Computer Security
[EN] securityvulns.ru no-pyccku


AgentX++ library / Helix Server multiple security vulnerabilities
updated since 26.04.2010
Published:29.04.2010
Source:
SecurityVulns ID:10795
Type:library
Threat Level:
7/10
Description:Integer overflow, buffer overflow.
Affected:AGENTPP : AgentX++ 1.4
 REAL : Helix Server 12
CVE:CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.)
 CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.)
Original documentdocumentREAL, Security Update for Helix Server and Helix Mobile Server (29.04.2010)
 documentZDI, ZDI-10-079: Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability (29.04.2010)
 documentIDEFENSE, iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Stack Buffer Overflow Vulnerability (26.04.2010)

Microsoft SharePoint Server crossite scripting
Published:29.04.2010
Source:
SecurityVulns ID:10802
Type:remote
Threat Level:
5/10
Description:Crossite scripting in help.aspx
Affected:MICROSOFT : Sharepoint 2007
Original documentdocumentHigh-Tech Bridge Security Research, XSS in Microsoft SharePoint Server 2007 (29.04.2010)

PostgreSQL DoS
Published:29.04.2010
Source:
SecurityVulns ID:10803
Type:local
Threat Level:
4/10
Description:Crash on substring() function in SQL.
Affected:POSTGRES : PostgreSQL 8.3
CVE:CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow.")
Original documentdocumentUBUNTU, [USN-933-1] PostgreSQL vulnerability (29.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod