Home » 2009 » April » 29
[security bulletin] HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01723303
Version: 1

HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-04-27
Last Updated: 2009-04-27

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code.

References: CVE-2008-2438

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows

BACKGROUND

CVSS 2.0 ... Read more »
Views: 1815 | Added by: Siegh_Wahrhreit | Date: 29 April 2009 | Comments (0)

DDIVRT-2009-24 Precidia Ether232 Memory Corruption
Title
-----
DDIVRT-2009-24 Precidia Ether232 Memory Corruption

Severity
--------
Medium

Date Discovered
---------------
March 10th, 2009

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and princeofnigeria and r@b13$

Vulnerability Description
-------------------------
Certain Precidia Ether232 devices contain memory overwrite and authentication flaws.

By making malformed GET requests to the built-in web server on certain Precidia Ether232 devices, it is possible to arbitrarily overwrite memory on the device and cause unknown impact.

Solution Description
--------------------
At this point in time, Precidia Technologies has not provided a firmware upgrade addressing the memory corruption flaw. As a workaround, Precidia Technologies suggests that users disable the web server on the device through the serial or telnet configuration inte ... Read more »
Views: 8342 | Added by: Siegh_Wahrhreit | Date: 29 April 2009 | Comments (0)

[TZO-15-2009] Aladdin eSafe generic bypass - Forced release

 From the low-hanging-fruit-department - Aladdin eSafe bypass/evasion
______________________________
________________________________________

Release mode: Forced relaese, vendor has not replied.
Ref         : TZO-152009 - Aladdin eSafe Generic Evasion
WWW         : http://blog.zoller.lu/2009/04/aladdin-esafe-generic-evasion-bypass.html
Status      : Not patched
Vendor      : http://www.aladdin.com
Security notification reaction rating : Catastrophic
(vendor visited specific url at my website but has not reacted)

Disclosure Policy :
http://blog.zoller.lu/2008/09/ ... Read more »
Views: 9022 | Added by: Siegh_Wahrhreit | Date: 29 April 2009 | Comments (0)

[TZO-13-2009] Avira Antivir generic CAB evasion / bypass

Thierry Zoller

 to NTBUGTRAQ, bugtraq, full-d
From the low-hanging-fruit-department - Avira antivir bypass/evasion
______________________________
________________________________________

Release mode: Coordinated but limited disclosure.
Ref         : TZO-132009 - Avira Antivir evasion CAB
WWW         : http://blog.zoller.lu/200 ... Read more »
Views: 8746 | Added by: Siegh_Wahrhreit | Date: 29 April 2009 | Comments (0)

MataChat Cross-Site Scripting Vulnerabilities

IrIsT.Ir@gmail.com

 to bugtraq
a bug in MataChat that allows to us to occur a Cross-Site Scripting on a Remote machin.
this bug tested with the Vulnerable Software All Ver.
------------------------------
--------------------


######################################################################################################
#                                                                       &nbs ... Read more »
Views: 8502 | Added by: Siegh_Wahrhreit | Date: 29 April 2009 | Comments (0)

close