<< Previous Next >>
reporter
libmng zip archives >= 01010x
Firefox, N/A
Credit: vulnerability report received from Chris Evans <cevans [at] google
[dot] com>, Google Security Team.
CVE: CVE-2009-0723 (integer overflows), CVE-2009-0581 (memory leak),
CVE-2009-0733 (lack of upper-ground checks on size)
Availability Impact - Complete
CVSS Temporal Score - 7.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* ANM invalid directory permissions (CSCsv70130)
CVSS Base Score - 9.0
Access Vector - Network
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsm26841 - Crafted TLS Packet Vulnerability
CVSS Base Score - 7.8
.text:00405C54 and ecx, 3
- -----------/
*Report Timeline*
. 2008-01-30: Initial contact email sent by to Wonderware setting the
estimated publication date of the advisory to February 25th.
. 2008-01-30: Contact email re-sent to Wonderware asking for a software
security contact for Wonderware InTouch.
SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01109617
Version: 2
HPSBMA02238 SSRT061260 rev.2 - HP OpenView Reporter Running Shared Trace Service, Remote Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-08-07
Last Updated: 2007-10-30
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01109617
Version: 1
HPSBMA02238 SSRT061260 rev.1 - HP OpenView Reporter Running Shared Trace Service, Remote Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-08-07
Last Updated: 2007-08-07
Fixed version:
Free Simple CMS, N/A
Credit: vulnerability report received from Evan Pitstick, SecureWorks.
CVE: N/A
Timeline:
DSECRG-11-003 (Internal DSECRG-00145) SAP Crystal Report Server 2008 - Directory Traversal
Directory traversal vulnerability discovered in the module PerformanceManagement application SAP Crystal Report Server 2008, which allows you to read any file on the OS.
Application: SAP Crystal Report Server 2008
Versions Affected: SAP Crystal Report Server 2008
Vendor URL: http://sap.com
Bugs: Directory Traversal File Read
Exploits: YES
Reported: 29.03.2010
Vendor response: 30.03.2010
[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS
SAP Crystal Report Server 2008 - multiple cross-site scripting vulnerabilities.
SAP Crystal Report Server 2008 - Multiple cross-site scripting vulnerabilities. [DSecRG-11-011] (Internal DSECRG-00147)
Multiple XSS vulnerabilities found in the module PerformanceManagement application SAP Crystal Report Server 2008. An attacker can intercept the cookie administrator or regular user of the system.
Application: SAP Crystal Report Server 2008
>> [Base_URL]/plugins/vkeyboard/vkeyboard.php?passformname=%22%3E%3Cscript%3Ealert%28%27XSS%27%29;%3C/script%3E%3Cscript%3E/*%20
>
> 'Virtual Keyboard' installations can be found using this 'Google dork':
>> http://google.com/search?hl=en&safe=off&filter=0&q=inurl%3A%22vkeyboard.php%22
>
> This vulnerability was originally reported in early May 2010.
> A suitable update fixing this issue, Virtual Keyboard v0.9.2 for
> Squrrelmail 1.4.x, has been provided to the Squirrelmail developers and
> me by Daniel Kobayashi Imori of Bastion Systems (the original developer
> of this plugin) in early June 2010 and is attached to this email -
> thanks Daniel. The Squirrelmail team has not yet made it to update this
- -----/
9. *Report Timeline*
. 2010-04-08:
Core Security Technologies notifies the iManager team of the
vulnerability and announces its initial plan to publish the advisory
on May 3rd, 2010.
wget N/A
libwww-perl >= 5.835
Credit: Vulnerability discovered and reported by Hank Leininger and Solar
Designer under the Openwall Project, with further analysis by
Daniele Bianco of oCERT.
CVE: N/A
8.1. *URLMON sniffing vulnerability*
In CoreLabs Security Advisory CORE-2008-0826 [2] a vulnerability that
allowed attackers to gain access to any file on the local filesystem of
a computer running vulnerable versions of Internet Explorer was
disclosed. During the vulnerability reporting process Core provided
Proof-of-Concept code to the vendor that successfully exploited the bug
on Internet Explorer 8 which at the time was deemed not vulnerable by
Microsoft because the bug had been patched prior to RTM. Upon further
investigation, the vendor determined that the proof-of-concept provided
by Core was actually exploiting a different bug than the one originally
CVSS Temporal Score - 7.8
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtc59231/CSCtd40661 - Unauthorized account creation
CVSS Base Score - 10
construction.
Both software packages have released fixed versions which limit the allowed
object count to a domain specific value.
A detailed analysis by the reporter can be found in the References.
Affected version:
Poppler < 0.12.1
mimeTeX, mimetex.zip (2009/07/13)
mathTeX, mathtex.zip (2009/07/13)
Credit: vulnerability report received from Chris Evans <cevans [at] google
[dot] com> (mimetex) and Damien Miller <djm [at] google [dot] com>
(mathtex), Google Security Team.
CVE: CVE-2009-1382 (mimetex), CVE-2009-1383 (mathtex)
I am used to stupid answers. However what happened here bears no description.
Short Guerilla Version of the Timeline (complete timeline below):
-------------------------------------------------------------------
- Hey Thierry sorry, we did not get your report, we'll keep you updated!
We have IBM written on the proventia boxes but don't send reports to IBM!!
- Post official statement to IBM website that IBM is NOT affected and
forgetting to inform Thierry
TZ> I am used to stupid answers. However what happened here bears no description.
TZ> Short Guerilla Version of the Timeline (complete timeline below):
TZ> -------------------------------------------------------------------
TZ> - Hey Thierry sorry, we did not get your report, we'll keep you updated!
TZ> We have IBM written on the proventia boxes but don't send reports to IBM!!
TZ> - Post official statement to IBM website that IBM is NOT affected and
TZ> forgetting to inform Thierry
TZ>> I am used to stupid answers. However what happened here bears no description.
TZ>> Short Guerilla Version of the Timeline (complete timeline below):
TZ>> -------------------------------------------------------------------
TZ>> - Hey Thierry sorry, we did not get your report, we'll keep you updated!
TZ>> We have IBM written on the proventia boxes but don't send reports to IBM!!
TZ>> - Post official statement to IBM website that IBM is NOT affected and
TZ>> forgetting to inform Thierry
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsw40789 - SSH connections denial of service vulnerability
+-----------------------------------------------------
CVSS Base Score - 7.8
Unfortunately oCERT has been unable to get feedback from AjaxTerm maintainers
and the package seems unmaintained, it's therefore suggested to avoid AjaxTerm
usage on production or any environment where strong security is needed.
Credit: Initial vulnerability report provided by Michael Greb <mgreb [at]
linode [dot] com>.
CVE: N/A
Timeline:
__text:00053DBC b loc_53DF8
- -----------/
9. *Report Timeline*
. 2009-04-20:
Core Security Technologies notifies the StoneTrip team of
the vulnerability and announces its initial plan to publish the content
on May 18th, 2009.
Availability Impact - Complete
CVSS Temporal Score - 5.0
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* Crash handling invalid post for webauth (CSCsq44516)
CVSS Base Score - 6.1
Access Vector - Adjacent Network
Availability Impact - None
CVSS Temporal Score - 5.9
Exploitability - Functional
Remediation Level - Official Fix
Report Confidence - Confirmed
PXE Encryption Phishing Vulnerabilities - IronPort Bug 8149
CVSS Base Score - 6.1
Access Vector - Network
Summary
Metrica Service Assurance Framework implements a distributed,
object-oriented, J2EE-based architecture. It work with a Web-based
user interfaces, from end-user report generation to detailed system
administration and configuration.
***********************************************************************
Vulnerability Detail
Please remove this wrong report (no crash happens as reported and Pi3Web version 2.013 doesn't exist at all!!!) and inform all sites copying information from your site about the removal.
I am very disapointed about the fact, that such reports are published without contacting software vendors or any attempt of verification/reproduction of reported issues.
Unfortunately the published reports are copied by the whole "internet security community" within days (google for "Pi3Web ISAPI DoS vulnerability"). But a correction of an once reported issue is never copied. As representant of a small open source project without budget I can only contact a handful of security sites in order to comment a wrong report.
But I can never repair the image demolition resulting from such false reports.
Therefore I will close the open source project Pi3Web for that reason, because wrong reports happened multiple times in the past.
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCsg91306 - processor pool memory corruption in CCSIP_SPI_CONTROL
CVSS Base Score - 7.8
Fixed version:
MPlayer, N/A
Credit: vulnerability report, patch and PoC code received from Felipe Andres
Manzano <fmanzano [at] fceia [dot] unr [dot] edu [dot] ar>.
CVE: CVE-2008-3827
Timeline:
Anzio Web Print Object (WePO) is a Windows ActiveX web page component
that, when placed on a web page can "push" a print job from a file or
web server to a user's local printer without having to display the HTML
equivalent to that user. By placing WePO code on a web page, you can
provide a method whereby the viewer of that web page can request a local
print of a host resident print job, archived print job or a report
stream through a server-side script request.
Anzio Web Print Object is vulnerable to a buffer overflow attack, which
can be exploited by remote attackers to execute arbitrary code, by
providing a malicious web page with a long "mainurl" parameter for the
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
CSCtd16938 - WLC crash after passing invalid arguments to emweb
CVSS Base Score - 6.8
<<Previous Next>>
|
