Computer Security
[EN] securityvulns.ru no-pyccku


Hewlett Packard applications multiple security vulnerabilities
updated since 18.07.2010
Published:22.07.2010
Source:
SecurityVulns ID:11009
Type:remote
Threat Level:
7/10
Description:>20 vulnerabilities in different applications are fixed.
Affected:HP : HP-UX 11.11
 HP : OpenVMS 7.3
 HP : HP-UX 11.23
 HP : Tru64 UNIX 5.1
 HP : OpenVMS 8.2
 HP : HP-UX 11.31
 HP : OpenView Network Node Manager 7.53
 HP : OpenVMS 8.3
 HP : HP Insight Software Installer 6.0
 HP : HP Insight Control 6.0
 HP : HP Client Automation Enterprise Infrastructure
 HP : HP Insight Orchestration 6.0
CVE:CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.)
 CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.)
 CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors.)
 CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests.)
 CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968.)
 CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors.)
 CVE-2010-1969 (Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.)
 CVE-2010-1968 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971.)
 CVE-2010-1967 (Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors.)
 CVE-2010-1966 (Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors.)
 CVE-2010-1965 (Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors.)
 CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.)
 CVE-2010-0083 (Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.)
 CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.)
 CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.)
 CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.)
 CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present.)
 CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.)
 CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.)
Original documentdocumentZDI, ZDI-10-137: Hewlett-Packard OpenView NNM webappmon.exe execvp_nc Remote Code Execution Vulnerability (22.07.2010)
 documentVUPEN Security Research, VUPEN Security Research - HP OpenView Network Node Manager "ov.dll" Buffer Overflow Vulnerability (CVE-2010-2704) (22.07.2010)
 documentVUPEN Security Research, VUPEN Security Research - HP OpenView Network Node Manager "nnmrptconfig.exe" Buffer Overflow (CVE-2010-2703) (22.07.2010)
 documentHP, [security bulletin] HPSBMA02557 SSRT100025 rev.1- HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code (22.07.2010)
 documentHP, [security bulletin] HPSBMA02558 SSRT010158 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code (22.07.2010)
 documentHP, [security bulletin] HPSBMA02549 SSRT090158 rev.1 - HP Insight Control Power Management for Windows, Local Unauthorized Access to Data, Denial of Service (DoS) (18.07.2010)
 documentHP, [security bulletin] HPSBMA02548 SSRT100126 rev.1 - HP Insight Orchestration for Windows, Remote Unauthorized Access (18.07.2010)
 documentHP, [security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities (18.07.2010)
 documentHP, [security bulletin] HPSBUX02450 SSRT090141 rev1 - HP-UX ttrace(2), Local Denial of Service (DoS) (18.07.2010)
 documentHP, [security bulletin] HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) (18.07.2010)
 documentHP, [security bulletin] HPSBTU02453 SSRT091037 rev.1 - HP Tru64 UNIX BIND Server, Denial of Service (DoS) (18.07.2010)
 documentHP, [security bulletin] HPSBMA02551 SSRT100165 rev.1 - HP Virtual Connect Enterprise Manager for Windows, Remote Cross Site Scripting (XSS) (18.07.2010)
 documentHP, [security bulletin] HPSBMA02553 SSRT100184 rev.1 - HP Insight Control Server Migration for Windows, Local and Remote Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) (18.07.2010)
 documentHP, [security bulletin] HPSBMA02555 SSRT100064 rev.1 - HP Client Automation Enterprise Infrastructure (Radia) Remote Disclosure of Information (18.07.2010)
 documentHP, [security bulletin] HPSBOV02539 SSRT090267 rev.1 - HP OpenVMS Auditing, Local Information Disclosure, Elevation of Privilege, Denial of Service (DoS) (18.07.2010)
 documentHP, [security bulletin] HPSBUX02556 SSRT100014 rev.1 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code (18.07.2010)
 documentHP, [security bulletin] HPSBMA02554 SSRT100018 rev.2 - HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access (18.07.2010)
 documentHP, [security bulletin] HPSBMA02550 SSRT100170 rev.2 - HP Insight Software Installer for Windows, Local Unauthorized Access to Data, Remote Cross Site Request Forgery (CSRF) (18.07.2010)

Novell Groupwise multiple security vulnerabilities
updated since 16.07.2010
Published:22.07.2010
Source:
SecurityVulns ID:11000
Type:remote
Threat Level:
6/10
Description:Buffer overflow for stack buffer (stack overrun) on Webaccess Proxy feature. Buffer overflow in IMAP.
Affected:NOVELL : GroupWise 8.0
Original documentdocumentZDI, ZDI-10-135: Novell Groupwise WebAccess Multiple Cross-Site Scripting Vulnerabilities (22.07.2010)
 documentZDI, ZDI-10-129: Novell Netware Groupwise Internet Gateway Remote Code Execution Vulnerability (18.07.2010)
 documentFrancis Provencher, {PRL} Novell Groupwise Internet Agent Stack Overflow (18.07.2010)
 documentFrancis Provencher, {PRL} Novell Groupwise Webaccess Stack Overflow (16.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod