Computer Security
[EN] securityvulns.ru no-pyccku


libtiff library integer overflow
updated since 09.04.2012
Published:09.07.2012
Source:
SecurityVulns ID:12308
Type:library
Threat Level:
7/10
Description:Integer overflow on tiff parsing.
Affected:LIBTIFF : libtiff 3.9
CVE:CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.)
 CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.)
 CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:101 ] libtiff (09.07.2012)
 documentMANDRIVA, [ MDVSA-2012:054 ] libtiff (09.04.2012)

HP Device Access Manager for Protect Tools Information Store ActiveX memory corruption
updated since 04.12.2011
Published:09.07.2012
Source:
SecurityVulns ID:12066
Type:client
Threat Level:
5/10
Description:Buffer overflows in different methods.
Affected:HP : HP Device Access Manager for Protect Tools Information Store 6.1
 HP : HP ProtectTools Enterprise Device Access Manager 5
CVE:CVE-2011-4162 (The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.)
Original documentdocumentHP, [security bulletin] HPSBGN02750 SSRT100795 rev.1 - HP ProtectTools Enterprise Device Access Manager Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS) (09.07.2012)
 documentHP, [security bulletin] HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (04.12.2011)
 documentHigh-Tech Bridge Security Research, Heap Memory Corruption in HP Device Access Manager for Protect Tools Information Store (04.12.2011)

MIT Kerberos 5 kadmind DoS
Published:09.07.2012
Source:
SecurityVulns ID:12447
Type:local
Threat Level:
4/10
Description:NULL pointer dereference
Affected:MIT : krb5 1.8
 MIT : krb5 1.9
 MIT : krb5 1.10
CVE:CVE-2012-1013 (The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.)

EMC RSA Access Manager replay attack
Published:09.07.2012
Source:
SecurityVulns ID:12448
Type:m-i-t-m
Threat Level:
5/10
Description:It's possible to replays sniffed session.
Affected:EMC : RSA Access Manager Server 6.0
 EMC : RSA Access Manager Server 6.1
Original documentdocumentEMC, ESA-2012-026: RSA Access Manager Session Replay Vulnerability (09.07.2012)

Microsoft IIS security vulnerabilities
Published:09.07.2012
Source:
SecurityVulns ID:12449
Type:remote
Threat Level:
5/10
Description:Requests flood with ~ sign in the path leads to server DoS; files and folders are accessible via 8.3 name making it easier to bruteforce names of hidden files and folders.
Original documentdocumentbugreport_(at)_itguard.info, IIS Short File/Folder Name Disclosure by using tilde ~ character (09.07.2012)
 documentbugreport_(at)_itguard.info, .Net Framework Tilde Character DoS - Sorry, exploit-db link corrected (09.07.2012)

Cyberoam DPI unsafe certificates
Published:09.07.2012
Source:
SecurityVulns ID:12450
Type:remote
Threat Level:
5/10
Description:All devices use same certificates for SSL connection hijacking.
Original documentdocumentBen Laurie, Cyberoam advisory (09.07.2012)

Apache mod_security protection bypass
Published:09.07.2012
Source:
SecurityVulns ID:12451
Type:library
Threat Level:
4/10
Description:It's possible to bypass protection if both Content-Disposition: attachment and Content-Type: multipart are present
Affected:APACHE : mod-security 2.6
CVE:CVE-2012-4528 (The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.)
 CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2506-1] libapache-mod-security security update (09.07.2012)

Symantec Message Filter session hijacking
Published:09.07.2012
Source:
SecurityVulns ID:12452
Type:remote
Threat Level:
5/10
Affected:SYMANTEC : Symantec Message Filter 6.3
Original documentdocument[email protected], NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation (09.07.2012)

IBM Edge Components Caching Proxy crossite scripting
Published:09.07.2012
Source:
SecurityVulns ID:12453
Type:remote
Threat Level:
5/10
Description:Crossite scripting on non-existent page.
Affected:IBM : Edge Components Caching Proxy 6.0
CVE:CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.)
Original documentdocumentBugs NotHugs, IBM Edge Components Caching Proxy XSS Followup (09.07.2012)

HP Photosmart printers DoS
Published:09.07.2012
Source:
SecurityVulns ID:12456
Type:remote
Threat Level:
4/10
CVE:CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS) (09.07.2012)

Avaya IP Office Customer Call Reporter code execution
Published:09.07.2012
Source:
SecurityVulns ID:12457
Type:remote
Threat Level:
7/10
Description:It's possible to upload executable files via ImageUpload.ashx
Affected:AVAYA : Avaya IP Office Customer Call Reporter 7.0
CVE:CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.)
Original documentdocumentZDI, ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability (09.07.2012)

bcfg2 shell chatacters vulnerability
Published:09.07.2012
Source:
SecurityVulns ID:12458
Type:remote
Threat Level:
6/10
Description:It's possible to execute code as a root.
Affected:BCFG2 : bcfg2 1.2
CVE:CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2503-1] bcfg2 security update (09.07.2012)

Spring Framework information leakage
Published:09.07.2012
Source:
SecurityVulns ID:12459
Type:library
Threat Level:
5/10
Affected:LIBSPRING : libspring 2.5
CVE:CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2504-1] libspring-2.5-java security update (09.07.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.07.2012
Source:
SecurityVulns ID:12460
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BACKUPPC : BackupPC 3.2
 NAGIOS : Nagios XI 2011
 VALARSOFT : Webmatic 3.1
 WORDPRESS : Wordpress 3.4
 CLSCRIPT : CLscript CMS 3.0
 GUESTBOOKSCRIPTS : GuestBook Scripts PHP 1.5
 CLASSIFIED : Classified 1.1
 PLOW : plow 0.0
 TIKI : Tiki Wiki 8.3
 BOOKMARK4U : Bookmark4U 2.1
 TEMENOS : TEMENOS T24 7
 APACHE : Roller 4.0
 APACHE : Roller 5.0
 APACHE : SugarCRM CE 6.3
 ZEND : Zend Framework 1.12
 ZEND : Zend Framework 1.11
 ZEND : Zend Framework 2.0
CVE:CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.)
 CVE-2012-2381 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.)
 CVE-2012-2380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.)
 CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.)
 CVE-2012-0694
Original documentdocumentUBUNTU, [USN-1444-1] BackupPC vulnerability (09.07.2012)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection (09.07.2012)
 documentn0b0d13s_(at)_gmail.com, [CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution (09.07.2012)
 documentDave, CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability (09.07.2012)
 documentDave, CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability (09.07.2012)
 documentrewterz, REWTERZ-20120629 - TEMENOS T24 Cross-Site Scripting (XSS) Vulnerability (09.07.2012)
 documentBugs NotHugs, Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI (09.07.2012)
 documentm.razavi777_(at)_gmail.com, Basilic RCE bug (09.07.2012)
 document[email protected], NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection (09.07.2012)
 document[email protected], NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection (09.07.2012)
 document[email protected], NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS (09.07.2012)
 documentAmir_(at)_irist.ir, Wordpress (editormonkey) Arbitrary File Upload Vulnerability (09.07.2012)
 documentpereira_(at)_secbiz.de, Forum Oxalis 0.1.2 <= SQL Injection Vulnerability (09.07.2012)
 documentpereira_(at)_secbiz.de, plow 0.0.5 <= Buffer Overflow Vulnerability (09.07.2012)
 documentpereira_(at)_secbiz.de, plow 0.0.5 <= Buffer Overflow Vulnerability (09.07.2012)
 documentVulnerability Lab, Freeside SelfService CGI|API 2.3.3 - Multiple Vulnerabilities (09.07.2012)
 documentVulnerability Lab, Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities (09.07.2012)
 documentVulnerability Lab, Event Script PHP v1.1 CMS - Multiple Web Vulnerabilites (09.07.2012)
 documentVulnerability Lab, GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites (09.07.2012)
 documentVulnerability Lab, CLscript CMS v3.0 - Multiple Web Vulnerabilities (09.07.2012)
 documentMustLive, Уязвимости в LIOOSYS CMS (09.07.2012)
 documentMustLive, XSS, Redirector and FPD vulnerabilities in WordPress (09.07.2012)
 documentBlack Hat, 7sepehr SQL Injection Vulnerability (09.07.2012)
 documentBlack Hat, 7sepehr SQL Injection Vulnerability (09.07.2012)
 documentBlack Hat, 7sepehr SQL Injection Vulnerability (09.07.2012)
 documentHigh-Tech Bridge Security Research, Blind SQL Injection in Webmatic (09.07.2012)

Linux kernel multiple security vulnerabilities
Published:09.07.2012
Source:
SecurityVulns ID:12462
Type:client
Threat Level:
5/10
Description:DoS, privilege escalation.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.0
 LINUX : kernel 3.2
CVE:CVE-2012-2384 (Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call.)
 CVE-2012-2383 (Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call.)
 CVE-2012-2375 (The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131.)
 CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020.)
 CVE-2012-2313 (The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.)
Original documentdocumentUBUNTU, [USN-1473-1] Linux kernel vulnerabilities (09.07.2012)
 documentUBUNTU, [USN-1488-1] Linux kernel vulnerabilities (09.07.2012)

Ubuntu AccountsService privilege escalation
Published:09.07.2012
Source:
SecurityVulns ID:12463
Type:local
Threat Level:
5/10
Description:Invalid files caching.
Affected:UBUNTU : accountsservice 0.6
CVE:CVE-2012-2737 (The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.)
Original documentdocumentUBUNTU, [USN-1485-1] AccountsService vulnerability (09.07.2012)

python multiple security vulnerabilities
updated since 09.07.2012
Published:29.07.2012
Source:
SecurityVulns ID:12454
Type:library
Threat Level:
5/10
Description:DoS, crissoite scripting, information leakage.
Affected:PYTHOH : python 2.7
CVE:CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.)
 CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.)
 CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.)
 CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.)
 CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:117 ] python-pycrypto (29.07.2012)
 documentMANDRIVA, [ MDVSA-2012:096-1 ] python (09.07.2012)

HP Network Node Manager i crossite scripting
updated since 09.07.2012
Published:13.08.2012
Source:
SecurityVulns ID:12455
Type:remote
Threat Level:
5/10
Affected:HP : Network Node Manager i 9.0
 HP : Network Node Manager i 9.1
 HP : Network Node Manager I 9.20
CVE:CVE-2012-2022 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (13.08.2012)
 documentHP, [security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (09.07.2012)

Nova security vulnerabilities
updated since 09.07.2012
Published:27.08.2012
Source:
SecurityVulns ID:12461
Type:local
Threat Level:
5/10
Description:Privilege escalation, DoS.
CVE:CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.)
 CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.)
 CVE-2012-3361 (virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.)
 CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.)
Original documentdocumentUBUNTU, [USN-1545-1] Nova vulnerability (27.08.2012)
 documentUBUNTU, [USN-1497-1] Nova vulnerabilities (09.07.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod