Computer Security
[EN] securityvulns.ru no-pyccku


Novell ZENworks directory traversal
updated since 26.04.2010
Published:30.04.2010
Source:
SecurityVulns ID:10789
Type:remote
Threat Level:
7/10
Description:UploadServlet directory traversal.
Affected:NOVELL : ZENworks 10
Original documentdocumenttu canal amigo, PoC for ZDI-10-078 (30.04.2010)
 documentZDI, ZDI-10-078: Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability (26.04.2010)

HP System Insight Manager multiple security vulnerabilities
Published:30.04.2010
Source:
SecurityVulns ID:10804
Type:remote
Threat Level:
5/10
Description:Crossite scripting, crossite request forgery, privilege escalation.
CVE:CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.)
Original documentdocumentHP, [security bulletin] HPSBMA02525 SSRT100083 rev.1 - HP System Insight Manager Running on HP-UX, Linux, and Windows , Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Privilege Elevation (30.04.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:30.04.2010
Source:
SecurityVulns ID:10805
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 VBULLETIN : vBulletin 3.8
 APACHE : ActiveMQ 5.3
 DRUPAL : Better Formats 1.2
 AMIRO : Amiro CMS 5.4
 MANGO : Mango 1.4
CVE:CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.)
Original documentdocumentMustLive, Cross-Site Scripting vulnerability in Mango (30.04.2010)
 documentmd.r00t.defacer_(at)_gmail.com, BPstyle - Graphic studio SQL Injection Vulnerabilities (30.04.2010)
 documentBonsai - Information Security, Bonsai Information Security - OS Command Injection in Cacti <= 0.8.7e (30.04.2010)
 documentBonsai - Information Security, Bonsai Information Security - SQL Injection in Cacti <= 0.8.7e (30.04.2010)
 documenthvazquez_(at)_pentest.es, Jcaptcha vulnerability (30.04.2010)
 documentВладимир Воронцов, Amiro CMS<=5.4.4 PHP injection (30.04.2010)
 documentJustin C. Klein Keane, XSS in Drupal Better Formats Module (30.04.2010)
 documentJustin C. Klein Keane, TaskFreak 0.6.2 SQL Injection Vulnerability (30.04.2010)
 documentadvisories_(at)_intern0t.net, vBulletin - Insecure Custom BBCode Tags (30.04.2010)
 documentarun.gnyan_(at)_gmail.com, Apache ActiveMQ XSS Vulnerability (30.04.2010)

VLC media player multiple security vulnerabilities
Published:30.04.2010
Source:
SecurityVulns ID:10806
Type:client
Threat Level:
6/10
Description:Multiple buffer overflows and memory corruptions on different media formats.
Affected:VLC : VLC Media Player 1.0
Original documentdocumentVIDEOLAN, VideoLAN Security Advisory 1003 (30.04.2010)

Internet Download Manager buffer overflow
Published:30.04.2010
Source:
SecurityVulns ID:10807
Type:client
Threat Level:
5/10
Description:Buffer overflow on ftp:// URI processing.
CVE:CVE-2010-0995 (Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server.)
Original documentdocumentSECUNIA, Secunia Research: Internet Download Manager FTP Buffer Overflow Vulnerability (30.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod