Written от SEC в Апрель 17, 2008
Vulnerability description:
Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute abritrary code via crafted function arguments.
Patch available: No
(Читать Больше…)
Written от SEC в
Product:
fireflymediaserver: fireflymediaserver 0.2.4.1
Severity: High (7.5)
CVSS vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Potential loss type: Gain user access, Integrity, Confidentiality, Availability
Vulnerability description:
Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a large Content-Length.
(Читать Больше…)
Written от SEC в Апрель 16, 2008
Product:
libpng: libpng 1.0.10
libpng: libpng 1.0.10
libpng: libpng 1.0.11
libpng: libpng 1.0.12
libpng: libpng 1.0.13
libpng: libpng 1.0.14
libpng: libpng 1.0.15
libpng: libpng 1.0.16
libpng: libpng 1.0.17
libpng: libpng 1.0.18
libpng: libpng 1.0.19
libpng: libpng 1.0.20
libpng: libpng 1.0.21
libpng: libpng 1.0.22
libpng: libpng 1.0.23
libpng: libpng 1.0.24
libpng: libpng 1.0.25
libpng: libpng 1.0.26
libpng: libpng 1.0.27
libpng: libpng 1.0.28
libpng: libpng 1.0.29
libpng: libpng 1.0.30
libpng: libpng 1.0.31
libpng: libpng 1.0.32
(Читать Больше…)
Written от SEC в Апрель 14, 2008
Vulnerability description:
Unspecified vulnerability in Opera for Windows before 9.27 has unknown impact and attack vectors related to”keyboard handling of password inputs.”
Patch available: No
References:
http://www.opera.com/docs/changelogs/windows/927/
(Читать Больше…)
Written от SEC в Апрель 13, 2008
Vulnerability description:
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to”two minor security-related bugs.”
Patch available: No
(Читать Больше…)
Written от SEC в Апрель 12, 2008
Vulnerability description:
Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors.
Patch available: No
References:
SUNALERT: http://sunsolve.sun.com/search/document.do?assetkey=1-26-234822-1
FRSIRT: http://www.frsirt.com/english/advisories/2008/1196/references
(Читать Больше…)
Written от SEC в Апрель 10, 2008
Product:
GNU: m4 1.4.1
GNU: m4 1.4.10
GNU: m4 1.4.2
GNU: m4 1.4.3
GNU: m4 1.4.4
GNU: m4 1.4.5
GNU: m4 1.4.6
GNU: m4 1.4.7
GNU: m4 1.4.8
GNU: m4 1.4.9
Severity: High (7.5)
CVSS vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Potential loss type: Gain user access, Integrity, Confidentiality, Availability
Vulnerability description:
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
(Читать Больше…)
Written от SEC в Апрель 9, 2008
Vulnerability description:
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka”Visio Memory Validation Vulnerability.”
Patch available: No
References:
MS: http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx
(Читать Больше…)
Written от SEC в Апрель 8, 2008
Updated: 04-04-2008
Product:
Adobe: Flash
Severity: High (9.3)
CVSS vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Attack`s vector: Victim must voluntarily interact with attack mechanism
Potential loss type: Integrity, Confidentiality, Availability
Vulnerability description:
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primary DNS server.
(Читать Больше…)
Written от SEC в Апрель 5, 2008
Updated: 04-04-2008
Product:
OpenSSH: OpenSSH 4.8
Severity: Medium (4.3)
CVSS vector: (AV:L/AC:L/Au:S/C:P/I:P/A:P)
Attack`s vector: Localy exploitable
Potential loss type: Integrity, Confidentiality, Availability
Vulnerability description:
OpenSSH before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
Patch available: Yes
(Читать Больше…)