Computer Security
[EN] securityvulns.ru no-pyccku


Munin security vulnerabilities
Published:06.11.2012
Source:
SecurityVulns ID:12697
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability, code execution.
Affected:MUNIN : Munin 1.4
CVE:CVE-2012-3513 (munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.)
 CVE-2012-3512 (Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.)
 CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.)
Original documentdocumentUBUNTU, [USN-1622-1] Munin vulnerabilities (06.11.2012)

Mesa code execution
Published:06.11.2012
Source:
SecurityVulns ID:12698
Type:library
Threat Level:
6/10
Description:Invalid arrays handling.
CVE:CVE-2012-2864 (Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow.")
Original documentdocumentUBUNTU, [USN-1623-1] Mesa vulnerability (06.11.2012)

Checkpoint SofaWare firewalls security vulnerabilities
Published:06.11.2012
Source:
SecurityVulns ID:12700
Type:remote
Threat Level:
5/10
Description:Crossite scripting, information leakage, crossite reqiests forgery, request redirections.
Original documentdocumentProCheckUp Research, PR11-07 Multiple peristent XSS, XSS, XSRF, offsite redirection and information disclosure flaws within CheckPoint/Sofaware firewalls (06.11.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.11.2012
Source:
SecurityVulns ID:12701
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : Answer my question 1.1
 PHOME : EmpireCMS 6.6
CVE:CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.)
Original documentdocumentmachuanlei, [CVE-2012-5777]EmpireCMS Template Parser Remote PHP Code Execution Vulnerability (06.11.2012)
 documentmarcelavbx_(at)_gmail.com, XSS in answer my question plugin (06.11.2012)
 documentX-Cisadane, AwAuctionScript (Aw Auction Script - Market Place for WebMasters) Multiple Vulnerabilities (06.11.2012)

Ubuntu Remote Login Services information leakage
Published:06.11.2012
Source:
SecurityVulns ID:12703
Type:local
Threat Level:
5/10
Description:Context information is purged insufficiently on user account switching.
Affected:UBUNTU : remote-login-service 1.0
CVE:CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.)
Original documentdocumentUBUNTU, [USN-1624-1] Remote Login Service vulnerability (06.11.2012)

Sophos / Cisco Ironport products security vulnerabilities
updated since 06.11.2012
Published:13.11.2012
Source:
SecurityVulns ID:12702
Type:remote
Threat Level:
6/10
Description:Different vulnerabilities, including remote code execution.
Affected:SOPHOS : Sophos Antivirus 8.0
Original documentdocumentTavis Ormandy, multiple critical vulnerabilities in sophos products (06.11.2012)
Files:Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
 Cisco Ironport Appliances Sophos Anti-Virus Vulnerabilities

libproxy buffer overflow
updated since 06.11.2012
Published:26.11.2012
Source:
SecurityVulns ID:12699
Type:library
Threat Level:
5/10
Description:Integer overflow on Content-Length parsing leads to buffer overflow, buffer overflow on proxy.pac parsing.
Affected:LIBPROXY : libproxy 0.3
CVE:CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.)
 CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:172 ] libproxy (26.11.2012)
 documentDEBIAN, [SECURITY] [DSA 2571-1] libproxy security update (06.11.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod