Computer Security
[EN] no-pyccku

PHP is_a function vulnerability
SecurityVulns ID:11919
Threat Level:
Description:Function behaviour is changed, making different application relying upon it behavior potentially vulnerable.
Affected:PHP : PHP 5.3
CVE:CVE-2011-3379 (The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.)
Original documentdocumentcipri_(at), Security issue is_a function in PHP 5.3.7+ (26.09.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:11920
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PUNBB : PunBB 1.3
 S9Y : Serendipity 1.5
 FREEHELPDESK : Help Desk Software 1.1
 AWSTATS : AWStats 6.0
 AWSTATS : AWStats 7.0
 TWIKI : TWiki 5.1
 SECUREURL : secureURL 2.0
 ANELECTRON : Advanced Electron Forums 1.0
 FLYNAX : General Classifieds Software 3.2
 FLYNAX : Auto Classifieds Script 3.2
 FLYNAX : Real Estate Classifieds 3.2
 FLYNAX : Pets Classifieds Software 3.2
 ADAPTCMS : AdaptCMS 2.0
 ICEWARP : IceWarp Mail Server 10.3
CVE:CVE-2011-3645 (Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.)
 CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.)
 CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to in the SlideShowPlugin.)
Original documentdocumentTrustwave Advisories, TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server (26.09.2011)
 documentAmir_(at), PunBB 1.3.6 bug (26.09.2011)
 documentsschurtz_(at), Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability (26.09.2011)
 documentsschurtz_(at), AdaptCMS 2.0.1 Multiple security vulnerabilities (26.09.2011)
 documentNasel Pentest, Vulnerability found in Flynax Classifieds products (26.09.2011)
 documentSohil Garg, [CVE-2011-3645] Multiple vulnerability in "Omnidocs" (26.09.2011)
 documentYGN Ethical Hacker Group, Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability (26.09.2011)
 documentNetsparker Advisories, XSS Vulnerabilities in TWiki < 5.1.0 (26.09.2011)
 documentMustLive, Multiple vulnerabilities in AWStats (26.09.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Help Desk Software (26.09.2011)

gimp memory corruption
SecurityVulns ID:11921
Threat Level:
Description:Memory corruption on GIF LZW extraction.
Affected:GNU : gimp 2.6
CVE:CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.)
Original documentdocumentUBUNTU, [USN-1214-1] GIMP vulnerability (26.09.2011)

Linux kernel multiple security vulnerabilities
SecurityVulns ID:11922
Threat Level:
Description:Multipe local DoS conditions, information leaks, IPv6 remote DoS, X.25 code execution.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.0
CVE:CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.)
 CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.)
 CVE-2011-2700 (Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.)
 CVE-2011-2699 (The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.)
 CVE-2011-2689 (The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.)
 CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.)
 CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.)
 CVE-2011-1493 (Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket.)
 CVE-2011-1020 (The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.)
Original documentdocumentUBUNTU, [USN-1211-1] Linux kernel vulnerabilities (26.09.2011)

Sunway ForceControl multiple security vulnerabilities
SecurityVulns ID:11923
Threat Level:
Description:Multiple buffer overflows, DoS conditions, directory traversal, ActiveX code execution.
Affected:SUNWAY : ForceControl 6.1
Original documentdocumentLuigi Auriemma, Vulnerabilities in Sunway ForceControl 6.1 sp3 (SCADA) (26.09.2011)

Nomachine NX Server privilege escalation
SecurityVulns ID:11924
Threat Level:
Description:shell code execution via environment variables manipulation for suid application.
Affected:NOMACHINE : NX Server for Linux 3.5
Original documentdocumentTavis Ormandy, Re: NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux (26.09.2011)
 documentTavis Ormandy, [email protected] (26.09.2011)
 document[email protected], NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux (26.09.2011)

Dolphin Browser HD / Opera Mobile XAS
SecurityVulns ID:11925
Threat Level:
Description:Application can access browser's data.
Affected:DOLPHINBROWSER : Dolphin Browser HD 6.0
 OPERA : Opera Mobile 11.1
Original documentdocumentRoee Hay, Advisory: Opera Mobile Cache Poisoning XAS (26.09.2011)
 documentRoee Hay, Advisory: Dolphin Browser HD Cross-Application Scripting (26.09.2011)

Netgear CG814WG cable modem security vulnerability
SecurityVulns ID:11926
Threat Level:
Description:CSRF, authentication bypass.
Affected:NETGEAR : Netgear CG814WG
Original documentdocumentlists_(at), NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF - SOS-11-011 (26.09.2011)

Apache Tomcat digest authentication vulnerabilities
SecurityVulns ID:11927
Threat Level:
Description:Multiple implementation errors make authentication vulnerable to different attacks.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2011-1184 (The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.)
Original documentdocumentAPACHE, [SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication (26.09.2011)

Pantech Link/P7040P phones SSL certificate chain check vulnerabilities
SecurityVulns ID:11928
Threat Level:
Description:Intermediate certificate basic constraints are not checked.
Affected:PANTECH : Link / P7040p
Original documentdocumentTrustwave Advisories, TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation (26.09.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod