Computer Security
[EN] securityvulns.ru no-pyccku


Cisco VPN privileges escalation
Published:25.03.2011
Source:
SecurityVulns ID:11532
Type:local
Threat Level:
5/10
Description:Privilege escalation via Dial-Up Networking interface.
Affected:CISCO : Cisco VPN Client 5.0
Original documentdocument[email protected], NGS00051 Patch Notification: Cisco VPN Client Privilege Escalation (25.03.2011)
Files:Cisco Security Advisory: Local Privilege Escalation Vulnerabilities in Cisco VPN Client

EMC Data Protection Advisor Collector weak security permissions
Published:25.03.2011
Source:
SecurityVulns ID:11533
Type:local
Threat Level:
5/10
Description:Weak permissions for executable files.
Affected:EMC : EMC Data Protection Advisor Collector 5.7
CVE:CVE-2011-1420 (EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.)
Original documentdocumentEMC, ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability (25.03.2011)

Apache mpm_itk module privilege escalation
Published:25.03.2011
Source:
SecurityVulns ID:11534
Type:remote
Threat Level:
5/10
Description:Under some conditions, request is processed with root privileged.
Affected:MPMITK : mpm-itk 2.2
CVE:CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2202-1] apache2 security update (25.03.2011)

VLC media player security vulnerabilities
Published:25.03.2011
Source:
SecurityVulns ID:11535
Type:remote
Threat Level:
5/10
Description:Buffer overflow on .AMV and .NSV parsing.
CVE:CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.)
 CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0208: VLC Vulnerabilities handling .AMV and .NSV files (25.03.2011)

HP Virtual SAN Appliance buffer overflow
Published:25.03.2011
Source:
SecurityVulns ID:11536
Type:remote
Threat Level:
5/10
Description:Buffer overflow in hydra.exe (TCP/13838) authentication is unpatched for 180 days.
Original documentdocumentZDI, ZDI-11-111: (0Day) Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability (25.03.2011)

HP Data Protector integer overflow
Published:25.03.2011
Source:
SecurityVulns ID:11537
Type:remote
Threat Level:
6/10
Description:Data Protector Media Operations DBServer.exe (TCP/19813)integer overflow is unpatched for over 180 days.
Original documentdocumentZDI, ZDI-11-112: (0 day) Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability (25.03.2011)

SCADA service multiple security vulnerabilities
Published:25.03.2011
Source:
SecurityVulns ID:11538
Type:remote
Threat Level:
7/10
Description:Large number of different vulnerabilities in factory sofware.
Affected:SIEMENS : Tecnomatix FactoryLink 8.0
 ICONICS : GENESIS64 10.51
 IGSS : Interactive Graphical SCADA System 9.00
 DATAC : RealWin 2.1
Original documentdocumentLuigi Auriemma, Vulnerabilities in some SCADA server softwares (25.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod