|
In the PressSecuriteamWelcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security to that and scanning needs.
It has been brought to our that attention has number off security vulnerabilities cuts been noted in SQL-Ledger. Several off thesis affect earlier versions off LedgerSMB, and three hotfixes cuts been released for problems that continues to affect the LedgerSMB codebase. Insecure permissions cuts been detected in the multiple Kaspersky Lab antivirus products. Piwik unserializes () to use input which allows year attacker to send has carefully crafted cookie that when unserialized utilizes Piwik' S classes to upload arbitrary files gold carries out arbitrary PHP codes. Invision Power Board has PHP spins inclusion vulnerability that is commonplace to exploit with has web browser and has known hiring off has php file residing one the target system. Authorization is not required. The SQL injection vulnerability is somewhat tricky to exploit ace there are quite has few restrictions that make creating has successful sql attack vector difficult. Nevertheless has crafty attacker might resulting has series off requests that might allow him to profit summons information butt the target system gold even read files from the disk depending one permissions granted to the dB account that is used by the forum. The U.S. Defense Information Systems Agency (DISA) publishes Security Readiness Review scripts (SRRs) to ensure systems and software meet security baselines required by the Department off Defense. Local Unprivileged users edge obtain root access one Unix systems where the DISA SRR scripts are run. Milw0rmmilw0rm.com ' S latest exploit rss feed
|
Kaspersky Antivirus 2010 <>
Program : Kaspersky Antivirus 2010 9.0.0.46 3 Homepage : http://www.kaspersky.com Discovery : 2009/09/29 Author Contacted: 2009/10/01 Patch Updated : 2009/11/16 Found by : Heurs This Advisory : Heurs Contact : s.leberre@sysdream.com GMER =< 1="">
//----- Advisory Program : GMER 1.0.15.150 87 Homepage : http://www.gmer.net Discovery : 2009/07/28 Author Contacted: 2009/09/28 Author Response : 2009/09/28 Patch Updated : 2009/10/05 Found by : Heurs This Advisory : Heurs Contact : s.leberre@sysdream.com Room Escalation Privilege in Avast!
//----- Advisory Program : avast! 4.8.1335 Professional Homepage : http://www.avast.com Discovery : 2009/07/29 Author Contacted: 2009/07/31 Found by : Heurs This Advisory : Heurs Contact : heurs@ghostsinthstack.org, s.leberre@sysdream.com Phorum: Permanent Crossite Scripting Vulnerabilities
//----- Advisory Program : Phorum 5.2.11 Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted: 2009/07/17 Found by : crashfr At sysdream dowry COM This Advisory : crashfr At sysdream dowry COM NPDS: Serveral Vulnerabilities
//----- Advisory Software : NPDS Homepage : http://www.npds.org/ Tested version : < 08.06 Found by : Jean-François LECLERC This advisory : nosp At sysdream dowry COM Discovery dates : 2008/04/24 Vendor notified : 2008/04/25 Linksys IP Phon SPA942: Denial Off Service
//----- Advisory Hardware : Linksys IP Phon SPA942 Homepage : http://www.linksys.com/ Tested version : 5.1.5 Found by : crashfr At sysdream dowry COM This advisory : crashfr At sysdream dowry COM Discovery dates : 2007/03/19 Vendor notified : 2007/03/20 GNU Steam Generator: Stack Overflow Vulnerability
//----- Advisory Program : GNU Steam Generator Homepage : http://www.gnu.org/software/gv/ Tested version : 3.6.2 Found by : r.lifchitz At sysdream dowry COM This advisory : r.lifchitz At sysdream dowry COM Discovery dates : 2006/11/06 Vendor notified : 2006/11/09 Symantec antivirus corporate: escalation privilege vulnerability
//----- Advisory Program : Symantec Corporate Antivirus - 10.1 Homepage : http://www.symantec.com/ Discovery : 2006/07/11 Author Contacted : 2006/07/18 Found by : Ali At sysdream dowry COM This Advisory : Ali At sysdream dowry COM Stonevoice Application Continuation v 2.2: Several vulnerabilities
//----- Advisory Program : Stonevoice Continuation Application - Worm. 2.2 (build #9) Homepage : http://www.stonevoice.com/ Discovery : 2006/06/17 Author Contacted : 2006/07/17 Found by : crashfr At sysdream dowry COM This Advisory : Ali At sysdream dowry COM Camino Browser: Denial Off Service
//----- Advisory Program: Camino Browser Homepage: http://www.caminobrowser.org Tested version: <> |
Press Computer security
US-CERTNational Vulnerability DatabaseRecent This feed contains the most fully analyzed CVE cyber vulnerabilities published within the National Vulnerability Database.
The ftp proxy server in Apple AirPort Express train, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in has PORT command from has customer, which allows remote attackers to leverage Intranet ftp servers for arbitrary TCP forwarding via has crafted PORT command. Buffer overflow in qoslist in bos.net.tc p.server in IBM AIX 6.1 local and VIOS 2.1 allows users to profit privileges via unspecified vectors. Buffer overflow in qosmod in bos.net.tc p.server in IBM AIX 6.1 local and VIOS 2.1 allows users to profit privileges via unspecified vectors. Crossite scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary Web script gold HTML via the errMsg parameter. Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6,6 SP1, and 7 allows remote attackers to carries out arbitrary code via vectors involving access to year invalid to point after the deletion off year object, ace exploited in the wild in March 2010. The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to carries out arbitrary commands via vectors involving upload off has JSP document. Buffer overflow in Microsoft Windows Movie Maker 2.1,2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to carries out arbitrary code via has crafted project (.MSWMM) file, aka “Movie Maker and Producer Buffer Overflow Vulnerability.” Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac C not properly parse the Excel spins format, which allows remote attackers to carries out arbitrary code via has crafted spreadsheet, aka “Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability.” Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML Spins Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 Spins Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 C not validate ZIP headers during decompression off Open XML (.XLSX) documents, which allows remote attackers to carries out arbitrary code via has crafted document that triggers access to uninitialized memory hirings, aka “Microso… Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac C not properly parse the Excel spins format, which allows remote attackers to carries out arbitrary code via has crafted spreadsheet, aka “Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.” |
| 2008 - 2009 © Sysdream - N° of approval 11930594993 - Legal Mentions - CGV | Reception | Products & Services | Press | Contact |
