Computer Security
[EN] securityvulns.ru no-pyccku


VMware privilege escalation
Published:31.03.2011
Source:
SecurityVulns ID:11546
Type:local
Threat Level:
5/10
Description:It's possible to elevate privileges via shared library spoofing.
Affected:VMWARE : VMware Workstation 6.5
 VMWARE : VMware Workstation 7.1
CVE:CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.)
Original documentdocumentVMWARE, VMSA-2011-0006 VMware vmrun utility local privilege escalation (31.03.2011)

Cisco Network Access Control Guest Server System Software Authentication Bypass
Published:31.03.2011
Source:
SecurityVulns ID:11548
Type:remote
Threat Level:
5/10
Description:Unauthenticated access to protected network is possible.
Affected:CISCO : NAC Guest Server 2.0
CVE:CVE-2011-0963 (The default configuration of the RADIUS authentication feature on the Cisco Network Access Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability (31.03.2011)

Cisco Secure Access Control System privilege escalation
Published:31.03.2011
Source:
SecurityVulns ID:11549
Type:local
Threat Level:
5/10
Description:It's possible to reset any user's password.
CVE:CVE-2011-0951 (The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability (31.03.2011)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.03.2011
Source:
SecurityVulns ID:11543
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MAHARA : mahara 1.2
 MAXSITE : MaxSite Anti Spam Image 0.6
 COLLABTIVE : Collabtive 0.6
 FENGOFFICE : Feng Office 1.7
 TINE20 : Tine 2.0
 INTERRA : InTerra Blog Machine 1.84
 WESPADIGITAL : WESPA PHP Newsletter 3.0
 TRACKS : Tracks 1.7
 GRAPECITY : Grapecity DataDynamics Report Library 1.6
 APHPKB : Andy's PHP Knowledgebase 0.95
CVE:CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.)
 CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.)
 CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.)
Original documentdocumentMark Stanislav, 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546) (31.03.2011)
 documentDEBIAN, [SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities (31.03.2011)
 documentdavid.daly_(at)_dionach.com, DataDynamics Report Library CoreHandler XSS (31.03.2011)
 documentNetsparker Advisories, XSS Vulnerability in Tracks 1.7.2 (31.03.2011)
 documentcseye_ut_(at)_yahoo.com, "WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path (31.03.2011)
 documentcseye_ut_(at)_yahoo.com, "Simple PHP Newsletter" Remote Admin Password Change With install path (31.03.2011)
 documentcseye_ut_(at)_yahoo.com, "WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path (31.03.2011)
 documentcseye_ut_(at)_yahoo.com, "Simple PHP Newsletter" Remote Admin Password Change With install path (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22931: XSS vulnerability in InTerra Blog Machine (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22909: Path disclosure in Tine 2.0 (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22910: XSRF (CSRF) in Feng Office (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22908: XSRF (CSRF) in Collabtive (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22906: XSS vulnerabilities in Collabtive (31.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22907: Directory Traversal in Collabtive (31.03.2011)
 documentMustLive, Уязвимость в MaxSite Anti Spam Image (31.03.2011)

BSD systems / Solaris port hijacking
Published:31.03.2011
Source:
SecurityVulns ID:11545
Type:local
Threat Level:
5/10
Description:User can open port with specified interface address if it's already open by another application without interface address.
Affected:ORACLE : Solaris 10
Original documentdocumentChris O'Regan, Solaris 10 Port Stealing Vulnerability (31.03.2011)

OpenLDAP vulnerabilities
Published:31.03.2011
Source:
SecurityVulns ID:11547
Type:remote
Threat Level:
5/10
Description:Authentication bypass, DoS.
Affected:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.)
 CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:055 ] openldap (31.03.2011)

EMC Replication Manager code execution
updated since 14.02.2011
Published:31.03.2011
Source:
SecurityVulns ID:11428
Type:remote
Threat Level:
7/10
Description:Command execution via TCP/6542 service.
Affected:EMC : EMC Replication Manager 5.2
 EMC : EMC NetWorker Module for Microsoft Applications 2.3
CVE:CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.)
Original documentdocumentEMC, ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications (31.03.2011)
 documentZDI, ZDI-11-061: EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability (14.02.2011)
 documentEMC, ESA-2011-004: EMC Replication Manager remote code execution vulnerability (14.02.2011)

GNOME Desktop Manager privilege escalation
Published:31.03.2011
Source:
SecurityVulns ID:11544
Type:local
Threat Level:
5/10
Description:root privileges are not dropped on files access.
Affected:GNOME : gdm3 2.30
CVE:CVE-2011-0727 (GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2205-1] gdm3 security update (31.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod