Computer Security
[EN] securityvulns.ru no-pyccku


Xerox WorkCentre printers backdoor
Published:25.02.2010
Source:
SecurityVulns ID:10644
Type:remote
Threat Level:
5/10
Description:Multiple administration pages are available without authentication.
Affected:XEROX : WorkCentre 5665
 XEROX : WorkCentre 5675
 XEROX : WorkCentre 5687
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20100208-0 :: Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface (25.02.2010)

Avast! antiviral applications memory corruption
Published:25.02.2010
Source:
SecurityVulns ID:10648
Type:local
Threat Level:
5/10
Description:Memory corruption on IOCTL processing in aavmker4.sys.
Affected:AVAST : avast! 4.8
 AVAST : avast! 5.0
Original documentdocumenttk_(at)_trapkit.de, [TKADV2010-003] avast! 4.8 and 5.0 aavmker4.sys Kernel Memory Corruption (25.02.2010)

Symantec multiple antiviral applications buffer overflow
Published:25.02.2010
Source:
SecurityVulns ID:10650
Type:client
Threat Level:
8/10
Description:Buffer overflow on content parsing. Buffer overflow in ActiveX.
Affected:SYMANTEC : Symantec Client Security 3.0
 SYMANTEC : Symantec Client Security 3.1
 SYMANTEC : Norton Internet Security 2006
 SYMANTEC : Norton AntiVirus 2006
 SYMANTEC : Norton SystemWorks 2006
 SYMANTEC : Norton Internet Security 2008
 SYMANTEC : Norton 360 1.0
 SYMANTEC : Norton 360 2.0
 SYMANTEC : Norton Internet Security 2007
 SYMANTEC : Norton AntiVirus 2007
 SYMANTEC : Norton AntiVirus 2008
 SYMANTEC : Norton SystemWorks 2007
 SYMANTEC : Norton SystemWorks 2008
CVE:CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.)
 CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site.")
Original documentdocumentAlexandr Polyakov, [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow. (25.02.2010)
 documentVUPEN Security Research, VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability (25.02.2010)

Kojoney DoS
Published:25.02.2010
Source:
SecurityVulns ID:10652
Type:remote
Threat Level:
5/10
Description:Insufficient URL filtering in curl and wget emulation allows access to local files and devices, causing memory exhaustion.
Affected:KOJONEY : Kojoney 0.0
Original documentdocumentnicob_(at)_nicob.net, Kojoney (SSH honeypot) remote DoS (25.02.2010)

squid proxy server DoS
Published:25.02.2010
Source:
SecurityVulns ID:10641
Type:remote
Threat Level:
5/10
Description:Crash on HTCP packets processing.
Affected:SQUID : squid 3.0
CVE:CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.)

Bournal information leak
Published:25.02.2010
Source:
SecurityVulns ID:10645
Type:local
Threat Level:
4/10
Description:Command line paramters including encryption key are visible in processes list. Insecure temporary files creation.
Affected:BOURNAL : Bournal 1.4
CVE:CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing.")
Original documentdocumentSECUNIA, Secunia Research: Bournal Insecure Temporary Files Security Issue (25.02.2010)
 documentSECUNIA, Secunia Research: Bournal ccrypt Information Disclosure Security Issue (25.02.2010)

EMC HomeBase Server directory traversal
Published:25.02.2010
Source:
SecurityVulns ID:10646
Type:remote
Threat Level:
6/10
Description:Directory traversal via SSL services.
Affected:EMC : HomeBase Server 6.2
 EMC : HomeBase Server 6.3
CVE:CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.)
Original documentdocumentEMC, ESA-2010-003: EMC HomeBase Server Arbitrary File Upload Vulnerability (25.02.2010)
 documentZDI, ZDI-10-020: EMC HomeBase SSL Service Arbitrary File Upload Remote Code Execution Vulnerability (25.02.2010)

Adobe multiple server application information leak
Published:25.02.2010
Source:
SecurityVulns ID:10649
Type:remote
Threat Level:
8/10
Description:It's possible to access loca files by AMFX request with XML External Entities.
Affected:ADOBE : BlazeDS 3.2
 ADOBE : LiveCycle Data Services ES2 3.0
 ADOBE : ColdFusion 9.0
CVE:CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.)
Original documentdocumentRoberto Suggi, Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities (25.02.2010)

Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
updated since 19.02.2010
Published:25.02.2010
Source:
SecurityVulns ID:10631
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions, use-after-free, crossite scripting.
Affected:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.0
 MOZILLA : Firefox 3.5
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.0
CVE:CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.)
 CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.)
 CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.)
 CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.)
Original documentdocumentZDI, ZDI-10-019: Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability (25.02.2010)
 documentSECUNIA, Secunia Research: Mozilla Firefox Memory Corruption Vulnerability (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-05 (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-04 (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-03 (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-02 (19.02.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-01 (19.02.2010)

Novell NetStorage buffer overflow
Published:25.02.2010
Source:
SecurityVulns ID:10653
Type:remote
Threat Level:
8/10
Description:Heap buffer overflow on file request processing.
Original documentdocumentZDI, ZDI-10-021: Novell NetStorage xsrvd Long Pathname Remote Code Execution Vulnerability (25.02.2010)

Apache Tomcat crossite scripting
updated since 04.06.2008
Published:25.02.2010
Source:
SecurityVulns ID:9044
Type:remote
Threat Level:
5/10
Description:host-manager username crossite scripting.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 CA : CA Service Desk 12.1
CVE:CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.)
Original documentdocumentCA, CA20100222-01: Security Notice for CA Service Desk (25.02.2010)
 documentAPACHE, [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability (04.06.2008)

CA eHealth Performance Manager crossite scripting
updated since 25.02.2010
Published:25.02.2010
Source:
SecurityVulns ID:10647
Type:remote
Threat Level:
5/10
CVE:CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.)
Original documentdocumentCA, CA20100223-01: Security Notice for CA eHealth Performance Manager (25.02.2010)

Linux kernel privilege escalation
updated since 25.02.2010
Published:25.02.2010
Source:
SecurityVulns ID:10643
Type:local
Threat Level:
5/10
Description:Privilege escalation with wake_futex_pi function.
Affected:LINUX : kernel 2.6
CVE:CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space.)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.02.2010
Source:
SecurityVulns ID:10642
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MICROSOFT : SharePoint Server 2007
 SILVERSTRIPE : SilverStripe 2.3
 OFFICIALPORTAL : Official Portal 2007
 JQUERY : jQuery Validate 1.6
 ROUNDCUBE : Roundcube 0.3
CVE:CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.)
 CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading HTML documents.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:048 ] roundcubemail (25.02.2010)
 documentMaciej Gojny, SQL injection vulnerability in WebAdministrator Lite CMS (25.02.2010)
 documentCodeScan Labs, jQuery Validate 1.6.0 Demo Code Advisory (25.02.2010)
 documentOfer Maor, Hacktics Advisory Feb10: Persistent XSS in Microsoft SharePoint Portal (25.02.2010)
 documentinfo_(at)_securitylab.ir, Official Portal 2007 Multiple Vulnerabilities (25.02.2010)
 documentSupport TEAM, SQL injection vulnerability in LiveChatNow (25.02.2010)

getPlus ActiveX code execution
updated since 25.02.2010
Published:01.03.2010
Source:
SecurityVulns ID:10654
Type:client
Threat Level:
6/10
Description:Insufficient validation of domain name.
CVE:CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site.)
Original documentdocumentAkita Software Security, getPlus insufficient domain name validation vulnerability (01.03.2010)
 documentIDEFENSE, iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability (25.02.2010)

Easy FTP Server buffer overflow
updated since 25.02.2010
Published:17.08.2010
Source:
SecurityVulns ID:10651
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized CWD, DELE, STOR, RNFR, RMD, XRMD command.
Affected:EASYFTPSERVER : Easy FTP Server 1.7
Original documentdocumentglafkos_(at)_astalavista.com, Easy FTP Server v1.7.0.11 DELE, STOR, RNFR, RMD, XRMD Command Buffer Overflow (17.08.2010)
 documentjonbutler88_(at)_googlemail.com, Easy FTP Server 1.7.0.2 Remote BoF (25.02.2010)
Files:Exploits Easy FTP Server 1.7.0.2 Remote BoF
 Easy FTP Server v1.7.0.11 Multiple Command Buffer Overflow exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod