Computer Security
[EN] securityvulns.ru no-pyccku


AT-TFTP DoS
Published:26.04.2011
Source:
SecurityVulns ID:11623
Type:remote
Threat Level:
4/10
Description:Crash if no acknowledgment is recevied after file is retrieved.
Affected:AT-TFTP Server 1.8
Original documentdocumentSecPod Research, AT-TFTP Server Remote Denial of Service Vulnerability (26.04.2011)
Files:Exploit will crash AT-TFTP Server v1.8 Service

HP Insight Control multiple security vulnerabilities
Published:26.04.2011
Source:
SecurityVulns ID:11624
Type:remote
Threat Level:
5/10
Description:Privilege escalation, code execution, information leakage, DoS.
CVE:CVE-2011-1535 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux) before 6.3 allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.)
 CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.)
 CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability.")
 CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.)
 CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.)
Original documentdocumentHP, [security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS) (26.04.2011)

HP Proliant Support Pack multiple security vulneraebilities
Published:26.04.2011
Source:
SecurityVulns ID:11625
Type:remote
Threat Level:
5/10
Description:Crossite scripting, information leakage.
Affected:HP : Proliant Support Pack 8.6
CVE:CVE-2011-1539 (Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors.)
 CVE-2011-1538 (Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2011-1537 (Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure (26.04.2011)

HP System Management Homepage multiple security vulnerabilities
Published:26.04.2011
Source:
SecurityVulns ID:11626
Type:remote
Threat Level:
5/10
Description:Crossite scripting, code execution, DoS.
Affected:HP : HP System Management Homepage 6.2
CVE:CVE-2011-1541 (Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vectors.)
 CVE-2011-1540 (Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors.)
 CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).)
 CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.)
 CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.)
 CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.)
 CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.)
 CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.)
Original documentdocumentHP, [security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS) (26.04.2011)

HP Network Automation information leakage
Published:26.04.2011
Source:
SecurityVulns ID:11627
Type:remote
Threat Level:
5/10
Affected:HP : HP Network Automation 9.10
CVE:CVE-2011-1725 (Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure (26.04.2011)

Kaspersky administration Kit SMB relaying attack
Published:26.04.2011
Source:
SecurityVulns ID:11628
Type:m-i-t-m
Threat Level:
5/10
Description:Network is automatically scanned and hosts found are automatically connected via SMB with administrative permissions, making it possible SMB relaying attack.
Affected:KASPERSKY : Kaspersky Administration Kit 6.0
Original documentdocumentAlexandr Polyakov, [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay (26.04.2011)

Microsoft fixed SMB NTLM relay attacks
updated since 12.11.2008
Published:26.04.2011
Source:
SecurityVulns ID:9428
Type:m-i-t-m
Threat Level:
5/10
Description:Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.)
Original documentdocumentПоляков Александр, Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay (26.04.2011)
 documentПоляков Александр, Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay (26.04.2011)
 documentMICROSOFT, Microsoft Security Bulletin MS08-068 – Important Vulnerability in SMB Could Allow Remote Code Execution (957097) (12.11.2008)
Files:Microsoft Security Bulletin MS08-068 – Important Vulnerability in SMB Could Allow Remote Code Execution (957097)
 NTLM и корморативные сети / NTLM in Corporate Networks - in Russian

Asterisk security vulnerabilities
updated since 26.04.2011
Published:27.04.2011
Source:
SecurityVulns ID:11621
Type:remote
Threat Level:
6/10
Description:Privilege escalation DoS via resources exhaustion.
Affected:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
CVE:CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.)
Original documentdocumentASTERISK, AST-2011-005: File Descriptor Resource Exhaustion (27.04.2011)
 documentASTERISK, AST-2011-006: Asterisk Manager User Shell Access (26.04.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.04.2011
Published:27.04.2011
Source:
SecurityVulns ID:11622
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPLIST : phpList 2.10
 TIMTHUMB : TimThumb 1.24
 WEBMIN : Webmin 1.540
 AFFINITY : BuddyPress 1.2
 COTONI : Cotonti 0.9
 WORDPRESS : WP-Ajax-Recent-Posts 1.0
 Noah's Classifieds 5.0
CVE:CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue.)
 CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentMustLive, Code Execution в WordPress 2.5 - 3.1.1 (27.04.2011)
 documentJavier Bassi, XSS in Webmin 1.540 + exploit for privilege escalation (27.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22956: XSS vulnerabilities in phpList (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22957: XSRF (CSRF) in phpList (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22952: XSS vulnerabilities in Noah's Classifieds (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22953: XSS in Max's PHP Photo Album (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22954: Path disclousure in yappa-ng Photo Gallery (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22948: Path disclosure in Cotonti (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22955: Path disclosure in BuddyPress WordPress plugin (26.04.2011)
 documentHP, [security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection (26.04.2011)
 documentMustLive, Уязвимости во многих темах и компонентвх для Joomla (26.04.2011)
 documentJavier Bassi, XSS in Webmin 1.540 + exploit for privilege escalation (26.04.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod