Computer Security
[EN] securityvulns.ru no-pyccku


Sun Java JRE / JDK / Web Start multiple security vulnerabilities
updated since 04.12.2008
Published:23.04.2009
Source:
SecurityVulns ID:9483
Type:library
Threat Level:
9/10
Description:JNLP may overwrite system properties java.home java.ext.dirs user.home Heap overflow and integer overflow on TrueType fonts parsing, memory corruption on GIF parsing, integer overflow on Pack200 decompression. Multiple sendbox protection bypass vulnerabilities.
Affected:SUN : JRE 1.6
 ORACLE : OpenJDK 6
CVE:CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.)
 CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.)
 CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.)
 CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.)
 CVE-2008-5353 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets and applications to gain privileges via unknown vectors related to "deserializing calendar objects.")
 CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.)
 CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.)
 CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.)
 CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.)
 CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.)
 CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.)
 CVE-2008-2086
Original documentdocumentThierry Zoller, [TZO-12-2009] SUN / Oracle JVM Remote code execution (23.04.2009)
 documentUBUNTU, [USN-713-1] openjdk-6 vulnerabilities (31.01.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA08-340A -- Sun Java Updates for Multiple Vulnerabilities (10.12.2008)
 documentZDI, ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities (09.12.2008)
 documentZDI, ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java Web Start GIF Decoding Memory Corruption Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability (09.12.2008)
 documentVSR Advisories, [Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override (04.12.2008)

HP Storage Essentials unauthorized access
Published:23.04.2009
Source:
SecurityVulns ID:9866
Type:remote
Threat Level:
5/10
Description:Secure NaviCLI unauthorized access.
Affected:HP : HP Storage Essentials 6.0
CVE:CVE-2009-0715 (Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain "access" or "extended privileges" via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02414 SSRT080185 rev.1 - HP Storage Essentials Running Secure NaviCLI, Remote Unauthorized Access, Gain Extended Privileges (23.04.2009)

HP StorageWorks Storage Mirroring multiple security vulnerabilities
Published:23.04.2009
Source:
SecurityVulns ID:9867
Type:remote
Threat Level:
6/10
Description:Memory corruptions, unauthorized access, DoS.
Affected:HP : StorageWorks Storage Mirroring 5.1
CVE:CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2009-0717 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service via unknown vectors.)
 CVE-2009-0716 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 before 5.1.1.1090.15 allows remote attackers to cause a denial of service or obtain "access" via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02422 SSRT080146 rev.1 - HP StorageWorks Storage Mirroring, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access (23.04.2009)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:23.04.2009
Source:
SecurityVulns ID:9868
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MAHARA : mahara 1.0
 MIXEDCMS : Mixed CMS 1.0
 SUN : Delegated Administrator 6.4
 FOWLCMS : FOWLCMS 1.1
CVE:CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.)
Original documentdocumenty3nh4ck3r_(at)_gmail.com, FOWLCMS 1.1--Multiple Remote Vulnerabilities--> (23.04.2009)
 documentDSecRG, SAP Cfolders Multiple Linked XSS Vulnerabilities (23.04.2009)
 documentDSecRG, SAP Cfolders Multiple Stored XSS Vulnerabilies (23.04.2009)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0114 - HTTP Response Splitting vulnerability in Sun Delegated Administrator (23.04.2009)
 documenty3nh4ck3r_(at)_gmail.com, MixedCMS 1.0--Multiple Remote Vulnerabilities--> (23.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1778-1] New mahara packages fix cross-site scripting (23.04.2009)

Mozilla Firefox / Seamonkey multiple security vulnerabilities
updated since 23.04.2009
Published:28.04.2009
Source:
SecurityVulns ID:9869
Type:remote
Threat Level:
7/10
Description:Memory corruption, same policy origin violation, crossite scripting.
Affected:MOZILLA : Seamonkey 1.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : Firefox 3.0
CVE:CVE-2009-1313 (The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.)
 CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header.)
 CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.)
 CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.)
 CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.)
 CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.)
 CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.)
 CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.)
 CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.)
 CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.)
 CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.)
 CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.)
 CVE-2009-0652 (Mozilla Firefox 3.0.6 does not properly prevent the literal rendering of homoglyph characters in IDN domain names, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.)
Original documentdocumentMOZILLA, Mozilla Foundation Security Advisory 2009-23 (28.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-14 (23.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-15 (23.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-16 (23.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-17 (23.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-18 (23.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-19 (23.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-20 (23.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-21 (23.04.2009)
 documentMOZILLA, Mozilla Foundation Security Advisory 2009-22 (23.04.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod