Computer Security
[EN] securityvulns.ru
no-pyccku

  

Linux DBus-GLib / NetworkManager / ModemManager privilege escalation
Published:30.05.2011
Source:
SecurityVulns ID:11699
Type:library
Threat Level:
5/10
Description:Access flags for exported object are not checked.
Affected:DBUS : libdbus-glib 1.84
CVE:CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.)
Original documentdocumentUBUNTU, [USN-1138-2] NetworkManager and ModemManager update (30.05.2011)
 documentUBUNTU, [USN-1138-1] DBus-GLib vulnerability (30.05.2011)

ISC bind named DNS server DoS
Published:30.05.2011
Source:
SecurityVulns ID:11701
Type:remote
Threat Level:
7/10
Description:Large RRSIG in negative response leads to assert().
Affected:ISC : bind 9.6
 ISC : bind 9.7
 BIND : bind 9.8
CVE:CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-11:02.bind (30.05.2011)

Unbound DNS server DoS
Published:30.05.2011
Source:
SecurityVulns ID:11702
Type:remote
Threat Level:
5/10
Description:DoS against DNSSEC signed zone.
Affected:UNBOUND : unbound 1.4
CVE:CVE-2009-4008 (Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2243-1] unbound security update (30.05.2011)

Google Chrome multiple security vulnerabilities
Published:30.05.2011
Source:
SecurityVulns ID:11703
Type:remote
Threat Level:
6/10
Description:Memory corruptions, privilege escalation race conditions, DoS.
Affected:GOOGLE : chrome 11.0
CVE:CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.)
 CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1292 (Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
Original documentdocumentDEBIAN, 2245 (30.05.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 30.05.2011
Published:02.06.2011
Source:
SecurityVulns ID:11698
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:APACHE : Archiva 1.3
 APACHE : Archiva 1.4
 MAHARA : mahara 1.3
CVE:CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.)
 CVE-2011-1405 (Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.)
 CVE-2011-1404 (Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses.)
 CVE-2011-1403 (Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.)
 CVE-2011-1402 (Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.)
 CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.)
Original documentdocumentWalikarRiyazAD_(at)_microland.com, [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities (02.06.2011)
 documentWalikarRiyazAD_(at)_microland.com, [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities (02.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2246-1] mahara security update (30.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability (30.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability (30.05.2011)

ZTE Callisto 821+ ADSL router security vulnerabilities
updated since 30.05.2011
Published:01.08.2011
Source:
SecurityVulns ID:11700
Type:remote
Description:Crossite scripting, crossite request forgery.
Affected:ZTE : Callisto 821+
Original documentdocumentMustLive, Multiple DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (01.08.2011)
 documentMustLive, Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (26.07.2011)
 documentMustLive, Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (18.07.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (27.06.2011)
 documentMustLive, New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (27.06.2011)
 documentMustLive, New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (23.06.2011)
 documentMustLive, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (23.06.2011)
 documentMustLive, DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (17.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (17.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (15.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (15.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (10.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (08.06.2011)
 documentMustLive, New vulnerabilities in ADSL modem Callisto 821+ (07.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (03.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (03.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (02.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (02.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (02.06.2011)
 documentMustLive, CSRF vulnerabilities in ADSL modem Callisto 821+ (30.05.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (30.05.2011)
 documentMustLive, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (30.05.2011)
 documentMustLive, Vulnerabilities in ADSL modem Callisto 821+ (30.05.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru