Computer Security
[EN] securityvulns.ru no-pyccku


Counter Strike game server DoS
Published:26.11.2009
Source:
SecurityVulns ID:10420
Type:remote
Threat Level:
5/10
Description:Protocol is not protected against blind command injection, making it's possible to e.g. terminate any client's game by spoofing "quit" packet blindly.
Affected:VALVE : Counter Strike 1.6
Original documentdocumentGE Grishkovtsov, Уязвимость в работе протокола Counter-Strike (26.11.2009)

Autodesk SoftImage code execution
Published:26.11.2009
Source:
SecurityVulns ID:10421
Type:local
Threat Level:
3/10
Description:It's possible to embed commands into .scntoc files.
Affected:AUTODESK : SoftImage 7.5
CVE:CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution (26.11.2009)

Autodesk 3DS Max code execution
Published:26.11.2009
Source:
SecurityVulns ID:10422
Type:local
Threat Level:
2/10
Description:It's possible to embed code into .max files.
Affected:AUTODESK : 3DS Max 2010
 AUTODESK : 3DS Max 2009
 AUTODESK : 3DS Max 2008
CVE:CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution (26.11.2009)

Autodesk Maya code execution
Published:26.11.2009
Source:
SecurityVulns ID:10423
Type:local
Threat Level:
2/10
Description:It's possible to embed scripts into application files.
Affected:AUTODESK : Maya 2010
 AUTODESK : Maya 2009
 AUTODESK : Maya 2008
CVE:CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution (26.11.2009)

TYPSoft FTP Server DoS
Published:26.11.2009
Source:
SecurityVulns ID:10424
Type:remote
Threat Level:
5/10
Description:DELE command immediately after APPE command causes server to crash.
Affected:TYPSOFT : TYPSoft FTP Server 1.10
Original documentdocumentleinakesi_(at)_gmail.com, TYPSoft FTP Server 'APPE' and 'DELE' Commands Remote DoS Vulnerabilities (26.11.2009)

dstat privilege escalation
Published:26.11.2009
Source:
SecurityVulns ID:10425
Type:remote
Threat Level:
4/10
Description:share libraries are searched in the working directory.
Affected:DSTAT : dstat 0.6
CVE:CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.)
Original documentdocumentGENTOO, [resent] [ GLSA 200911-04 ] dstat: Untrusted search path (26.11.2009)

Wireshark multiple security vulnerabilities
Published:26.11.2009
Source:
SecurityVulns ID:10426
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities on different protocols dissction.
Affected:WIRESHARK : Wireshark 1.2
CVE:CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability.")
 CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.)
 CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to inclu)
 CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.)
 CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.)
 CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.)
Original documentdocumentGENTOO, [ GLSA 200911-05 ] Wireshark: Multiple vulnerabilities (26.11.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod