Computer Security
[EN] securityvulns.ru no-pyccku


OpenOffice / LibreOffice DoS
Published:02.11.2012
Source:
SecurityVulns ID:12689
Type:local
Threat Level:
4/10
Description:NULL pointer dereference on different formats parsing.
Affected:LIBREOFFICE : LibreOffice 3.5
 OPENOFFICE : OpenOffice 3.5
CVE:CVE-2012-4233 (LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll.)
Original documentdocumentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in LibreOffice (02.11.2012)

Cisco Unified MeetingPlace Web Conferencing security vulnerabilities
Published:02.11.2012
Source:
SecurityVulns ID:12691
Type:remote
Threat Level:
6/10
Description:Buffer overflow, SQL injection.
Affected:CISCO : Unified MeetingPlace 7.1
 CISCO : Unified MeetingPlace 8.5
CVE:CVE-2012-5416 (Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before 7.1MR1 Patch 1, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 allows remote attackers to cause a denial of service (daemon hang) via unspecified parameters in a POST request, aka Bug ID CSCua66341.)
 CVE-2012-0337 (SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.)
Files:Multiple Vulnerabilities in Cisco Unified MeetingPlace Web Conferencing

Konqueror memory corruptions
Published:02.11.2012
Source:
SecurityVulns ID:12692
Type:client
Threat Level:
5/10
Description:Few different memory corruptions.
Affected:KDE : Konqueror 4.7
CVE:CVE-2012-4515 (Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.)
 CVE-2012-4514 (rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part.")
 CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.)
 CVE-2012-4512
Original documentdocumentTim Brown, Nth Dimension Security Advisory (NDSA20121010) (02.11.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.11.2012
Source:
SecurityVulns ID:12693
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INVISION : Invision Power Board 3.3
 VAM : VaM Shop 1.69
 DOKEOS : Dokeos 2.1
 NETCAT : NetCat CMS 5.0
 PGDATING : PG Dating Pro 1.0
 PRESTASHOP : PrestaShop 1.5
Original documentdocumentn0b0d13s_(at)_gmail.com, [CVE-2012-5692] Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution Vulnerability (02.11.2012)
 documentDavid Sopas, PrestaShop <= 1.5.1 Persistent XSS (02.11.2012)
 documentVulnerability Lab, NetCat CMS v5.0.1 - Multiple Web Vulnerabilities (02.11.2012)
 documentVulnerability Lab, PG Dating Pro v1.0 CMS - Multiple Web Vulnerabilities (02.11.2012)
 documentVulnerability Lab, VaM Shop v1.69 - Multiple Web Vulnerabilities (02.11.2012)
 documentmarcelavbx_(at)_gmail.com, XSS in dokeos 2.1.1 (02.11.2012)

Cisco Prime Data Center Network Manager code execution
updated since 02.11.2012
Published:09.05.2013
Source:
SecurityVulns ID:12690
Type:remote
Threat Level:
6/10
Description:TCP/1099 and TCP/9099 services code execution.
Affected:CISCO : Prime Data Center Network Manager 6.1
CVE:CVE-2012-5417 (Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.)
Original documentdocumentCISCO, [2.0 Update] Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability (09.05.2013)
Files:Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod