
Source:
SecurityVulns ID:11449
Type:remote
Threat Level:
6/10
Description:It's possible to hijack media stream with google:jingleinfo packet.
Affected:TELEPATHY : telepathy-gabble 0.9
Original documentdocumentDEBIAN, [SECURITY] [DSA 2169-1] telepathy-gabble security update (22.02.2011)

PHP grapheme_extract DoS
Published:22.02.2011
Source:
SecurityVulns ID:11450
Type:library
Threat Level:
5/10
Description:NULL pointer dereference
Affected:PHP : PHP 5.3
CVE:CVE-2011-0420 (The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.)
Original documentdocumentMarcin Orlowski, Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (22.02.2011)
 documentMaksymilian Arciemowicz, PHP 5.3.5 grapheme_extract() NULL Pointer Dereference (22.02.2011)

Novell iPrint LPD daemon buffer overflow
Published:22.02.2011
Source:
SecurityVulns ID:11451
Type:remote
Threat Level:
6/10
Description:Buffer overflow on TCP/515 traffic parsing.
Original documentdocumentZDI, ZDI-11-087: Novell iPrint LPD Remote Code Execution Vulnerability (22.02.2011)

Novell ZenWorks TFTP Server buffer overflow
Published:22.02.2011
Source:
SecurityVulns ID:11452
Type:remote
Threat Level:
5/10
Description:Buffer overflow on TFTP request parsing.
CVE:CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.)
Original documentdocumentZDI, ZDI-11-089: Novell ZenWorks TFTPD Remote Code Execution Vulnerability (22.02.2011)

IBM Lotus Domino Sametime crossite scripting
Published:22.02.2011
Source:
SecurityVulns ID:11453
Type:remote
Threat Level:
5/10
Description:stconf.nsf crossite scripting
Affected:IBM : Lotus Domino Sametime 8.0
CVE:CVE-2011-1038 (Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO.)
Original documentdocumentbarkley_(at)_usa.net, Re: Domino Sametime Multiple Reflected Cross-Site Scripting (22.02.2011)
 documentdavid.daly_(at)_dionach.com, Domino Sametime Multiple Reflected Cross-Site Scripting (22.02.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod