Computer Security
[EN] securityvulns.ru no-pyccku


VMWare privilege escalation
updated since 02.04.2012
Published:09.04.2012
Source:
SecurityVulns ID:12293
Type:local
Threat Level:
7/10
Description:It's possible to manipulate emulated ROM via backdoor interface.
Affected:VMWARE : VMware Server 1.0
 VMWARE : VMware ESXi 3.5
 VMWARE : VMware Server 2.0
 VMWARE : VMware Workstation 7.1
 VMWARE : VMware ESXi 4.1
CVE:CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.)
Original documentdocumentVMWARE, VMSA-2012-0006 VMware ESXi and ESX address several security issues (09.04.2012)
 documentds.adv.pub_(at)_gmail.com, VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation (02.04.2012)

Quest vWorkspace ActiveX unauthorized access
Published:09.04.2012
Source:
SecurityVulns ID:12309
Type:client
Threat Level:
5/10
Description:It's possible to modfi files via unsafe functions.
Affected:QUEST : vWorkspace 7.5
Original documentdocumentrgod, Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite (09.04.2012)

Quest Toad for Oracle ActiveX unauthorized access
Published:09.04.2012
Source:
SecurityVulns ID:12310
Type:client
Threat Level:
6/10
Description:It's possible to access files via unsafe methods.
Affected:QUEST : Toad for Oracle 11.0
Original documentdocumentrgod, Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite (09.04.2012)

Sony Bravia TV sets DoS
Published:09.04.2012
Source:
SecurityVulns ID:12311
Type:remote
Threat Level:
3/10
Description:Flood attack with malcrafted packets causes device to hang.
CVE:CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116.)
Original documentdocumentGabriel Menezes Nunes, Sony Bravia Remote Denial of Service - CVE-2012-2210 (09.04.2012)

Sourcefire Defense Center multiple security vulnerabilities
Published:09.04.2012
Source:
SecurityVulns ID:12312
Type:remote
Threat Level:
5/10
Description:Crossite scripting, unauthorized access.
Affected:SOURCEFIRE : Sourcefire Defense Center 4.10
Original documentdocumentFilip Palian, Sourcefire Defense Center - multiple vulnerabilities. (09.04.2012)

Oracle Java multiple security vulnerabilities
Published:09.04.2012
Source:
SecurityVulns ID:12313
Type:library
Threat Level:
8/10
Description:19 different vulnerabilities allow file access and code execution.
Affected:ORACLE : JDK 7
 ORACLE : JRE 7
Original documentdocumentSecurity Explorations, [SE-2012-01] Security vulnerabilities in Java SE (09.04.2012)

HP Onboard Administrator multiple security vulnerabilities
Published:09.04.2012
Source:
SecurityVulns ID:12314
Type:remote
Threat Level:
5/10
Description:URL redirection, unaurthorized access, information leakage.
Affected:HP : HP Onboard Administrator 3.32
CVE:CVE-2012-0130 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.)
 CVE-2012-0129 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.)
 CVE-2012-0128 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU02759 SSRT100817 rev.1 - HP Onboard Administrator (OA), Remote Unauthorized Access, Unauthorized Information Disclosure, Denial of Service (DoS), URL Redirection (09.04.2012)

HP Business Availability Center crossite scripting
Published:09.04.2012
Source:
SecurityVulns ID:12315
Type:remote
Threat Level:
5/10
Affected:HP : HP Business Availability Center 9.01
CVE:CVE-2012-0132 (Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU02749 SSRT100793 rev.1 - HP Business Availability Center (BAC) Running on Windows, Remote Cross Site Scripting (XSS) (09.04.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.04.2012
Source:
SecurityVulns ID:12316
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:COPPERMINE : Coppermine 1.5
 PHPMYADMIN : phpMyAdmin 3.4
 VBULLETIN : Vbulletin 4.1
 TYPO3 : typo3 4.5
 APACHE : Wicket 1.4
 UMBARCO : Umbraco 4.7
 UPLOADIFY : Uploadify 2.1
 UPLOADIFY : Uploadify 3.0
 DIRECTADMIN : DirectAdmin 1.403
 FLATNUX : Flatnux CMS 2011
 MANAGENGINE : Firewall Analyzer 7.2
 LANDSHOP : Landshop 0.9
 WORDPRESS : Buddypress 1.5
 ASTARO : Astaro Command Center 2.0
 OSCMAX : osCmax 2.5
 HBPORTAL : hbportal 0.1
 PHPPALEO : phppaleo 4.8
 TUFIN : SecureTrack 6.1
 TRYTON : tryton 2.2
 INVISIONPOWER : Invision Power Board 3.2
 NEXTBBS : NextBBS 0.6
 PHPMONEYBOOKS : phpMoneyBooks 1.0
 PHPGRADEBOOK : php-gradebook 1.9
 APACHE : Wicket 1.5
 OJS : Open Journal Systems 2.3
 SEDITO : Seditio 165
 MINIFY : Minify 2.1
CVE:CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.)
 CVE-2012-1673 (SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter.)
 CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter.)
 CVE-2012-1671 (Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.)
 CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.)
 CVE-2012-1669 (Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.)
 CVE-2012-1665 (Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.)
 CVE-2012-1664 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.)
 CVE-2012-1608 (The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.)
 CVE-2012-1607 (The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.)
 CVE-2012-1606 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.)
 CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions.)
 CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php.)
 CVE-2012-1301
 CVE-2012-1190 (Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name.)
 CVE-2012-1089 (Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.)
 CVE-2012-0215 (model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.)
 CVE-2012-0047 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.)
Original documentdocumentAyoub Aboukir, Minify and related plugins DOM-Based XSS Vulnerability (09.04.2012)
 documentMustLive, XSS и Brute Force уязвимости в WordPress (09.04.2012)
 documentMustLive, Brute Force и XSS уязвимость в Wordpress (09.04.2012)
 documentchin4b0y, seditio165_CSRF_and_world_readble_db_dumpissuses (09.04.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Open Journal Systems (OJS) (09.04.2012)
 documentvoidloafer_(at)_gmail.com, struts2 xsltResult Local code execution vulnerability (09.04.2012)
 documentAPACHE, [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter (09.04.2012)
 documentAPACHE, [CVE-2012-1089] Apache Wicket serving of hidden files vulnerability (09.04.2012)
 documentgabor.berczi_(at)_devworx.hu, Prado TJavaScript::encode() script injection vulnerability (09.04.2012)
 documentMark Stanislav, 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670) (09.04.2012)
 documentMark Stanislav, 'phpMoneyBooks' Local File Inclusion (CVE-2012-1669) (09.04.2012)
 documentdemonalex_(at)_163.com, Matthew1471s ASP BlogX - XSS Vulnerabilities (09.04.2012)
 documentJanek Vind, [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0 (09.04.2012)
 documentNetsparker Advisories, Cross-site scripting vulnerability in Invision Power Board version 3.2.3 (09.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2444-1] tryton-server security update (09.04.2012)
 documentJanek Vind, [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18 (09.04.2012)
 documentEwerson Guimarгes (Crash) - Dclabs, [DCA-2011-0016] - Tufin SecureTrack Cross Site Script (09.04.2012)
 documentMark Stanislav, 'Hotel Booking Portal' SQL Injection (CVE-2012-1672) (09.04.2012)
 documentMark Stanislav, 'phpPaleo' Local File Inclusion (CVE-2012-1671) (09.04.2012)
 documentMark Stanislav, 'e-ticketing' SQL Injection (CVE-2012-1673) (09.04.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in osCmax (09.04.2012)
 documentVulnerability Lab, Astaro Command Center v2.x - Multiple Web Vulnerabilities (09.04.2012)
 documentMANDRIVA, [ MDVSA-2012:050 ] phpmyadmin (09.04.2012)
 documentivan_terkin_(at)_yahoo.com, SQL injection in Wordpress plugin Buddypress (09.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2445-1] typo3-src security update (09.04.2012)
 documentVulnerability Lab, Landshop v0.9.2 - Multiple Web Vulnerabilities (09.04.2012)
 documentVulnerability Lab, ME Firewall Analyzer v7.2 - Cross Site Vulnerabilities (09.04.2012)
 documentVulnerability Lab, Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities (09.04.2012)
 documentJanek Vind, DirectAdmin v1.403 - Cross Site Scripting Vulnerability (09.04.2012)
 documentJanek Vind, [waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4 (09.04.2012)
 documentJanek Vind, [waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0 (09.04.2012)
 documentAmir_(at)_irist.ir, Wordpress taggator plugin Sql Injection Vulnerabilities (09.04.2012)
 documentAmir_(at)_irist.ir, vBulletin 4.1.10 Sql Injection Vulnerabilitiy (09.04.2012)
 documentFlorent Daigniere, [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7 (09.04.2012)

Arbor Networks Peakflow SP crossite scripting
Published:09.04.2012
Source:
SecurityVulns ID:12317
Type:remote
Threat Level:
4/10
Description:Crossite scripting in administration interface.
Original documentdocumentb.saleh_(at)_aol.com, Arbor Networks Peakflow SP web interface XSS (09.04.2012)

PHP crossite scripting
Published:09.04.2012
Source:
SecurityVulns ID:12318
Type:remote
Threat Level:
5/10
Description:XSS on error message if display_errors enabled.
Affected:PHP : PHP 5.3
 PHP : PHP 5.4
 WORDPRESS : WordPress 3.3
Original documentdocumentchin4b0y, php(5.3.10-5.4.0)_XSS_vulns.txt (09.04.2012)

Cisco WebEx Player buffer overflow
updated since 31.10.2011
Published:09.04.2012
Source:
SecurityVulns ID:12005
Type:client
Threat Level:
5/10
Description:Buffer overflow on .WRF files parsing.
Affected:CISCO : WebEx Player T26
 CISCO : WebEx Player T27
CVE:CVE-2011-3319 (Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.)
Original documentdocumentCISCO, Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player (09.04.2012)
 documentZDI, ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability (11.12.2011)
 documentCISCO, ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability (31.10.2011)
 documentCISCO, Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player (31.10.2011)

libtiff library integer overflow
updated since 09.04.2012
Published:09.07.2012
Source:
SecurityVulns ID:12308
Type:library
Threat Level:
7/10
Description:Integer overflow on tiff parsing.
Affected:LIBTIFF : libtiff 3.9
CVE:CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.)
 CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.)
 CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:101 ] libtiff (09.07.2012)
 documentMANDRIVA, [ MDVSA-2012:054 ] libtiff (09.04.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod