Computer Security
[EN] securityvulns.ru no-pyccku


Asterisk security vulnerabilities
Published:05.01.2013
Source:
SecurityVulns ID:12811
Type:remote
Threat Level:
6/10
Description:DoS conditions caused by resources exhaustion.
Affected:ASTERISK : Asterisk 1.8
CVE:CVE-2012-5977 (Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.)
 CVE-2012-5976 (Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.)
Original documentdocumentASTERISK, AST-2012-015: Denial of Service Through Exploitation of Device State Caching (05.01.2013)
 documentASTERISK, AST-2012-014: Crashes due to large stack allocations when using TCP (05.01.2013)

Слабая криптография в IP-телефонах Aastra
Published:05.01.2013
Source:
SecurityVulns ID:12812
Type:m-i-t-m
Threat Level:
2/10
Description:Configuration file encryption is vulnerable to replay attacks.
Affected:AASTRA : Aastra 6753i
Original documentdocumentTimo Juhani Lindfors, Aastra IP Telephone encrypted .tuz configuration file leakage (05.01.2013)

PMSoftware Simple Webserver directory traversal
Published:05.01.2013
Source:
SecurityVulns ID:12813
Type:remote
Threat Level:
5/10
Description:Request with relative path allows file retrieval.
Affected:PMX : Simple Webserver 2.3
Original documentdocumentcwggenius_(at)_gmail.com, Simple Webserver 2.3-rc1 Directory Traversal (05.01.2013)

Rapid7 Nexpose security vulnerabilities
Published:05.01.2013
Source:
SecurityVulns ID:12814
Type:remote
Threat Level:
5/10
Description:Crossite scripting and request forgery.
Affected:RAPID7 : Nexpose 5.5
CVE:CVE-2012-6494
 CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete.)
Original documentdocumenti_(at)_amroot.com, CVE-2012-6494 - Nexpose Security Console - Session Hijacking (05.01.2013)
 documenti_(at)_amroot.com, CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF) (05.01.2013)

Adobe Flash Player memory corruption
updated since 05.01.2013
Published:14.01.2013
Source:
SecurityVulns ID:12815
Type:client
Threat Level:
7/10
Description:Memory corruption on SWF parsing
Affected:ADOBE : Flash Player 10.3
 ADOBE : Flash Player 11.4
 ADOBE : AIR 3.5
CVE:CVE-2013-0630 (Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentMustLive, DoS vulnerability in Flash player (access violation) (05.01.2013)
Files:Security updates available for Adobe Flash Player

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod