Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Network Node Manager SNMP code execution
updated since 14.06.2009
Published:27.06.2009
Source:
SecurityVulns ID:9992
Type:remote
Threat Level:
6/10
Description:Bufffer overflow in rping application.
Affected:HP : OpenView Network Node Manager 7.53
CVE:CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.26.09: HP Network Node Manager rping Stack Buffer Overflow Vulnerability (27.06.2009)
 documentHP, [security bulletin] HPSBMA02430 SSRT080094 rev.1 - HP OpenView Network Node Manager (OV NNM) Running SNMP and MIB, Remote Execution of Arbitrary Code, Denial of Service (DoS) (14.06.2009)

stardict information leakage
Published:27.06.2009
Source:
SecurityVulns ID:10018
Type:remote
Threat Level:
6/10
Description:Clipboard content is broadcasted into network.
Affected:STARDICT : stardict 3.0
Original documentdocumentPavel Machek, evil little dictionary (27.06.2009)

Multiple MSN messengers SSL certificates vulnerabilities
Published:27.06.2009
Source:
SecurityVulns ID:10019
Type:m-i-t-m
Threat Level:
5/10
Description:Server certificate is not validated.
Affected:TRILLIAN : Trillian 3.1
 GIZMO : Gizmo 3.1
 AMSN : aMSN 0.97
Original documentdocumentGabriel Menezes Nunes, Gizmo SSL Certificate Vulnerability (27.06.2009)
 documentGabriel Menezes Nunes, aMSN SSL Certificate Vulnerability (27.06.2009)
 documentGabriel Menezes Nunes, Trillian SSL Certificate Vulnerability (27.06.2009)

Adobe Shockwave Player memory corruption
Published:27.06.2009
Source:
SecurityVulns ID:10020
Type:client
Threat Level:
7/10
Description:Memory corruption on Adobe Director 10 files parsing.
Affected:ADOBE : Shockwave Player 11.5
CVE:CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.)
Original documentdocumentADOBE, Security Update available for Shockwave Player (27.06.2009)
 documentZDI, ZDI-09-044: Adobe Shockwave Player Director File Parsing Pointer Overwrite Vulnerability (27.06.2009)

BSD-based systems (FreeBSD, NetBSD, OpenBSD) index array overflow
updated since 27.06.2009
Published:08.01.2010
Source:
SecurityVulns ID:10021
Type:library
Threat Level:
8/10
Description:Index array overflow in libc gdtoa() function (used by printf()).
Affected:MOZILLA : SeaMonkey 1.1
 APPLE : MacOS X 10.5
 FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 7.2
 NETBSD : OpenBSD 4.5
 NETBSD : NetBSD 5.0
 MOZILLA : Firefox 3.5
 KDE : KDE 4.3
 OPERA : Opera 10.01
 KMELEON : K-Meleon 1.5
 FLOCK : Flock 2.5
 CAMINO : Camino 1.6
 APPLE : MacOS X 10.6
CVE:CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.)
Original documentdocumentMaksymilian Arciemowicz, MacOS X 10.5/10.6 libc/strtod(3) buffer overflow (08.01.2010)
 documentMaksymilian Arciemowicz, Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) (15.12.2009)
 documentMaksymilian Arciemowicz, Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) (15.12.2009)
 documentMaksymilian Arciemowicz, K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) (20.11.2009)
 documentMaksymilian Arciemowicz, KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution) (20.11.2009)
 documentMaksymilian Arciemowicz, Opera 10.01 Remote Array Overrun (Arbitrary code execution) (20.11.2009)
 documentMaksymilian Arciemowicz, SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) (20.11.2009)
 documentMaksymilian Arciemowicz, Firefox 3.5.3 Remote Array Overrun (UPDATE) (20.11.2009)
 documentMaksymilian Arciemowicz, [Full-disclosure] SecurityReason: Multiple Vendors libc/gdtoa printf(3) Array Overrun (27.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod