Computer Security
[EN] securityvulns.ru no-pyccku


IBM Lotus Domino Server Controller unauthorized access
Published:23.03.2011
Source:
SecurityVulns ID:11514
Type:remote
Threat Level:
7/10
Description:User-supplied network file is used for stored user's credentials during TCP/2050 service authentication.
Affected:IBM : Lotus Domino 7.0
Original documentdocumentZDI, ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability (23.03.2011)

TeX (tex-common) shell characters vulnerability
Published:23.03.2011
Source:
SecurityVulns ID:11515
Type:local
Threat Level:
5/10
CVE:CVE-2011-1400 (The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2198-1] tex-common security update (23.03.2011)

HP Discovery & Dependency Mapping Inventory information leak
Published:23.03.2011
Source:
SecurityVulns ID:11517
Type:remote
Threat Level:
5/10
Description:public community has SNMP read access by default.
Affected:HP : HP Discovery & Dependency Mapping Inventory 7.70
 HP : HP Discovery & Dependency Mapping Inventory 9.30
CVE:CVE-2011-0890 (HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.)
Original documentdocumentHP, [security bulletin] HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration (23.03.2011)

libtiff buffer overflow
Published:23.03.2011
Source:
SecurityVulns ID:11522
Type:library
Threat Level:
6/10
Description:Buffer overflow in ThunderCode codec, stack overflow.
Affected:LIBTIFF : libtiff 6.9
CVE:CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.)
Original documentdocumentzgmzgm_(at)_mail.ustc.edu.cn, Buffer overflow in libtiff in Imagemagick (23.03.2011)
 documentZDI, ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability (23.03.2011)

Linux kernel multiple security vulnerabilities
Published:23.03.2011
Source:
SecurityVulns ID:11523
Type:local
Threat Level:
5/10
Description:Privilege escalation, multiple information leaks.
Affected:LINUX : kernel 2.6
CVE:CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.)
 CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.)
 CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865.)
 CVE-2010-4163 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.)
 CVE-2010-4162 (Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.)
 CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.)
 CVE-2010-4077 (The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.)
 CVE-2010-4076 (The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.)
Original documentdocumentTimo Warns, [PRE-SA-2011-02] Information disclosure vulnerability in the OSF partition handling code of the Linux kernel (23.03.2011)
 documentUBUNTU, [USN-1089-1] Linux kernel vulnerabilities (23.03.2011)

RealPlayer buffer overflow
Published:23.03.2011
Source:
SecurityVulns ID:11524
Type:client
Threat Level:
7/10
Description:Buffer overflow on IVR files parsing.
Affected:REAL : RealPlayer 14.0
Original documentdocumentLuigi Auriemma, Heap overflow in RealPlayer 14.0.1.633 (23.03.2011)
Files:RealPlayer IVR buffer overflow PoC

libvirt protection bypass
Published:23.03.2011
Source:
SecurityVulns ID:11525
Type:library
Threat Level:
5/10
Affected:LINUX : kernel 2.6
CVE:CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2194-1] libvirt security update (23.03.2011)

libcgroup security vulnerabilities
Published:23.03.2011
Source:
SecurityVulns ID:11527
Type:library
Threat Level:
6/10
Description:Buffer overflow, privilege escalation.
CVE:CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.)
 CVE-2011-1006 (Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2193-1] libcgroup security update (23.03.2011)

Symantec LiveUpdate Administrator crossite request forgery
Published:23.03.2011
Source:
SecurityVulns ID:11519
Type:remote
Threat Level:
5/10
Description:Crossite request forgery in administration web interface.
Affected:SYMANTEC : LiveUpdate Administrator 2.2
CVE:CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts, and possibly have unspecified other impact, via the userRole parameter.)
Original documentdocumentNSO Research, NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability (23.03.2011)

Apple Mac OS X multiple security vulnerabilities
Published:23.03.2011
Source:
SecurityVulns ID:11518
Type:library
Threat Level:
8/10
Description:Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation.
Affected:APPLE : MacOS X 10.6
CVE:CVE-2011-1417 (Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.)
 CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.)
 CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.)
 CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.)
 CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.)
 CVE-2011-0191 (Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.)
 CVE-2011-0190 (Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.)
 CVE-2011-0189 (The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.)
 CVE-2011-0188 (The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue.")
 CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.)
 CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.)
 CVE-2011-0184 (QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.)
 CVE-2011-0183 (Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue.")
 CVE-2011-0182 (The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.)
 CVE-2011-0181 (Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.)
 CVE-2011-0180 (Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.)
 CVE-2011-0179 (CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.)
 CVE-2011-0178 (The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.)
 CVE-2011-0177 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.)
 CVE-2011-0176 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.)
 CVE-2011-0175 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.)
 CVE-2011-0174 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.)
 CVE-2011-0173 (Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.)
 CVE-2011-0172 (AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.)
 CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.)
 CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.)
 CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.)
 CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.)
 CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.)
 CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396.")
 CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2010-4021 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue.")
 CVE-2010-4020 (MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.)
 CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.)
 CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.)
 CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.)
 CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.)
 CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.)
 CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.)
 CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string.)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.)
 CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.)
 CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.)
 CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.)
 CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.)
 CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.)
 CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.)
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.)
 CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.)
 CVE-2010-1324 (MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.)
 CVE-2010-1323 (MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.)
 CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.)
 CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.)
 CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.)
Original documentdocumentIDEFENSE, NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow (23.03.2011)
 documentIDEFENSE, iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability (23.03.2011)
 document[email protected], NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows (23.03.2011)
 documentZDI, ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability (23.03.2011)
 documentZDI, ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability (23.03.2011)
 documentVSR Advisories, Apple HFS+ Information Disclosure Vulnerability (23.03.2011)
 documentAPPLE, About the security content of Mac OS X v10.6.7 and Security Update 2011-001 (23.03.2011)

Asterisk DoS
Published:23.03.2011
Source:
SecurityVulns ID:11526
Type:remote
Threat Level:
5/10
Description:Connection flood leads to resources exhaustion.
Affected:ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
Original documentdocumentASTERISK, AST-2011-004: (23.03.2011)
 documentASTERISK, AST-2011-003: (23.03.2011)

Progea Movicon TCPUploadServer unauthorized access
Published:23.03.2011
Source:
SecurityVulns ID:11528
Type:remote
Threat Level:
5/10
Description:It's possible to upload and execute file to arbitrary location.
Original documentdocumentJeremy Brown, rogea Movicon TCPUploadServer Remote Exploit (23.03.2011)
Files:Progea Movicon TCPUploadServer Remote Exploit

IGSS ODBC Server uninitialized pointer free()
Published:23.03.2011
Source:
SecurityVulns ID:11529
Type:remote
Threat Level:
5/10
Description:Multiple uninitialized pointer dereference conditions.
Original documentdocumentJeremy Brown, IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS (23.03.2011)
Files:IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS

HP Client Automation code execution
updated since 15.03.2011
Published:23.03.2011
Source:
SecurityVulns ID:11500
Type:remote
Threat Level:
5/10
Description:Code execution with radexecd.exe (TCP/3465).
CVE:CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentZDI, ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability (23.03.2011)
 documentHP, [security bulletin] HPSBMA02644 SSRT100284 rev.1 - HP Client Automation Enterprise (HPCA) Running on Windows, Remote Execution of Arbitrary Code (15.03.2011)

Novell Netware FTP server buffer overflow
updated since 31.03.2010
Published:23.03.2011
Source:
SecurityVulns ID:10727
Type:remote
Threat Level:
6/10
Description:rmdir/mkdir/dele commands buffer overflow.
Affected:NOVELL : Netware 6.5
CVE:CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.)
 CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.)
Original documentdocumentZDI, ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability (23.03.2011)
 documentZDI, ZDI-10-062: Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities (06.04.2010)
 documentFrancis Provencher, {PRL} Novell Netware FTP Remote Stack Overflow (31.03.2010)

Advantech BroadWin WebAccess multiple security vulnerabilities
Published:23.03.2011
Source:
SecurityVulns ID:11516
Type:remote
Threat Level:
6/10
Description:Code execution, information leak from TCP/4592 RPC-based service.
Original documentdocumentReversemode, SCADA Trojans: Attacking the Grid + Advantech vulnerabilities (23.03.2011)
Files:Advantec/BroadWin SCADA WebAccess 7.0 Network Service RPC Party Exploit
 SCADA Trojans: Attacking the Grid

Comodo issued fraudlent certificates
updated since 23.03.2011
Published:29.03.2011
Source:
SecurityVulns ID:11530
Type:m-i-t-m
Threat Level:
7/10
Description:login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org "Global Trustee" certificates were issued to untrusted third party.
Original documentdocumentDEBIAN, [SECURITY] [DSA 2203-1] nss security update (29.03.2011)
Files:Microsoft Security Advisory (2524375) Fraudulent Digital Certificates Could Allow Spoofing

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod