Computer Security
[EN] securityvulns.ru no-pyccku


Apple Mac OS X multiple security vulnerabilities
updated since 24.09.2012
Published:01.10.2012
Source:
SecurityVulns ID:12597
Type:library
Threat Level:
8/10
Description:Multiple vulnerabilities in different subsystems.
Affected:APPLE : MacOS X 10.7
 APPLE : MacOS X 10.8
CVE:CVE-2012-3723 (Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.)
 CVE-2012-3722 (The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.)
 CVE-2012-3721 (Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors.)
 CVE-2012-3720 (Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account.)
 CVE-2012-3719 (Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.)
 CVE-2012-3718 (Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.)
 CVE-2012-3716 (CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.)
 CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.)
 CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.)
 CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.)
 CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.)
 CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.)
 CVE-2012-0650 (Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.)
 CVE-2012-0643 (The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.)
 CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.)
 CVE-2011-3048 (The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.)
 CVE-2011-3026 (Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.)
Original documentdocumentNCC Group Research, NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution (01.10.2012)
 documentAPPLE, APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 (24.09.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:01.10.2012
Source:
SecurityVulns ID:12598
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JOOMLA : Joomla 2.5
 WORDPRESS : Wordpress Download Monitor 3.3
 MICROCART : Microcart 1.0
 WORDPRESS : MF Gig Calendar 0.9
 OSSECWUI : ossec-wui 0.3
 ATLASSIAN : Confluence 3.0
CVE:CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.)
 CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.)
 CVE-2012-4241 (Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3) first_name, (4) last_name, (5) cc, (6) exp, (7) cvv, (8) address1, (9) address2, (10) city, (11) state, (12) zip, (13) phone, or (14) email parameter to checkout.php, which is not properly handled in an error message.)
Original documentdocumentsschurtz_(at)_darksecurity.de, Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities (01.10.2012)
 documentRobert Gilbert, [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities (01.10.2012)
 documentA. Ramos, XSS in OSSEC wui 0.3 (01.10.2012)
 documentJoseph Sheridan, Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability (01.10.2012)
 documentJoseph Sheridan, Microcart 1.0 _Admin Cross-Site Scripting Security Vulnerability (01.10.2012)
 documentJoseph Sheridan, MF Gig Calendar Wordpress Plugin - Cross-Site Scripting (01.10.2012)
 documentJoseph Sheridan, Wordpress Download Monitor - Download Page Cross-Site Scripting (01.10.2012)
 documentMustLive, Multiple vulnerabilities in IFOBS (01.10.2012)
 documentMustLive, BF and XSS vulnerabilities in IFOBS (01.10.2012)
 documentMustLive, CSRF and XSS vulnerabilities in IFOBS (01.10.2012)

Smartfren Connex weak permissions
Published:01.10.2012
Source:
SecurityVulns ID:12599
Type:local
Threat Level:
5/10
Description:Weak permissions for executable files lead to privilege escalation.
Affected:SMARTFREN : Connex EC1261-2 UI
Original documentdocumentX-Cisadane, Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability (01.10.2012)

xinitd restrictions bypass
Published:01.10.2012
Source:
SecurityVulns ID:12600
Type:remote
Threat Level:
6/10
Description:tcpmux invalid service type check
Affected:XINETD : xinetd 2.3
CVE:CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.)
Original documentdocumentMANDRIVA, CVE-2012-0862 (01.10.2012)

Apache security vulnerabilities
Published:01.10.2012
Source:
SecurityVulns ID:12601
Type:remote
Threat Level:
5/10
Description:mod_negotiation crossite scripting, local shared library privilege escalation
Affected:APACHE : Apache 2.4
CVE:CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.)
 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:154 ] apache (01.10.2012)

Cisco IOS multiple security vulnerabilities
Published:01.10.2012
Source:
SecurityVulns ID:12602
Type:remote
Threat Level:
7/10
Description:Multiple DoS conditions in different protocols implementations.
Affected:CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : IOS XE 2.1
 CISCO : IOS XE 2.2
 CISCO : IOS XE 2.3
 CISCO : IOS XE 2.4
 CISCO : IOS 15.0
 CISCO : IOS 15.1
 CISCO : IOS XE 2.5
 CISCO : IOS XE 2.6
 CISCO : IOS XE 3.1
 CISCO : IOS 15.2
 CISCO : IOS XE 3.3
 CISCO : IOS XE 3.2
 CISCO : IOS XE 3.4
 CISCO : IOS XE 3.5
CVE:CVE-2012-4623 (The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723.)
 CVE-2012-4621 (The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.)
 CVE-2012-4620 (Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808.)
 CVE-2012-4618 (The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.)
 CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914.)
 CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976.)
 CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.)
Files:Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability
 Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability
 Cisco IOS Software Network Address Translation Vulnerabilities
 Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability
 Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability
 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
 Cisco IOS Software DHCP Denial of Service Vulnerability

Cisco Catalyst switches DoS
Published:01.10.2012
Source:
SecurityVulns ID:12603
Type:remote
Threat Level:
6/10
Description:Crash on malformed packet parsing.
Affected:CISCO : Catalyst 4500E
CVE:CVE-2012-4622 (Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.)
Files:Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability

Cisco Unified Communications Manager DoS
Published:01.10.2012
Source:
SecurityVulns ID:12604
Type:remote
Threat Level:
5/10
Description:Crash on SIP parsing.
Affected:CISCO : Unified Communications Manager 7.1
 CISCO : Unified Communications Manager 8.5
 CISCO : Unified Communications Manager 8.6
CVE:CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.)
Files:Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

Transmission crossite scripting
Published:01.10.2012
Source:
SecurityVulns ID:12605
Type:local
Threat Level:
3/10
Description:Transmission web client crossite scripting
CVE:CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.)
Original documentdocumentUBUNTU, [USN-1584-1]Transmission vulnerability (01.10.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod