Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Storage Data Protector privilege escalation
Published:28.01.2010
Source:
SecurityVulns ID:10560
Type:local
Threat Level:
5/10
Affected:HP : OpenView Storage Data Protector 6.00
 HP : OpenView Storage Data Protector 6.10
CVE:CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 and 6.10 allows local users to obtain unspecified "access" via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02502 SSRT090171 rev.1 - HP OpenView Storage Data Protector, Local Unauthorized Access (28.01.2010)

hybrid and ratbox IRC servers multiple security vulnerabilities
Published:28.01.2010
Source:
SecurityVulns ID:10561
Type:remote
Threat Level:
5/10
Description:LINKS command, integer overflow, HELP command DoS.
Affected:RATBOX : ratbox 2.2
 HYBRID : hybrid 7.2
CVE:CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command.)
 CVE-2009-4016 (Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1980-1] New ircd-hybrid/ircd-ratbox packages fix arbitrary code execution (28.01.2010)

lintian multiple security vulnerabilities
Published:28.01.2010
Source:
SecurityVulns ID:10562
Type:local
Threat Level:
5/10
Description:Directory traversal, format string vulnerabilities, shell characters vulnerabilities.
Affected:DEBIAN : lintian 1.24
CVE:CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.)
 CVE-2009-4014 (Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.)
 CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities (28.01.2010)

HP System Management Homepage crossite scripting
Published:28.01.2010
Source:
SecurityVulns ID:10563
Type:remote
Threat Level:
4/10
Description:Crossite scripting in getuiinfo.
Affected:HP : HP System Management 3.0
Original documentdocumentProCheckUp Research, PR09-15: XSS injection vulnerability within HP System Management Homepage (Insight Manager) (28.01.2010)

Geo++ GNCASTER multiple security vulnerabilities
Published:28.01.2010
Source:
SecurityVulns ID:10564
Type:m-i-t-m
Threat Level:
5/10
Description:Weak Digest authentication, buffer overflow, DoS.
Affected:GEOPP : GNCASTER 1.4
Original documentdocumentRedTeam Pentesting, [RT-SA-2010-003] Geo++(R) GNCASTER: Faulty implementation of HTTP Digest Authentication (28.01.2010)
 documentRedTeam Pentesting, [RT-SA-2010-002] Geo++(R) GNCASTER: Insecure handling of NMEA-data (28.01.2010)
 documentRedTeam Pentesting, [RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs (28.01.2010)

Rising Antivirus privilege escalation
Published:28.01.2010
Source:
SecurityVulns ID:10565
Type:remote
Threat Level:
5/10
Description:IOCTL privilege escalation.
Affected:RISING : Rising AntiVirus 2009
 RISING : Rising AntiVirus 2008
 RISING : Rising AntiVirus 2010
Original documentdocumentdlrow1991_(at)_ymail.com, Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit (28.01.2010)
Files:Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit

Cisco Unified MeetingPlace multiple security vulnerabilities
Published:28.01.2010
Source:
SecurityVulns ID:10566
Type:remote
Threat Level:
6/10
Description:SQL injection, unauthorized access, information leak, privilege escalation.
Affected:CISCO : Unified MeetingPlace 5
 CISCO : Unified MeetingPlace 6
 CISCO : Unified MeetingPlace 7
CVE:CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote authenticated users to gain privileges via a modified authentication sequence, aka Bug ID CSCsv66530.)
 CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935.)
 CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to the internal interface, aka Bug IDs CSCtc59231 and CSCtd40661.)
 CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace (28.01.2010)

SAP BusinessObjects crossite scripting
Published:28.01.2010
Source:
SecurityVulns ID:10567
Type:remote
Threat Level:
5/10
Affected:SAP : BusinessObjects 12
Original documentdocumentRolando Fuentes, PR09-02 Multiple Cross-Site Scripting (XSS) / Cross Domain redirects and Server path information disclosure on SAP BusinessObjects version 12 (28.01.2010)

Netsupport Manager DoS
Published:28.01.2010
Source:
SecurityVulns ID:10568
Type:remote
Threat Level:
5/10
Description:Crash on invalid request to application port.
Affected:NETSUPPORT : Netsupport Manager 10.60

Serversman HTTP server DoS
Published:28.01.2010
Source:
SecurityVulns ID:10569
Type:remote
Threat Level:
5/10
Description:Crash on HEAD request.
Affected:SERVERSMAN : Serversman 3.1
Original documentdocumentSteven Seeley, [Full-disclosure] Apple Iphone/Ipod - Serversman 3.1.5 HTTP Remote DoS exploit (28.01.2010)
Files:Apple Iphone/Ipod - Serversman 3.1.5 HTTP Remote DoS exploit

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.01.2010
Source:
SecurityVulns ID:10570
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPGROUPWARE : phpGroupWare 0.9
 SHARETRONIX : ShareTronix 1.0
CVE:CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.)
 CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.)
 CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.)
Original documentdocumentadvisories_(at)_intern0t.net, [InterN0T] ShareTronix 1.0.4 - HTML Injection Vulnerability (28.01.2010)
 documentDEBIAN, [SECURITY] [DSA 1978-1] New phpgroupware packages fix several vulnerabilities (28.01.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod