 |
HP OpenView Storage Data Protector, Local Unauthorized Access
updated: 19-Feb-10
A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be exploited to gain unauthorized access.
HP OpenView Storage Data Protector v6.00 and v6.10 are affected. Install the fix from HP.
Multiple Vulnerabilities in Cisco Unified MeetingPlace
updated: 19-Feb-10
Multiple vulnerabilities exist in Cisco Unified MeetingPlace. This security advisory outlines the details of these vulnerabilities:
* Insufficient validation of SQL commands
* Unauthorized account creation
* User and password enumeration in Cisco MeetingTime
* Privilege escalation in Cisco MeetingTime
Install the fix from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100127-mp.shtml
Multiple Vulnerabilities on SAP BusinessObjects 12
updated: 19-Feb-10
SAP BusinessObjects version 12 is vulnerable to Multiple Cross-Site Scripting (XSS), Cross Domain redirects and Server path information disclosure.
Reference
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-02
HP OpenView Network Node Manager Remote Denial of Service
updated: 19-Feb-10
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service.
HP OpenView Network Node Manager (OV NNM) v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows are affected. Install the fix from HP.
Google Chrome Pop-Up Block Menu Handling Vulnerability
updated: 19-Feb-10
A vulnerability was reported in Google Chrome 3.0.195.38, caused by a use-after-free error when trying to display a blocked pop-up window while navigating away from the current site.
Successful exploitation may allow execution of arbitrary code. Upgrade to version 4.0.249.78.
Reference
http://secunia.com/secunia_research/2009-65/
SQL injection vulnerability in Publique! Framework
updated: 19-Feb-10
A remotely exploitable vulnerability was found in the framework core component. Exploitation of this bug does not require authentication and will lead to remotely exposed potentially sensitive information from the Publique! database. Particularly, an attacker can extract usernames and passwords needed to authenticate to the administrative interface and gain full control of the web site and (depending on certain conditions) the server itself.
MS10-002 Cumulative Security Update for Internet Explorer
updated: 19-Feb-10
8 vulnerabilities were reported in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
MS10-001 Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution
updated: 19-Feb-10
A remote code execution vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) Font Engine decompresses specially crafted EOT fonts. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Windows 2000, and is rated Low for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-001.mspx
Cisco CiscoWorks IPM GIOP getProcessName Remote Code Execution Vulnerability
updated: 19-Feb-10
Cisco Internetwork Performance Monitor contains a flaw when handling of CORBA GIOP requests. By making a specially crafted getProcessName GIOP request an attacker can corrupt memory. Successful exploitation can result in a full compromise with SYSTEM credentials.
Install the update from Cisco.
Reference
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1351d.shtml
http://www.zerodayinitiative.com/advisories/ZDI-10-004
Novell ZENworks Asset Management docfiledownload Remote SQL Injection Vulnerability
updated: 19-Feb-10
Novell Zenworks contains a vulnerability, due to insufficient sanity checks on the documentID parameter to the docfiledownload component. A carefully crafted parameter can result in direct SQL access to the underlying SQL Server database which can be further leveraged by an attacker to potentially execute arbitrary code.
Install the update from Novell.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-003
http://www.novell.com/support/viewContent.do?externalId=7005128&sliceId=1
HP Power Manager "formExportDataLogs" Directory Traversal
updated: 19-Feb-10
HP Power Manager version 4.2.9 contains a vulnerability, due to an input sanitation error when handling "fileName" parameters passed to /goform/formExportDataLogs. This can be exploited to overwrite arbitrary files with almost arbitrary data via directory traversal attacks.
Successful exploitation allows execution of arbitrary code. Update to version 4.2.10.
Reference
http://secunia.com/secunia_research/2009-48/
Adobe Shockwave Player 3D Model Buffer Overflow
updated: 19-Feb-10
Adobe Shockwave Player 11.5.2.602 contains a vulnerability, caused by a boundary error when processing Shockwave 3D models. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file.
Successful exploitation allows execution of arbitrary code. Update to version 11.5.6.606 or later.
Reference
http://secunia.com/secunia_research/2009-61/
SAP WebAS Integrated ITS Remote Command Execution
updated: 19-Feb-10
Remote command execution vulnerability was reported in SAP Kernel 6.40 Patch Level < 312, SAP Kernel 7.00 Patch Level < 235 and SAP Kernel 7.01 Patch Level < 72.
By exploiting this vulnerability, an internal or external attacker would be able execute arbitrary remote commands over vulnerable SAP Web Application Servers, taking complete control of the SAP system.
Install the patch from SAP.
Reference
https://service.sap.com/sap/support/notes/1414112
Cisco IOS XR Software SSH Denial of Service Vulnerability
updated: 19-Feb-10
The SSH server implementation in Cisco IOS XR Software contains a vulnerability that an unauthenticated, remote user could exploit to cause a denial of service condition.
An attacker could trigger this vulnerability by sending a crafted SSH version 2 packet that may cause a new SSH connection handler process to crash. Repeated exploitation may cause each new SSH connection handler process to crash and lead to a significant amount of memory being consumed, which could introduce instability that may adversely impact other system functionality. During this event, the parent SSH daemon process will continue to function normally.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml
Zenoss Multiple Admin CSRF
updated: 19-Feb-10
Multiple CSRF vulnerabilities exist that can allow for arbitrary commands to be executed on the Zenoss server as well as reset the Zenoss admin password.
Adobe Acrobat Script Injection
updated: 19-Feb-10
A vulnerability exists within the Forms Data Format (FDF) built into Adobe Acrobat Reader which allows an attacker to inject JavaScript into a Portable Document Format (PDF) file from any domain on the internet. Successful exploitation of this issue results in the potential disclosure of sensitive information or other cross-domain attacks including cross-site scripting.
Adobe Reader and Acrobat 9.2 and 8.1.7 and earlier versions. Install the fix from developer.
Adobe Acrobat and Reader U3D Integer Overflow Vulnerability
updated: 19-Feb-10
A critical vulnerability was reported in Adobe Acrobat and Reader 9.2 and 8.1.7. This vulnerability is caused by an integer overflow error in the U3D module when processing malformed data, which could be exploited by attackers to
execute arbitrary code by tricking a user into opening a specially crafted PDF document.
Upgrade to version 9.3 or 8.2.
Reference
http://www.adobe.com/support/security/bulletins/apsb10-02.html
HP Discovery & Dependency Mapping Inventory Remote Unauthorized Access, Execution of Arbitrary Code
updated: 19-Feb-10
A potential security vulnerability has been identified with HP Discovery & Dependency Mapping Inventory (DDMI) running on Windows. The vulnerability could be exploited remotely to gain unauthorized access to DDMI agents and to execute arbitrary code.
HP Discovery & Dependency Mapping Inventory (DDMI) v2.0.0, v2.0.1, v2.0.2, v2.0.3, v2.0.4, v2.1.0, v2.1.1, v2.1.2, v2.1.3, v2.20, v2.21, v2.22, v2.50, v2.51, v2.52, v7.50 , v7.51 running on Windows are affected. Install the fix from HP.
SquirrelMail Multiple Vulnerabilities
updated: 19-Feb-10
Multiple vulnerabilities were found in SquirrelMail < 1.4.19 of which the worst results in remote code execution.
The vulnerabilities allow remote attackers to execute arbitrary code with the privileges of the user running the web server, to hijack web sessions via a crafted cookie, to spoof the user interface and to conduct Cross-Site Scripting and phishing attacks, via a specially crafted message.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1581
HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service
updated: 19-Feb-10
Potential security vulnerabilities have been identified with HP Web Jetadmin. The vulnerabilities could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS).
HP Web Jetadmin v10.2 and subsequent are affected. Install the fix from HP.
Google SketchUp 'lib3ds' 3DS Importer Memory Corruption
updated: 19-Feb-10
Memory corruption vulnerability was reported in Google SketchUp 7.0.10247, Google SketchUp 7.1.4871, Google SketchUp 7.1.6087 and older versions.
Successful exploitation allows remote attackers to trigger a memory corruption vulnerability by enticing an unsuspecting user to open a specially crafted 3DS file, possibly leading to arbitrary code execution.
Update to the latest version.
Reference
http://www.coresecurity.com/content/google-sketchup-vulnerability
Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability
updated: 19-Feb-10
Oracle Secure Backup contains a vulnerability in the daemon observiced.exe listening on TCP port 10000 by default. Due to the lack of bounds checking on the reverse lookup of connections to the port a stack overflow can occur leading to a complete compromise of the affected system under the credentials of the SYSTEM account.
Install the update from Oracle.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-002
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Windows Live Messenger 2009 ActiveX DoS Vulnerability
updated: 19-Feb-10
Windows Live Messenger 2009 on Windows Vista and Windows 7 contain a vulnerability, since the ActiveX Control(msgsc.14.0.8089.726.dll) Sending a string to ViewProfile(), cause a crash on msnmsgr.exe *must be signed in Msn Messenger account for triggering the vulnerability.
Adobe Illustrator Encapsulated Postscript Parsing Vulnerability
updated: 19-Feb-10
Adobe Illustrator 14.0.0 contains a vulnerability, caused by a boundary error when parsing certain content in Encapsulated Postscript files. This can be exploited to cause a buffer overflow via a specially crafted file.
Successful exploitation allows execution of arbitrary code. Install the patches to fix from the vendor.
Reference
http://www.adobe.com/support/security/bulletins/apsb10-01.html
Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
updated: 19-Feb-10
Novell iManager contains a flaw in an application called by the iManager in order to handle importing/exporting of schema information. While importing/exporting from the schema, the sub-application fails to validate the length of its arguments while copying user-supplied data into statically allocated stack buffer. This can result in code execution under the privileges of the application.
Install the update from Novell.
Reference
http://www.novell.com/support/viewContent.do?externalId=7004985&sliceId=1
http://www.zerodayinitiative.com/advisories/ZDI-10-001
Critical PowerDNS Recursor Security Vulnerabilities
updated: 19-Feb-10
Two major vulnerabilities have recently been discovered in the PowerDNS Recursor (all versions up to and including 3.1.7.1). Over the past two weeks, these vulnerabilities have been addressed, resulting in PowerDNS Recursor 3.1.7.2.
Novell Netware CIFS And AFP Remote Memory Consumption DoS
updated: 19-Feb-10
The CIFS and AFP protocols of Novell Network have a memory consumption problem when their received lot's of malformed arbitrary requests on their respective services. Sending arbitrary crafted requests to these services will consume all the memory available, create multiples abends and finally crash the whole server. It could take couple of minutes to hours (Depend of the memory available on the server). PoC exploit has been published.
NTP Denial of Service
updated: 19-Feb-10
ntp_request.c in ntpd < 4.2.4_p7-r1 does not handle MODE_PRIVATE packets correctly, causing a continuous exchange of MODE_PRIVATE error responses between two NTP daemons or causing high CPU load on a single host.
A remote, unauthenticated attacker could send a specially crafted MODE_PRIVATE packet, allowing for a Denial of Service condition (CPU and bandwidth consumption).
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability
updated: 19-Feb-10
A vulnerability was reported in PDF-XChange Viewer 2.0.42.9, due to an input validation error in PDFXCview.exe when parsing certain content and can be exploited to corrupt memory via a specially crafted PDF file.
Successful exploitation allows execution of arbitrary code when a user views a malicious PDF document. Update to version 2.044.
Reference
http://secunia.com/secunia_research/2009-64/
|
|
