Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.04.2010
Published:26.04.2010
Source:
SecurityVulns ID:10788
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 APACHE : ActiveMQ 5.3
 DLE : Переходы 6.9
 OPENFONCIER : Openfoncier 2.00
 OPENPLANNING : Openplanning 1.00
 OPENPRESSE : Openpresse 1.01
 INPORTAL : In-portal 5.0
 OPENCOMINTERNE : OpenCominterne 1.01
 OPENCOURIER : Opencourrier 2.03
 APACHE : ActiveMQ 5.4
 SMODCMS : SmodCMS 4.07
 POWEREASY : PowerEasy 2006
 MADRISH : Madirish Webmail 2.01
Original documentdocumenteidelweiss, Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability (26.04.2010)
 documentlis cker, A XSS in User_ChkLogin.asp of PowerEasy 2006 (26.04.2010)
 documenteidelweiss, SmodCMS 'config.php' Arbitrary File Upload Vulnerability (26.04.2010)
 documenteidelweiss, phpegasus 'config.php' Arbitrary File Upload Vulnerability (26.04.2010)
 documentDEBIAN, [SECURITY] [DSA 2039-1] New cacti packages fix missing input sanitising (26.04.2010)
 documentSecPod Research, Apache ActiveMQ is prone to source code disclosure vulnerability. (26.04.2010)
 documentInj3ct0r.com, Opencourrier 2.03beta (RFI/LFI) Multiple File Include Vulnerability (26.04.2010)
 documentInj3ct0r.com, OpenCominterne 1.01 Local File Include Vulnerability (26.04.2010)
 documentmd.r00t.defacer_(at)_gmail.com, In-portal 5.0.3 Remote Arbitrary File Upload Exploit (26.04.2010)
 documentMustLive, Vulnerability in Referer for DataLife Engine (26.04.2010)
 documentmd.r00t.defacer_(at)_gmail.com, IWD Group SQL Injection Vulnerabilities (26.04.2010)
 documentInj3ct0r.com, Openpresse 1.01 Local File Include Vulnerability (26.04.2010)
 documentInj3ct0r.com, Openplanning 1.00 (RFI/LFI) Multiple File Include Vulnerability (26.04.2010)
 documentInj3ct0r.com, Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability (26.04.2010)
 documentMustLive, Cross-Site Scripting уязвимость в Переходы для DataLife Engine (26.04.2010)

HP Virtual Machine Manager unauthorized access
Published:26.04.2010
Source:
SecurityVulns ID:10791
Type:remote
Threat Level:
6/10
CVE:CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VMM) before 6.0 allow remote authenticated users to execute arbitrary code via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02494 SSRT090168 rev.1 - HP Virtual Machine Manager (VMM) for Windows, Remote Unauthorized Access, Privilege Elevation (26.04.2010)

ClamAV memory corruption
Published:26.04.2010
Source:
SecurityVulns ID:10792
Type:remote
Threat Level:
5/10
Description:Memory corruption on CAB files parsing.
Affected:CLAMAV : ClamAV 0.95
CVE:CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:082 ] clamav (26.04.2010)

HP Operations Manager code execution
Published:26.04.2010
Source:
SecurityVulns ID:10793
Type:remote
Threat Level:
5/10
Affected:HP : HP Operations Manager 8.10
 HP : HP Operations Manager 8.16
 HP : HP Operations Manager 7.5
CVE:CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.)
Original documentdocumentHP, [security bulletin] HPSBMA02491 SSRT100060 rev.1 - HP Operations Manager for Windows, Remote Execution of Arbitrary Code (26.04.2010)

HP-UX DoS
Published:26.04.2010
Source:
SecurityVulns ID:10794
Type:remote
Threat Level:
5/10
Affected:HP : HP-UX 11.11
CVE:CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02518 SSRT100051 rev.1 - HP-UX, Local Denial of Service (DoS) (26.04.2010)

CompleteFTP DoS
Published:26.04.2010
Source:
SecurityVulns ID:10796
Type:remote
Threat Level:
5/10
Description:Memory leak during authentication.
Original documentdocumentMehdi Mahdjoub - Sysdream IT Security Services, CompleteFTP v3.3.0 - Remote Memory Consumption DoS (26.04.2010)
Files:CompleteFTP v3.3.0 - Remote Memory Consumption DoS

WinMount buffer overflow
Published:26.04.2010
Source:
SecurityVulns ID:10797
Type:local
Threat Level:
4/10
Description:Buffer overflow on oversized file names inside archive.
Affected:WINMOUNT : WinMount 3.3
Original documentdocumentlilf, WinMount MOU File Handling Overflow Vulnerability (26.04.2010)

Apache mod_auth_shadow authentication bypass
Published:26.04.2010
Source:
SecurityVulns ID:10798
Type:remote
Threat Level:
7/10
Description:Race conditions allow to bypass username/password check.
Affected:APACHE : mod_auth_shadow 2.2
CVE:CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:081 ] apache-mod_auth_shadow (26.04.2010)

AgentX++ library / Helix Server multiple security vulnerabilities
updated since 26.04.2010
Published:29.04.2010
Source:
SecurityVulns ID:10795
Type:library
Threat Level:
7/10
Description:Integer overflow, buffer overflow.
Affected:AGENTPP : AgentX++ 1.4
 REAL : Helix Server 12
CVE:CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.)
 CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.)
Original documentdocumentREAL, Security Update for Helix Server and Helix Mobile Server (29.04.2010)
 documentZDI, ZDI-10-079: Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability (29.04.2010)
 documentIDEFENSE, iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Stack Buffer Overflow Vulnerability (26.04.2010)

Novell ZENworks directory traversal
updated since 26.04.2010
Published:30.04.2010
Source:
SecurityVulns ID:10789
Type:remote
Threat Level:
7/10
Description:UploadServlet directory traversal.
Affected:NOVELL : ZENworks 10
Original documentdocumenttu canal amigo, PoC for ZDI-10-078 (30.04.2010)
 documentZDI, ZDI-10-078: Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability (26.04.2010)

HP System Management Homepage multiple security vulnerabilities
updated since 26.04.2010
Published:20.05.2010
Source:
SecurityVulns ID:10790
Type:remote
Threat Level:
5/10
Description:Crossite scripting, DoS, unauthorized access, code execution.
Affected:HP : HP System Management Homepage 6.0
CVE:CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.)
 CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.)
 CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug.")
 CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.)
 CVE-2009-1379 (Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.)
 CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak.")
 CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug.")
 CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.)
 CVE-2008-5557 (Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.)
 CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.)
 CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.)
Original documentdocumentHP, [security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS) (20.05.2010)
 documentHP, [security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access (26.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod