Computer Security
[EN] securityvulns.ru no-pyccku


Cisco IOS multiple security vulnerabilities
updated since 23.09.2009
Published:24.09.2009
Source:
SecurityVulns ID:10258
Type:remote
Threat Level:
8/10
Description:Multiple DoS conditions, restriction bypass.
Affected:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : IOS XE 2.1
 CISCO : IOS XE 2.2
 CISCO : IOS XE 2.3
 CISCO : IOS XE 2.4
CVE:CVE-2009-2871 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sessions, SSH sessions, or IKE encrypted nonces are enabled, allows remote attackers to cause a denial of service (device reload) via a crafted encrypted packet, aka Bug ID CSCsq24002.)
 CVE-2009-2870 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880.)
 CVE-2009-2869 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.)
 CVE-2009-2868 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certificate-based authentication is enabled for IKE, allows remote attackers to cause a denial of service (Phase 1 SA exhaustion) via crafted requests, aka Bug IDs CSCsy07555 and CSCee72997.)
 CVE-2009-2867 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP transit packet, aka Bug ID CSCsr18691.)
 CVE-2009-2866 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet, aka Bug ID CSCsz38104.)
 CVE-2009-2862 (The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Express Vulnerability (24.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Zone-Based Policy Firewall Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Object-group Access Control List Bypass Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software H.323 Denial of Service Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability (23.09.2009)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Network Time Protocol Packet Vulnerability (23.09.2009)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.09.2009
Published:24.09.2009
Source:
SecurityVulns ID:10263
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:E107 : e107 0.7
Original documentdocumentcrashbrz_(at)_gmail.com, Engeman - SQL Injection Vulnerability (vendor url erratum) (24.09.2009)
 documentMustLive, Cross-Site Scripting vulnerability in E107 (24.09.2009)

newt library memory corruption
Published:24.09.2009
Source:
SecurityVulns ID:10264
Type:library
Threat Level:
5/10
Description:Memory corruption on text field parsing.
Affected:NEWT : newt 0.52
CVE:CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.)
Original documentdocumentUBUNTU, [USN-837-1] Newt vulnerability (24.09.2009)

Sun Solarsi dmispd DoS
Published:24.09.2009
Source:
SecurityVulns ID:10265
Type:remote
Threat Level:
5/10
Description:Resource exhaustion in RPC-based service.
Affected:ORACLE : Solaris 10
Original documentdocumentJeremy Brown, Sun Solaris 10 RPC dmispd Remote Resource Consumption Exploit (24.09.2009)
Files:Sun Solaris 10 RPC dmispd Remote Resource Consumption Exploit

glib library privilege escalation
Published:24.09.2009
Source:
SecurityVulns ID:10266
Type:library
Threat Level:
5/10
Description:g_file_copy function sets symbolic link's permission if source file is copied by symbolic link.
CVE:CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:245 ] glib2.0 (24.09.2009)

Adobe Robohelp unauthorized access
Published:24.09.2009
Source:
SecurityVulns ID:10267
Type:remote
Threat Level:
6/10
Description:File upload and execution is possible for TCP/8080 Web server.
CVE:CVE-2009-3068 (Unspecified vulnerability in Adobe RoboHelp Server 8 might allow remote attackers to execute arbitrary code via unknown vectors, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11, related to a "remote pre-authentication exploit.")
Original documentdocumentZDI, ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability (24.09.2009)

Cisco Unified Communications Manager DoS
Published:24.09.2009
Source:
SecurityVulns ID:10268
Type:remote
Threat Level:
6/10
Description:Crash on SIP request handling.
Affected:CISCO : Unified Communications Manager 5.1
 CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.1
CVE:CVE-2009-2864 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability (24.09.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod