Computer Security
[EN] securityvulns.ru no-pyccku


glibc multiple security vulnerabilities
Published:04.12.2011
Source:
SecurityVulns ID:12065
Type:library
Threat Level:
8/10
Description:Privilege escalation via shared libraries, fnmatch() buffer overflow, DoS conditions, crypt() blowfish weak ecnryption implementation.
Affected:GNU : glibc 2.12
CVE:CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.)
 CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.)
 CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.)
 CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function.)
 CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.)
 CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome.)
 CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:178 ] glibc (04.12.2011)

FreeBSD libc code execution
Published:04.12.2011
Source:
SecurityVulns ID:12067
Type:library
Threat Level:
9/10
Description:lib/nss_compat.so.1 library in chroot environment is loaded. Vulnerability is used in-the-wild remotely against FTP-servers.
Affected:FREEBSD : FreeBSD 6.4
 FREEBSD : FreeBSD 8.1
 FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 8.2
Files:FreeBSD ftpd/ProFTPD remote exploit

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 04.12.2011
Published:05.12.2011
Source:
SecurityVulns ID:12064
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ROUNDCUBE : RoundCube 0.6
 ARIADNECMS : Ariadne 2.7
 PHPWARES : PHP Inventory 1.3
 WIKKA : WikkaWiki 1.3
 SUGARCRM : SugarCRM 6.3
 ORANGEGRM : OrangeHRM 2.6
 CLEARSILVER : clearsilver 0.10
 JCRYPTON : jCryption 1.2
 ELLISLAB : ExpressionEngine 2.2
 ELLISLAB : CodeIgniter 2.0
CVE:CVE-2011-4448 (SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.)
 CVE-2011-4357 (Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.)
 CVE-2011-4025
 CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.)
 CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.)
 CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Original documentdocumentmarian.ventuneac_(at)_gmail.com, MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter (05.12.2011)
 documentNick Freeman, Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits (05.12.2011)
 documentDaniel Roethlisberger, Insecure RSA Encryption in jCryption, PEAR Crypt_RSA and Crypt_RSA2 (05.12.2011)
 documentDEBIAN, [SECURITY] [DSA 2355-1] clearsilver security update (05.12.2011)
 documentAmir_(at)_irist.ir, Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities (04.12.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in OrangeHRM (04.12.2011)
 documentHigh-Tech Bridge Security Research, Sql injection in SugarCRM (04.12.2011)
 documentn0b0d13s_(at)_gmail.com, WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities (04.12.2011)
 documentAmir_(at)_irist.ir, Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities (04.12.2011)
 documentAmir_(at)_irist.ir, Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities (04.12.2011)
 documentsecurity_(at)_infoserve.de, PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability (04.12.2011)
 documentsschurtz_(at)_t-online.de, Ariadne 2.7.6 Multiple XSS vulnerabilities (04.12.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-43] Database information disclosure in Kayako Fusion (04.12.2011)
 documentMustLive, Multiple vulnerabilities in RoundCube (04.12.2011)
 documentMustLive, Уязвимости в Zeema CMS (04.12.2011)

HP Device Access Manager for Protect Tools Information Store ActiveX memory corruption
updated since 04.12.2011
Published:09.07.2012
Source:
SecurityVulns ID:12066
Type:client
Threat Level:
5/10
Description:Buffer overflows in different methods.
Affected:HP : HP Device Access Manager for Protect Tools Information Store 6.1
 HP : HP ProtectTools Enterprise Device Access Manager 5
CVE:CVE-2011-4162 (The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.)
Original documentdocumentHP, [security bulletin] HPSBGN02750 SSRT100795 rev.1 - HP ProtectTools Enterprise Device Access Manager Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) (09.07.2012)
 documentHP, [security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (04.12.2011)
 documentHigh-Tech Bridge Security Research, Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store (04.12.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod