Computer Security
[EN] securityvulns.ru no-pyccku


Intuit QuickBook сode execution
Published:02.04.2012
Source:
SecurityVulns ID:12294
Type:client
Threat Level:
5/10
Description:Code execution and memory corruption in intu-help-qb5: protocol handler.
Affected:INTUIT : QuickBooks 2012
Original documentdocumentds.adv.pub_(at)_gmail.com, Intuit Help System Protocol URL Heap Corruption and Memory Leak (02.04.2012)
 documentds.adv.pub_(at)_gmail.com, Intuit Help System Protocol File Retrieval (02.04.2012)

PHP DoS
Published:02.04.2012
Source:
SecurityVulns ID:12295
Type:library
Threat Level:
5/10
Description:Resouces exhaustion on POSIX regular expressions functions.
Affected:PHP : PHP 5.3
 PHP : PHP 5.4
Original documentdocumentcxib_(at)_cxsecurity.com, PHP 5.4/5.3 deprecated eregi() memory_limit bypass (02.04.2012)

Cisco IOS multiple security vulnerabilities
Published:02.04.2012
Source:
SecurityVulns ID:12298
Type:remote
Threat Level:
7/10
Description:Multiple DoS conditions.
Affected:CISCO : IOS 12.2
 CISCO : IOS 15.0
 CISCO : IOS 15.1
 CISCO : IOS 15.2
 CISCO : IOS XE 3.3
 CISCO : IOS XE 3.2
 CISCO : IOS XE 3.4
 CISCO : IOS XE 3.5
CVE:CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.)
 CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.)
 CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643.)
 CVE-2012-0386 (The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064.)
 CVE-2012-0385 (The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.)
 CVE-2012-0383 (Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326.)
 CVE-2012-0381 (The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco IOS Software Reverse SSH Denial of Service Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Internet Key Exchange Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability (02.04.2012)
 documentCISCO, Cisco Security Advisory: Cisco IOS Software RSVP Denial of Service Vulnerability (02.04.2012)

TrendNet SecurView ActiveX buffer overflow
Published:02.04.2012
Source:
SecurityVulns ID:12299
Type:client
Threat Level:
5/10
Description:UltraMJCam control buffer overflow.
Affected:TRENDNET : SecurView TV-IP121WN
Original documentdocumentrgod, TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow (02.04.2012)

Quest InTrust ActiveX buffer overflows
Published:02.04.2012
Source:
SecurityVulns ID:12300
Type:client
Threat Level:
5/10
Description:ArDoc.dll and AnnotateX.dll buffer overflows.
Affected:QUEST : InTrust 10.4
Original documentdocumentrgod, Quest InTrust 10.4.x ReportTree and SimpleTree Classes ArDoc.dll ActiveX Control Remote File Creation / Overwrite Vulnerability (02.04.2012)
 documentrgod, Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution (02.04.2012)

D-Link SecuriCam ActiveX buffer overflow
Published:02.04.2012
Source:
SecurityVulns ID:12301
Type:client
Threat Level:
5/10
Description:Buffer overflow in DcsCliCtrl.dll control.
Affected:DLINK : SecuriCam DCS-5605
Original documentdocumentrgod, D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability (02.04.2012)

HP-UX WBEM unauthorized access
Published:02.04.2012
Source:
SecurityVulns ID:12302
Type:remote
Threat Level:
5/10
CVE:CVE-2012-0126 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.)
 CVE-2012-0125 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126.)
Original documentdocumentHP, [security bulletin] HPSBUX02755 SSRT100667 rev.1 - HP-UX WBEM, Remote Unauthorized Access to Diagnostic Data (02.04.2012)

Wireshark multiple security vulnerabilities
Published:02.04.2012
Source:
SecurityVulns ID:12303
Type:remote
Threat Level:
5/10
Description:DoS via ANSI A, IEEE 802.11, MP2T protocols.
Affected:WIRESHARK : Wireshark 1.6
Original documentdocumentMANDRIVA, [ MDVSA-2012:042 ] wireshark (02.04.2012)

expat security vulnerability
Published:02.04.2012
Source:
SecurityVulns ID:12304
Type:library
Threat Level:
5/10
Description:Memory leaks, predictable hash function.
Affected:EXPAT : expat 2.0
CVE:CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.)
 CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:041 ] expat (02.04.2012)

OpenSSL security vulnerabilities
Published:02.04.2012
Source:
SecurityVulns ID:12306
Type:remote
Threat Level:
5/10
Description:DoS, CMS implementation vulnerabilities.
Affected:OPENSSL : OpenSSL 0.9
 OPENSSL : OpenSSL 1.0
CVE:CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.)
 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:038 ] openssl (02.04.2012)

Quake 3 / ioquake3 traffic amplification vulnerability
Published:02.04.2012
Source:
SecurityVulns ID:12307
Type:library
Threat Level:
5/10
Description:Source of getstatus UDP message is not checked.
Affected:IOQUAKE : ioquake3 1.36
 OPENARENA : OpenArena 0.8
 WORLDOFPADMAN : World of Padman 1.5
 WORLDOFPADMAN : Tremulous 1.1
CVE:CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.)
Original documentdocumentSimon McVittie, Traffic amplification via Quake 3-based servers (02.04.2012)

libzip securitty vulnerabilities
updated since 25.03.2012
Published:02.04.2012
Source:
SecurityVulns ID:12285
Type:library
Threat Level:
6/10
Description:Buffer overflow and integer overflow on zip files parsing.
Affected:LIBZIP : libzip 0.10
CVE:CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.)
 CVE-2012-1162 (Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct.")
Original documentdocumentTimo Warns, [PRE-SA-2012-02] Incorrect loop construct and numeric overflow in libzip (02.04.2012)
 documentMANDRIVA, [ MDVSA-2012:034 ] libzip (25.03.2012)

raptor library (libreoffice / openoffice) file injection
updated since 26.03.2012
Published:02.04.2012
Source:
SecurityVulns ID:12287
Type:library
Threat Level:
5/10
Description:It's possible to inject file via XML
Affected:RAPTOR : raptor 1.4
CVE:CVE-2012-0037 (Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.)
Original documentdocumentVSR Advisories, CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) (02.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2438-1] raptor security update (26.03.2012)

VMWare privilege escalation
updated since 02.04.2012
Published:09.04.2012
Source:
SecurityVulns ID:12293
Type:local
Threat Level:
7/10
Description:It's possible to manipulate emulated ROM via backdoor interface.
Affected:VMWARE : VMware Server 1.0
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Workstation 7.1
 VMWARE : VMware ESXi 4.1
CVE:CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.)
Original documentdocumentVMWARE, VMSA-2012-0006 VMware ESXi and ESX address several security issues (09.04.2012)
 documentds.adv.pub_(at)_gmail.com, VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation (02.04.2012)

Linux kernel multiple security vulnerabilities
updated since 02.04.2012
Published:26.04.2012
Source:
SecurityVulns ID:12305
Type:local
Threat Level:
6/10
Description:DoS, information leakage, privilege escalation.
Affected:LINUX : kernel 2.6
CVE:CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.)
 CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events.)
 CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.)
 CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.)
 CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.)
 CVE-2012-0045 (The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.)
 CVE-2011-4347 (The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.)
 CVE-2011-3347 (A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.)
 CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.)
 CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).)
Original documentdocumentUBUNTU, [USN-1406-1] Linux kernel vulnerabilities (26.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2443-1] linux-2.6 security update (02.04.2012)

HP Performance Manager security vulnerabilities
updated since 02.04.2012
Published:24.06.2012
Source:
SecurityVulns ID:12297
Type:remote
Threat Level:
5/10
Description:DoS, code execution.
Affected:HP : HP Performance Manager 9.00
CVE:CVE-2012-0127 (Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentZDI, ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability (24.06.2012)
 documentHP, [security bulletin] HPSBMU02756 SSRT100596 rev.1 - HP Performance Manager Running on HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) (02.04.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod