Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat multiple security vulnerabilities
Published:26.01.2010
Source:
SecurityVulns ID:10550
Type:local
Threat Level:
4/10
Description:Files deletion, weak permissions after re-installation.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.)
 CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.)
Original documentdocumentAPACHE, [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy (26.01.2010)
 documentAPACHE, [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory (26.01.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.01.2010
Source:
SecurityVulns ID:10551
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CKEDITOR : CKEditor 3.0
 SILVERSTRIPE : SilverStripe 2.3
 PUBLIQUE : Publique! 2.3
CVE:CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.)
Original documentdocumentChris Travers, FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities (26.01.2010)
 documentChristophe dlf, Publique! CMS SQL Injection Vulnerabilities (26.01.2010)
 documentMoritz Naumann, Silverstripe <= v2.3.4: two XSS vulnerabilities (26.01.2010)
 documentMustLive, New vulnerability in CKEditor (26.01.2010)

Files2links F2L-3000 SQL injection
Published:26.01.2010
Source:
SecurityVulns ID:10552
Type:remote
Threat Level:
5/10
Description:SQL injection on authentication page.
Affected:FILES2LINKS : F2L 3000
Original documentdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2009-27 F2L-3000 files2links SQL Injection Vulnerability (26.01.2010)

Microsoft Windows kernel privilege escalation
Published:26.01.2010
Source:
SecurityVulns ID:10553
Type:local
Threat Level:
8/10
Description:Invalid exception handling in #GP trap handler allows ring0 privilege escalation
CVE:CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability.")
Original documentdocumentTavis Ormandy, Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack (26.01.2010)

Novell ZENworks Asset Management SQL injection
Published:26.01.2010
Source:
SecurityVulns ID:10554
Type:remote
Threat Level:
5/10
Description:SQL injection via docfiledownload parameter.
Original documentdocumentZDI, ZDI-10-003: Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability (26.01.2010)

Safari DoS
Published:26.01.2010
Source:
SecurityVulns ID:10555
Type:client
Threat Level:
3/10
Description:Allocating large amount of memory with Javascript causes NULL pointer dereference.
Affected:APPLE : Safari 4.0
Original documentdocumentsystemx00_(at)_gmail.com, Safari 4.0.4 Crash (26.01.2010)

GNU coreutils symbolic links vulnerability
Published:26.01.2010
Source:
SecurityVulns ID:10556
Type:local
Threat Level:
4/10
Description:Symbolic links vulnerability on temporary files creation in dist-check.mk
Affected:GNU : coreutils 5.2
CVE:CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:024 ] coreutils (26.01.2010)

Google Chrome memory corruption
Published:26.01.2010
Source:
SecurityVulns ID:10557
Type:client
Threat Level:
6/10
Description:Use-after-free on blocked pop-up windows processing.
Affected:GOOGLE : Chrome 3.0
Original documentdocumentSECUNIA, Secunia Research: Google Chrome Pop-Up Block Menu Handling Vulnerability (26.01.2010)

TheGreenBow VPN Client privilege escalation
updated since 18.08.2009
Published:26.01.2010
Source:
SecurityVulns ID:10160
Type:local
Threat Level:
5/10
Description:Buffer overflow on IOCTL processing in tgbvpn.sys.
Affected:THEGREENBOW : TheGreenBow VPN Client 4.61
Original documentdocumentists_(at)_senseofsecurity.com.au, TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001 (26.01.2010)
 documentcontact.fingers_(at)_gmail.com, TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local (18.08.2009)

Internet Explorer memory corruption
updated since 22.11.2009
Published:26.01.2010
Source:
SecurityVulns ID:10416
Type:client
Threat Level:
9/10
Description:Memory corruption then setting outerHTML from body style.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
Original documentdocumentinfo_(at)_securitylab.ir, Microsoft IE 6&7 Crash Exploit (26.01.2010)
 documentds.adv.pub_(at)_gmail.com, Some more details on IE STYLE zero-day (01.12.2009)
 documentds.adv.pub_(at)_gmail.com, Code to mitigate IE STYLE zero-day (24.11.2009)
 documentinfo_(at)_securitylab.ir, IE7 (22.11.2009)
Files:Microsoft Internet Explorer outerHTML exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod