Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.05.2010
Source:
SecurityVulns ID:10878
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BIGACE : BigACE 2.7
Original documentdocumentBkis, [Bkis-01-2010] Multiple Vulnerabilities in BigAce - Bkis (28.05.2010)
 documentadmin_(at)_7b-ly.com, clearsite Remote File Include Vulnerability (28.05.2010)
 documentChristopher Schramm, SQL injection in OSCommerce Add-On Visitor Web Stats (28.05.2010)
 documentInj3ct0r.com, Web Online Games (game.php) Multiple Vulnerabilities (28.05.2010)

FreeBSD NFS client privilege escalation
Published:28.05.2010
Source:
SecurityVulns ID:10879
Type:local
Threat Level:
6/10
Description:Buffer overflow and memory corruption on volume mounting.
Affected:FREEBSD : FreeBSD 7.2
 FREEBSD : FreeBSD 8.0
 FREEBSD : FreeBSD 7.3
CVE:CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-10:06.nfsclient (28.05.2010)
 documentPatroklos Argyroudis, CVE-2010-2020: FreeBSD kernel NFS client local vulnerabilities (28.05.2010)

ClamAV antivirus multiple security vulnerabilities
Published:28.05.2010
Source:
SecurityVulns ID:10880
Type:remote
Threat Level:
7/10
Description:Memory corruptions on PDF and PE files parsing.
Affected:CLAMAV : ClamAV 0.96
CVE:CVE-2010-1640 (Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.)
 CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:110 ] clamav (28.05.2010)

Mozilla Firefox information leakage
Published:28.05.2010
Source:
SecurityVulns ID:10881
Type:remote
Threat Level:
5/10
Description:It's possible to retrieve information about visited URLs from the site.
Affected:MOZILLA : Firefox 3.5
 MOZILLA : Firefox 3.6
Original documentdocumentsubs_(at)_itguard.info, Cross Site URL Hijacking by using Error Object in Mozilla Firefox (28.05.2010)

FreeBSD OPIE library off-by-one overflow
Published:28.05.2010
Source:
SecurityVulns ID:10882
Type:library
Threat Level:
7/10
Description:Off-by-one overflow during authentication.
Affected:FREEBSD : FreeBSD 7.1
 FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 7.2
 FREEBSD : FreeBSD 8.0
 FREEBSD : FreeBSD 7.3
CVE:CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie in OPIE 2.4.1-test1 and earlier, as used on FreeBSD 6.4 through 8.1-PRERELEASE and other platforms, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long username, as demonstrated by a long USER command to the FreeBSD 8.0 ftpd.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-10:05.opie (28.05.2010)

FreeBSD jail escape
Published:28.05.2010
Source:
SecurityVulns ID:10883
Type:local
Threat Level:
6/10
Description:It's possible to access current working directory.
Affected:FREEBSD : FreeBSD 8.0
CVE:CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-10:04.jail (28.05.2010)

HP TestDirector for Quality Center unauthorized access
Published:28.05.2010
Source:
SecurityVulns ID:10884
Type:remote
Threat Level:
5/10
Affected:HP : TestDirector for Quality Center 9.2
CVE:CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN02315 SSRT071487 rev.1 - HP TestDirector for Quality Center running on AIX, Linux and Solaris, Remote Unauthorized Access (28.05.2010)

eLiteCore Cyberoam SSL VPN Client cleartext passwords
Published:28.05.2010
Source:
SecurityVulns ID:10885
Type:local
Threat Level:
4/10
Description:SSL VPN client Username and password are stored in cleartext in the registry.
Affected:ELITECORE : Cyberoam SSL VPN Client 1.0
Original documentdocumentWasim Halani, Cyberoam SSL VPN Client - Plain-text Storage of Username and Password (28.05.2010)

Microsoft Internet Explorer information leak
Published:28.05.2010
Source:
SecurityVulns ID:10886
Type:remote
Threat Level:
5/10
Description:It's possible to access external UNC location via ICMFilter option, leaking authentication information.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Original documentdocumentTim Starling, Arbitrary UNC file read in IE 8 (28.05.2010)

3Com Intelligent Management Center multiple security vulnerabilities
Published:28.05.2010
Source:
SecurityVulns ID:10887
Type:remote
Threat Level:
5/10
Description:Directory traversal, crossite scripting.
Affected:3COM : 3COM Intelligent Management Centre 3.3
Original documentdocumentProCheckUp Research, PR10-02: Various XSS and information disclosure flaws within 3Com* iMC (Intelligent Management Center) (28.05.2010)
 documentProCheckUp Research, PR10-01: Unauthenticated File Retrieval (traversal) within 3Com* iMC (Intelligent Management Center) (28.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod