Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.03.2010
Source:
SecurityVulns ID:10726
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VIEWVC : ViewVC 1.0
 APACHE : ActiveMQ 5.3
 OXID : eShop EE 4.2
 VIEWVC : viewvc 1.1
 PHOTOPOST : vBGallery 2.5
 OSSIM : OSSIM 2.2
CVE:CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.)
 CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.)
Original documentdocumentnicolas.grandjean_(at)_conix.fr, Multiple XSS vulnerabilities in OSSIM 2.2.1 (31.03.2010)
 documentAndreas Kirbach, SQL Injection Vulnerabilitie in PhotoPost vBGallery 2.5 (31.03.2010)
 documentinfo_(at)_securitylab.ir, XSS vulnerability in easy page cms (31.03.2010)
 documentinfo_(at)_securitylab.ir, Joomla Component com_xmap Sql Injection Vulnerability (31.03.2010)
 documentinfo_(at)_securitylab.ir, Joomla Component com_weblinks Sql Injection Vulnerability (31.03.2010)
 documentSECUNIA, Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting (31.03.2010)
 documentmichael.mueller_(at)_integralis.com, OXID eShop Enterprise: Session Fixation and XSS Vulnerabilities (31.03.2010)
 documentrajat swarup, CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting (XSS) Vulnerability (31.03.2010)

emacs privilege escalation
Published:31.03.2010
Source:
SecurityVulns ID:10729
Type:local
Threat Level:
5/10
Description:It's possible to access different users' files via email helper.
Affected:EMACS : emacs 22.2
 EMACS : emacs 23.1
CVE:CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.)
Original documentdocumentUBUNTU, [USN-919-1] Emacs vulnerability (31.03.2010)

aircrack-ng buffer overflow
Published:31.03.2010
Source:
SecurityVulns ID:10730
Type:remote
Threat Level:
5/10
Description:Buffer overflow on IEEE 802.11 EAPOL parsing.
Original documentdocumentLukas Lueg, Remote buffer overflow in aircrack-ng causes DOS and possible code execution (31.03.2010)

HP-UX with NFS/ONCplus NFS access
Published:31.03.2010
Source:
SecurityVulns ID:10731
Type:remote
Threat Level:
5/10
Affected:HP : HP-UX 11.31
CVE:CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.)
Original documentdocumentHP, [security bulletin] HPSBUX02509 SSRT100032 rev.1 - HP-UX Running NFS/ONCplus, NFS Inadvertently Enabled (31.03.2010)

HP-UX AudFilter DoS
Published:31.03.2010
Source:
SecurityVulns ID:10732
Type:local
Threat Level:
5/10
Affected:HP : HP-UX 11.31
CVE:CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02514 SSRT100010 rev.1 - HP-UX running AudFilter rules enabled, Local Denial of Service (DoS) (31.03.2010)

HP SOA Registry Foundation multiple security vulnerabilities
Published:31.03.2010
Source:
SecurityVulns ID:10733
Type:remote
Threat Level:
5/10
Description:Crossite scripting, code execution, privilege escalation.
Affected:HP : SOA Registry Foundation 6.63
 HP : SOA Registry Foundation 6.64
CVE:CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.)
 CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMA02490 SSRT090222 rev.1 - HP SOA Registry Foundation, Remote Unauthorized Access to Data, Cross Site Scripting (XSS), Privilege Escalation (31.03.2010)

HP Insight Control for Linux multiple security vulnerabilities
Published:31.03.2010
Source:
SecurityVulns ID:10734
Type:remote
Threat Level:
5/10
Description:Code execution, privilege escalation.
Affected:HP : Insight Control for Linux 5.0
CVE:CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors.)
 CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.)
Original documentdocumentHP, [security bulletin] HPSBMA02513 SSRT090110 rev.1 - Insight Control for Linux (IC-Linux) Remote Execution of Arbitrary Code, Local Unauthorized Elevation of Privilege (31.03.2010)

VMWare application WebAccess multiple security vulnerabilities
Published:31.03.2010
Source:
SecurityVulns ID:10735
Type:remote
Threat Level:
5/10
Description:Multiple crossite scripting vulnerabilities.
Affected:VMWARE : VMware Server 1.0
 VMWARE : VMware ESX 3.0
 VMWARE : VMware ESX 3.5
 VMWARE : VMware Server 2.0
 VMWARE : Virtual Center 2.5
 VMWARE : Virtual Center 2.0
CVE:CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.)
 CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.)
 CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability.")
 CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data.")
Original documentdocumentTrustwave Advisories, Trustwave's SpiderLabs Security Advisory TWSL2010-002 (31.03.2010)
 documentVMWARE, VMSA-2010-0005 VMware products address vulnerabilities in WebAccess (31.03.2010)

OpenDcHub buffer overflow
Published:31.03.2010
Source:
SecurityVulns ID:10736
Type:remote
Threat Level:
6/10
Description:Buffer overflow on MyINFO messages parsing.
Affected:OPENDCHUB : OpenDcHub 0.8
Original documentdocumentPierre Noguès, OpenDcHub 0.8.1 Remote Code Execution Exploit (31.03.2010)
Files:OpenDcHub 0.8.1 Remote Code Execution Exploit

Apple iTunes for Windows privilege escalation
Published:31.03.2010
Source:
SecurityVulns ID:10738
Type:remote
Threat Level:
5/10
Description:Application is launched with LocalSystem rights from user-writable folder, allowing DLL spoofing.
Affected:APPLE : iTunes 9.0
CVE:CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.)
Original documentdocumentjason_(at)_ngssoftware.com, Elevation of Privilege Vulnerability in iTunes for Windows (31.03.2010)

Varnish privilege escalation
Published:31.03.2010
Source:
SecurityVulns ID:10728
Type:local
Threat Level:
5/10
Description:There is a process executing commands with root privileges.
Affected:REDPILLLINPRO : Varnish 2.0
 VARNISH : Varnish 2.1
CVE:CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.")
Original documentdocumentTim Brown, Medium security hole in Varnish reverse proxy (31.03.2010)

Apache mod_proxy_ftp multiple security vulnerabilities
updated since 23.09.2009
Published:31.03.2010
Source:
SecurityVulns ID:10253
Type:remote
Threat Level:
6/10
Description:Denial of service, restrictions bypass.
Affected:APACHE : Apache 2.0
 APACHE : Apache 2.2
 HP : HP Secure Web Server 2.1
CVE:CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.)
 CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.)
Original documentdocumentHP, [security bulletin] HPSBOV02506 SSRT090244 rev.1 - HP Secure Web Server for OpenVMS (based on Apache) CSWS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification of Information (31.03.2010)
 documentMANDRIVA, [ MDVSA-2009:240 ] apache (23.09.2009)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 31.03.2010
Published:05.04.2010
Source:
SecurityVulns ID:10725
Type:remote
Threat Level:
9/10
Description:Multiple security vulnerability are used in-the-wild for hiddden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability.")
 CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability.")
 CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability.")
 CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability.")
 CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability.")
 CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
Original documentdocumentZDI, ZDI-10-034: Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-033: Microsoft Internet Explorer TIME2 Behavior Remote Code Execution Vulnerability (05.04.2010)
 documentIDEFENSE, iDefense Security Advisory 03.30.10: Microsoft Internet Explorer 'onreadystatechange' Use After Free Vulnerability (31.03.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182) (31.03.2010)
Files:Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182)

Oracle Sun Java multiple security vulnerabilities
updated since 31.03.2010
Published:07.04.2010
Source:
SecurityVulns ID:10737
Type:library
Threat Level:
9/10
Description:Buffer overflows on soundbank parsing, buffer overflow on images and archives parsing. Multiple code executions and privilege escalations.
Affected:SUN : JDK 1.6
 SUN : JRE 1.6
 ORACLE : JRE 6
 ORACLE : JDK 6
CVE:CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.)
 CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.)
 CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.)
 CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".)
 CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability.")
 CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.)
 CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.)
 CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
Original documentdocumentUBUNTU, [USN-923-1] OpenJDK vulnerabilities (07.04.2010)
 documentZDI, ZDI-10-057: Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-059: Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability (06.04.2010)
 documentZDI, ZDI-10-052: Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-061: Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-054: Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability (06.04.2010)
 documentZDI, ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability (05.04.2010)
 documentZDI, ZDI-10-053: Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE Unpack200 Buffer Overflow Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Pointer Vulnerability (05.04.2010)
 documentVUPEN Security Research, VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index Vulnerability (05.04.2010)
 documentSECUNIA, Secunia Research: Sun Java JDK/JRE Soundbank Resource Parsing Buffer Overflow (31.03.2010)
 documentSECUNIA, Secunia Research: Sun Java JDK/JRE Soundbank Resource Name Buffer Overflow (31.03.2010)
 documentIDEFENSE, iDefense Security Advisory 03.30.10: Oracle Java Runtime Environment Image FIle Buffer Overflow Vulnerability (31.03.2010)

Novell Netware FTP server buffer overflow
updated since 31.03.2010
Published:23.03.2011
Source:
SecurityVulns ID:10727
Type:remote
Threat Level:
6/10
Description:rmdir/mkdir/dele commands buffer overflow.
Affected:NOVELL : Netware 6.5
CVE:CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.)
 CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.)
Original documentdocumentZDI, ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability (23.03.2011)
 documentZDI, ZDI-10-062: Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities (06.04.2010)
 documentFrancis Provencher, {PRL} Novell Netware FTP Remote Stack Overflow (31.03.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod