 |
|
|
|
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 25.02.2010 | | Source: |  | | | SecurityVulns ID: |  | 10642 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Xerox WorkCentre printers backdoor | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10644 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple administration pages are available without authentication. |
| Avast! antiviral applications memory corruption | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10648 | | Type: | | local | | Level: | | 5/10 | | Description: | | Memory corruption on IOCTL processing in aavmker4.sys. |
| Symantec multiple antiviral applications buffer overflow | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10650 | | Type: | | client | | Level: | | 8/10 | | Description: | | Buffer overflow on content parsing. Buffer overflow in ActiveX. |
| Kojoney DoS | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10652 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Insufficient URL filtering in curl and wget emulation allows access to local files and devices, causing memory exhaustion. |
| squid proxy server DoS | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10641 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on HTCP packets processing. |
| Affected: |  | SQUID : squid 3.0 | | CVE: |  | CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.) |
| Linux kernel privilege escalation | | Published: | | 25.02.2010 | | Source: | | CVE | | SecurityVulns ID: | | 10643 | | Type: | | local | | Level: | | 5/10 | | Description: | | Privilege escalation with wake_futex_pi function. |
| Affected: | | LINUX : kernel 2.6 | | CVE: | | CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space.) |
| Bournal information leak | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10645 | | Type: | | local | | Level: | | 4/10 | | Description: | | Command line paramters including encryption key are visible in processes list. Insecure temporary files creation. |
| Affected: | | BOURNAL : Bournal 1.4 | | CVE: | | CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing.") |
| EMC HomeBase Server directory traversal | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10646 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Directory traversal via SSL services. |
| Affected: | | EMC : HomeBase Server 6.2 | | | | EMC : HomeBase Server 6.3 | | CVE: | | CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.) |
| Adobe multiple server application information leak | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10649 | | Type: | | remote | | Level: | | 8/10 | | Description: | | It's possible to access loca files by AMFX request with XML External Entities. |
| Affected: | | ADOBE : BlazeDS 3.2 | | | | ADOBE : LiveCycle Data Services ES2 3.0 | | | | ADOBE : ColdFusion 9.0 | | CVE: | | CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.) |
Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
updated since 19.02.2010 | | Published: | | 25.02.2010 | | Source: | | MOZILLA | | SecurityVulns ID: | | 10631 | | Type: | | client | | Level: | | 8/10 | | Description: | | Multiple memory corruptions, use-after-free, crossite scripting. |
| Affected: | | MOZILLA : SeaMonkey 2.0 | | | | MOZILLA : Firefox 3.0 | | | | MOZILLA : Firefox 3.5 | | | | MOZILLA : Firefox 3.6 | | | | MOZILLA : Thunderbird 3.0 | | CVE: | | CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.) | | | | CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.) | | | | CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.) | | | | CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.) | | | | CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.) |
| Novell NetStorage buffer overflow | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10653 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Heap buffer overflow on file request processing. |
Apache Tomcat crossite scripting
updated since 04.06.2008 | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9044 | | Type: | | remote | | Level: | | 5/10 | | Description: | | host-manager username crossite scripting. |
CA eHealth Performance Manager crossite scripting
updated since 25.02.2010 | | Published: | | 25.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10647 | | Type: | | remote | | Level: | | 5/10 |
| CVE: | | CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.) |
getPlus ActiveX code execution
updated since 25.02.2010 | | Published: | | 01.03.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10654 | | Type: | | client | | Level: | | 6/10 | | Description: | | Insufficient validation of domain name. |
| CVE: | | CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.) |
Easy FTP Server buffer overflow
updated since 25.02.2010 | | Published: | | 17.08.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10651 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized CWD, DELE, STOR, RNFR, RMD, XRMD command. |
|
|
|
|
|
|
|
|
