 |
|
|
|
| HP OpenView Storage Data Protector privilege escalation | | Published: |  | 28.01.2010 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10560 | | Type: |  | local | | Level: |  | 5/10 |
| hybrid and ratbox IRC servers multiple security vulnerabilities | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10561 | | Type: | | remote | | Level: | | 5/10 | | Description: |  | LINKS command, integer overflow, HELP command DoS. |
| Affected: |  | RATBOX : ratbox 2.2 | | | | HYBRID : hybrid 7.2 | | CVE: |  | CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command.) | | | | CVE-2009-4016 (Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.) |
| HP System Management Homepage crossite scripting | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10563 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Crossite scripting in getuiinfo. |
| Serversman HTTP server DoS | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10569 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on HEAD request. |
| Rising Antivirus privilege escalation | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10565 | | Type: | | remote | | Level: | | 5/10 | | Description: | | IOCTL privilege escalation. |
| Cisco Unified MeetingPlace multiple security vulnerabilities | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10566 | | Type: | | remote | | Level: | | 6/10 | | Description: | | SQL injection, unauthorized access, information leak, privilege escalation. |
| Affected: | | CISCO : Unified MeetingPlace 5 | | | | CISCO : Unified MeetingPlace 6 | | | | CISCO : Unified MeetingPlace 7 | | CVE: | | CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530.) | | | | CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.) | | | | CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.) | | | | CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.) |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 28.01.2010 | | Source: | | | | SecurityVulns ID: | | 10570 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | PHPGROUPWARE : phpGroupWare 0.9 | | | | SHARETRONIX : ShareTronix 1.0 | | CVE: | | CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.) | | | | CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.) | | | | CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.) |
| lintian multiple security vulnerabilities | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10562 | | Type: | | local | | Level: | | 5/10 | | Description: | | Directory traversal, format string vulnerabilities, shell characters vulnerabilities. |
| Affected: | | DEBIAN : lintian 1.24 | | CVE: | | CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.) | | | | CVE-2009-4014 (Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.) | | | | CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.) |
| Geo++ GNCASTER multiple security vulnerabilities | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10564 | | Type: | | m-i-t-m | | Level: | | 5/10 | | Description: | | Weak Digest authentication, buffer overflow, DoS. |
| SAP BusinessObjects crossite scripting | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10567 | | Type: | | remote | | Level: | | 5/10 |
| Netsupport Manager DoS | | Published: | | 28.01.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10568 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on invalid request to application port. |
|
|
|
|
|
|
|
|
