Computer Security
[EN] securityvulns.ru no-pyccku


Apple iOS (iOS) security vulnerabilities
updated since 18.07.2011
Published:26.07.2011
Source:
SecurityVulns ID:11796
Type:client
Threat Level:
5/10
Description:Privilege escalation, code execution via PDF documents.
Affected:APPLE : Apple iOS 4.3
 APPLE : Apple iOS 4.2
CVE:CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.)
 CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.)
 CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.)
 CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.)
Original documentdocumentTrustwave Advisories, TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain (26.07.2011)
 documentAPPLE, APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone (26.07.2011)
 documentAPPLE, APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update (26.07.2011)
 documentAPPLE, APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone (18.07.2011)
 documentAPPLE, APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update (18.07.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.07.2011
Source:
SecurityVulns ID:11803
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPMYADMIN : phpMyAdmin 3.3
 MAPSERVER : mapserver 5.6
 PHPMYADMIN : phpMyAdmin 3.4
 VBULLETIN : Vbulletin 4.1
 JOOMLA : Joomla 1.7
 KOHA : Koha Library Software 3.2
 KOHA : Koha Library Software 3.4
 SITRACKER : Support Incident Tracker 3.63
CVE:CVE-2011-2704 (Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.)
 CVE-2011-2703 (Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2285-1] mapserver security update (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, PHP-Barcode 0.3pl1 Remote Code Execution (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Zones Web Solution (index.php?manufacturers_id) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Funnel Web (directory.php?cid) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Funnel Web (selected_product.php?t) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Funnel Web (pages.php?page) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Indonesia Web Design (link-directory.php?cid) (link-directory.php?pid) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, DotComEgypt (products.php?cat_id) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Precision (products.php?cat_id) Remote SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Lava (news_item.php?id) (album.php?id) (basket.php?baction) Remote SQL injection Vulnerability (26.07.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker (26.07.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-05] Cross-Site Scripting in Koha Library Software (26.07.2011)
 documentHigh-Tech Bridge Security Research, XSS in Tiki Wiki CMS Groupware (26.07.2011)
 documentfb1h2s Hack 2 Secure, Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability (26.07.2011)
 documentEhsan_Hp200_(at)_hotmail.com, CobraScripts (search_result.php?cid) Remote SQL injection Vulnerability (26.07.2011)
 documenth_(at)_xxor.se, phpMyAdmin 3.x Conditional Session Manipulation (26.07.2011)
 documentspamgoeshere_(at)_stevenroddis.com, phpBB AJAX Chat/Shoutbox MOD CSRF Vulnerability (26.07.2011)
 documentYGN Ethical Hacker Group, Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities (26.07.2011)

Likewise Open SQL injection
Published:26.07.2011
Source:
SecurityVulns ID:11804
Type:local
Threat Level:
5/10
Description:Privilege escalation is possible.
Affected:LIKEWISEOPEN : likewise-open 6.0
CVE:CVE-2011-2467 (SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.)
Original documentdocumentUBUNTU, [USN-1171-1] Likewise Open vulnerability (26.07.2011)

HTC Android devices directory traversal
Published:26.07.2011
Source:
SecurityVulns ID:11805
Type:remote
Threat Level:
5/10
Description:OBEX FTP bluetooth request directory traversal.
Affected:GOOGLE : Android 2.1
 GOOGLE : Android 2.2
Original documentdocumentalberto.morenot_(at)_gmail.com, HTC / Android OBEX FTP Service Directory Traversal Vulnerability (26.07.2011)

Elitecore Cyberoam UTM crossite scripting
Published:26.07.2011
Source:
SecurityVulns ID:11806
Type:remote
Threat Level:
4/10
Description:Crossite scripting in Web interface.
Affected:ELITECORE : Cyberoam CR25ia
 ELITECORE : Cyberoam CR35ia
Original documentdocumentPatrick Webster, OSI Security: Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability (26.07.2011)

Cisco ASR 9000 DoS
Published:26.07.2011
Source:
SecurityVulns ID:11808
Type:remote
Threat Level:
6/10
Description:Crash on IP packet processing.
Affected:CISCO : Cisco ASR 9006
 CISCO : Cisco ASR 9010
CVE:CVE-2011-2549 (Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco ASR 9000 Series Routers Line Card IP Version 4 Denial of Service Vulnerability (26.07.2011)

Securstar DriveCrypt multiple security vulnerabilities
Published:26.07.2011
Source:
SecurityVulns ID:11809
Type:local
Threat Level:
5/10
Description:DoS, information leakage, privilege escalation.
Affected:SECURSTAR : DriveCrypt 5.2
Original documentdocumentDigit Security Research, Securstar - DriveCrypt - Local Kernel Denial of Service/Memory Disclosure/Privilege Escalation (26.07.2011)

opie security vulnerabilities
Published:26.07.2011
Source:
SecurityVulns ID:11810
Type:library
Threat Level:
5/10
Description:Privilege escalation, off-by-one buffer overflow.
Affected:OPIE : opie 2.32
CVE:CVE-2011-2490 (opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes.)
 CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2281-1] opie security update (26.07.2011)

Wireshark sniffer DoS
Published:26.07.2011
Source:
SecurityVulns ID:11811
Type:local
Threat Level:
3/10
Description:Infinite loop on Lucent/Ascend files parsing.
Affected:WIRESHARK : Wireshark 1.6
CVE:CVE-2011-2597 (The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:118 ] wireshark (26.07.2011)

Shibboleth / opensaml signature wrapping attacks
Published:26.07.2011
Source:
SecurityVulns ID:11812
Type:library
Threat Level:
6/10
Description:It's possible to spoof signed content.
Affected:OPENSAML : opensaml 2.3
CVE:CVE-2011-1411 (Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2284-1] opensaml2 security update (26.07.2011)

libsndfile buffer overflow
Published:26.07.2011
Source:
SecurityVulns ID:11813
Type:library
Threat Level:
5/10
Description:Buffer overflow on Ensoniq PARIS Audio Format (PAF) parsing.
Affected:LIBSNDFILE : libsndfile 1.0
CVE:CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:119 ] libsndfile (26.07.2011)

FreeRADIUS OCSP vulnerability
Published:26.07.2011
Source:
SecurityVulns ID:11814
Type:m-i-t-m
Threat Level:
4/10
Description:Revoked certificate may be used due to validation error.
Affected:FREERADIUS : FreeRADIUS 2.1
CVE:CVE-2011-2701 (The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.)
Original documentdocumentadvisory_(at)_dfn-cert.de, [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11 (26.07.2011)

D-link DPH 150SE/E/F1 IP Phones multiple security vulnerabilities
Published:26.07.2011
Source:
SecurityVulns ID:11815
Type:remote
Threat Level:
5/10
Description:Multiple web interface unauthorized access possibilities.
Affected:DLINK : D-Link DPH 150SE
Original documentdocumentnoreply_(at)_ptsecurity.ru, [PT-2011-08] Multiple vulnerabilities in Dlink DPH 150SE/E/F1 (26.07.2011)

libpng library multiple security vulnerabilities
Published:26.07.2011
Source:
SecurityVulns ID:11816
Type:library
Threat Level:
7/10
Description:Multiple vulnerabilities on PNG parsing.
CVE:CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.)
 CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.)
 CVE-2011-2501 (The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression.)
Original documentdocumentUBUNTU, [USN-1175-1] libpng vulnerabilities (26.07.2011)

Apple iWork multiple security vulnerabilities
Published:26.07.2011
Source:
SecurityVulns ID:11818
Type:client
Threat Level:
6/10
Description:Memory corruptions on Word and Excel files processing.
Affected:APPLE : iWork 9.0
CVE:CVE-2011-1417 (Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.)
 CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.)
 CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.)
Original documentdocumentAPPLE, APPLE-SA-2011-07-20-2 iWork 9.1 Update (26.07.2011)

logrotate multiple security vulnerabilities
updated since 06.04.2011
Published:26.07.2011
Source:
SecurityVulns ID:11566
Type:local
Threat Level:
5/10
Description:Race conditions, unfiltered shell characters vulnerability, DoS.
Affected:LOGROTATE : logrotate 3.7
CVE:CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.)
 CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.)
 CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.)
 CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.)
Original documentdocumentUBUNTU, [USN-1172-1] logrotate vulnerabilities (26.07.2011)
 documentMANDRIVA, [ MDVSA-2011:065 ] logrotate (06.04.2011)

kvm code execution
updated since 06.07.2011
Published:26.07.2011
Source:
SecurityVulns ID:11764
Type:local
Threat Level:
5/10
Description:virtio commands processing code execution.
Affected:LINUX : kvm 0.14
CVE:CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.)
 CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.)
 CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2282-1] qemu-kvm security update (26.07.2011)
 documentDEBIAN, [SECURITY] [DSA 2270-1] qemu-kvm security update (06.07.2011)

Cisco SA 500 security vulnerabilities
updated since 26.07.2011
Published:01.08.2011
Source:
SecurityVulns ID:11807
Type:local
Threat Level:
5/10
Description:SQL injection, privilege escalation.
Affected:CISCO : Cisco SA 500
CVE:CVE-2011-2547 (The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.)
 CVE-2011-2546 (SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.)
Original documentdocumentmichal.sajdak_(at)_securitum.pl, SA500 vulnerabilities - details (01.08.2011)
 documentCISCO, Cisco Security Advisory: Cisco SA 500 Series Security Appliances Web Management Interface Vulnerabilities (26.07.2011)

CA ARCserve D2D unauthorized access
updated since 26.07.2011
Published:12.08.2011
Source:
SecurityVulns ID:11817
Type:remote
Threat Level:
6/10
Description:Information leakage and code execution while processing TCP/8014 HTTP RPC request.
Affected:CA : ARCserve D2D 15
Original documentdocumentCA, CA20110809-01: Security Notice for CA ARCserve D2D (12.08.2011)
 documentCA, Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials (10.08.2011)
 documentrgod, CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution (26.07.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod