Computer Security
[EN] securityvulns.ru no-pyccku


changetrack shell characters vulnerability
Published:23.09.2009
Source:
SecurityVulns ID:10254
Type:local
Threat Level:
5/10
Description:Shell characters vulnerability via filenames.
Affected:CHANGETRACK : changetrack 4.3
CVE:CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1891-1] New changetrack packages fix arbitrary code execution (23.09.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 23.09.2009
Published:23.09.2009
Source:
SecurityVulns ID:10255
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MOZILO : moziloCMS 1.10
 OSSIM : Open Source Security Information Management 2.1
Original documentdocumentCrAzY_CrAcKeR_(at)_hotmail.com, cour supreme 'index.php' SQL Injection & Local File Include Vulnerability (23.09.2009)
 documentDigital Security Research Group [DSecRG], [DSECRG-09-055] OSSIM 2.1 - Multiple security vulnerabilities (23.09.2009)
 documentdavid_(at)_majorsecurity.info, [MajorSecurity Advisory #55]moziloCMS - Directory Traversal, Cross Site Scripting and Session Fixation Issues (23.09.2009)

Check Point Connectra crossite scripting
Published:23.09.2009
Source:
SecurityVulns ID:10256
Type:remote
Threat Level:
5/10
Description:/Login/Login crossite scripting.
Affected:CHECKPOINT : Connectra R62
Original documentdocumentStefan Friedli, [scip_Advisory 4020] Check Point Connectra R62 Login Script Injection Vulnerability (23.09.2009)

nginx directory traversal
Published:23.09.2009
Source:
SecurityVulns ID:10257
Type:remote
Threat Level:
5/10
Description:Directory traversal with webdav enabled.
Affected:NGINX : nginx 0.7
Original documentdocumentKingcope Kingcope, nginx - low risk webdav destination bug (23.09.2009)

Xfig symbolic links vulnerability
Published:23.09.2009
Source:
SecurityVulns ID:10259
Type:local
Threat Level:
5/10
Description:Different files are created in insecure manner.
Affected:XFIG : Xfig 3.2
CVE:CVE-2009-1962 (Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:244 ] xfig (23.09.2009)

Avast Antivirus privilege esclalation
Published:23.09.2009
Source:
SecurityVulns ID:10260
Type:local
Threat Level:
5/10
Description:Memory corruption on IOCTL processing.
Affected:AVAST : Avast antivirus 4.8
Original documentdocumentcontact.fingers_(at)_gmail.com, Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation. (23.09.2009)

HP Procurve IDM privilege escalation
Published:23.09.2009
Source:
SecurityVulns ID:10261
Type:local
Threat Level:
5/10
Affected:HP : Procurve IDM A.02.03
 HP : Procurve IDM A.03.00
Original documentdocumentHP, [security bulletin] HPSBGN02441 SSRT090082 rev.1 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access (23.09.2009)

HP-UX Role-Based Access Control privilege escalation
Published:23.09.2009
Source:
SecurityVulns ID:10262
Type:local
Threat Level:
5/10
Affected:HP : HP-UX 11.23
 HP : HP-UX 11.31
CVE:CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02457 SSRT090174 rev.1 - HP-UX Running Role-Based Access Control (RBAC), Local Unauthorized Access (23.09.2009)

squid proxy DoS
updated since 10.08.2009
Published:23.09.2009
Source:
SecurityVulns ID:10135
Type:remote
Threat Level:
6/10
Description:Crash on request or response headers parsing.
Affected:SQUID : squid 3.0
 SQUID : Squid 2.7
 SQUID : squid 3.1
CVE:CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.)
 CVE-2009-2622 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.)
 CVE-2009-2621 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:241 ] squid (23.09.2009)
 documentMANDRIVA, [ MDVSA-2009:161-1 ] squid (10.08.2009)

Cisco IOS multiple security vulnerabilities
updated since 23.09.2009
Published:24.09.2009
Source:
SecurityVulns ID:10258
Type:remote
Threat Level:
8/10
Description:Multiple DoS conditions, restriction bypass.
Affected:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : IOS XE 2.1
 CISCO : IOS XE 2.2
 CISCO : IOS XE 2.3
 CISCO : IOS XE 2.4
CVE:CVE-2009-2871 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.)
 CVE-2009-2870 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880.)
 CVE-2009-2869 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.)
 CVE-2009-2868 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.)
 CVE-2009-2867 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP transit packet, aka Bug ID CSCsr18691.)
 CVE-2009-2866 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104.)
 CVE-2009-2862 (The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability (24.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability (23.09.2009)

Apache mod_proxy_ftp multiple security vulnerabilities
updated since 23.09.2009
Published:31.03.2010
Source:
SecurityVulns ID:10253
Type:remote
Threat Level:
6/10
Description:Denial of service, restrictions bypass.
Affected:APACHE : Apache 2.0
 APACHE : Apache 2.2
 HP : HP Secure Web Server 2.1
CVE:CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.)
 CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.)
Original documentdocumentHP, [security bulletin] HPSBOV02506 SSRT090244 rev.1 - HP Secure Web Server for OpenVMS (based on Apache) CSWS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification of Information (31.03.2010)
 documentMANDRIVA, [ MDVSA-2009:240 ] apache (23.09.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod