Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 29.03.2011
Published:29.03.2011
Source:
SecurityVulns ID:11539
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPENCMS : OpenCMS 7.5
 CETERA : Cetera eCommerce 14.0
 HORDE : imp 4.3
 BBPRESS : bbPress 1.0
 CETERA : Cetera eCommerce 15.0
 SPITFIRE : Spitfire CMS 1.0
 WORDPRESS : WordPress 3.1
 WORDPRESS : BackWPup 1.6
 SIMPLYCMS : SimplisCMS 1.0
 UNIDESK : Unidesk Management Console 1.3
CVE:CVE-2010-3695 (Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.)
Original documentdocumentnp_(at)_securitypentest.com, Unidesk ReportingService Forceful Browsing Vulnerability (29.03.2011)
 documentDEBIAN, [SECURITY] [DSA 2204-1] imp4 security update (29.03.2011)
 documentRoot_(at)_d99y.com, SimplisCMS 1.0.3.0 Remote File Disclosure Vulnerability (29.03.2011)
 documentRoot_(at)_d99y.com, SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting (29.03.2011)
 documentSense of Security, Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 (29.03.2011)
 documentMichele Orru, [AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities (29.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22905: Path disclosure in Wordpress (29.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22904: Path disclosure in bbPress (29.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22903: XSS in Spitfire CMS (29.03.2011)
 documentMustLive, XSS, SQL Injection и SQL DB Structure Extraction уязвимости в Cetera eCommerce (29.03.2011)

Zend Server code execution
Published:29.03.2011
Source:
SecurityVulns ID:11542
Type:remote
Threat Level:
6/10
Description:It's possible to execute user-supplied code via Java Bridge (TCP/10001) service.
Original documentdocumentZDI, ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability (29.03.2011)

HP Diagnostics crossite scripting
Published:29.03.2011
Source:
SecurityVulns ID:11540
Type:remote
Threat Level:
4/10
CVE:CVE-2011-0892 (Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS) (29.03.2011)

Comodo issued fraudlent certificates
updated since 23.03.2011
Published:29.03.2011
Source:
SecurityVulns ID:11530
Type:m-i-t-m
Threat Level:
7/10
Description:login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org "Global Trustee" certificates were issued to untrusted third party.
Original documentdocumentDEBIAN, [SECURITY] [DSA 2203-1] nss security update (29.03.2011)
Files:Microsoft Security Advisory (2524375) Fraudulent Digital Certificates Could Allow Spoofing

t1lib / xpdf library multiple security vulnerabilities
updated since 29.03.2011
Published:16.01.2012
Source:
SecurityVulns ID:11541
Type:remote
Threat Level:
5/10
Description:Multiple memory corruptions.
Affected:T1LIB : t1lib 5.1
 XPDF : xpdf 3.02
CVE:CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.)
 CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.)
 CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.)
 CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.)
 CVE-2011-0433 (Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.)
Original documentdocumentAdvisories Toucan-System, TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution (29.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod