Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Published:10.01.2013
Source:
SecurityVulns ID:12816
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions, buffer overflows, privilege escalations, address spoofing, misissued certificate.
Affected:MOZILLA : Firefox 17.0
 MOZILLA : Thunderbird 17.0
 MOZILLA : SeaMonkey 2.14
CVE:CVE-2013-0771 (Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.)
 CVE-2013-0770 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2013-0769 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2013-0768 (Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values.)
 CVE-2013-0767 (The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2013-0766 (Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data.)
 CVE-2013-0763 (Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas.)
 CVE-2013-0762 (Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2013-0761 (Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2013-0760 (Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.)
 CVE-2013-0759 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code.)
 CVE-2013-0758 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.)
 CVE-2013-0757 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document.)
 CVE-2013-0756 (Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection.)
 CVE-2013-0755 (Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.)
 CVE-2013-0754 (Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.)
 CVE-2013-0753 (Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.)
 CVE-2013-0752 (Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.)
 CVE-2013-0751 (Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.)
 CVE-2013-0750 (Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow.)
 CVE-2013-0749 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2013-0748 (The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.)
 CVE-2013-0747 (The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event.)
 CVE-2013-0746 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.)
 CVE-2013-0745 (The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects.)
 CVE-2013-0744 (Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups.)
 CVE-2013-0743 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none.)
 CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.)
Files:Mozilla Foundation Security Advisory 2013-01
 Mozilla Foundation Security Advisory 2013-02
 Mozilla Foundation Security Advisory 2013-03
 Mozilla Foundation Security Advisory 2013-04
 Mozilla Foundation Security Advisory 2013-05
 Mozilla Foundation Security Advisory 2013-06
 Mozilla Foundation Security Advisory 2013-07
 Mozilla Foundation Security Advisory 2013-08
 Mozilla Foundation Security Advisory 2013-09
 Mozilla Foundation Security Advisory 2013-10
 Mozilla Foundation Security Advisory 2013-11
 Mozilla Foundation Security Advisory 2013-12
 Mozilla Foundation Security Advisory 2013-13
 Mozilla Foundation Security Advisory 2013-14
 Mozilla Foundation Security Advisory 2013-15
 Mozilla Foundation Security Advisory 2013-16
 Mozilla Foundation Security Advisory 2013-17
 Mozilla Foundation Security Advisory 2013-18
 Mozilla Foundation Security Advisory 2013-19
 Mozilla Foundation Security Advisory 2013-20

Microsoft Windows multiple security vulnerabilities
Published:10.01.2013
Source:
SecurityVulns ID:12817
Type:library
Threat Level:
8/10
Description:Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-0013 (The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability.")
 CVE-2013-0011 (The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability.")
 CVE-2013-0008 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability.")
 CVE-2013-0007 (Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability.")
 CVE-2013-0006 (Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability.")
 CVE-2013-0005 (The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability.")
 CVE-2013-0004 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability.")
 CVE-2013-0003 (Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability.")
 CVE-2013-0002 (Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability.")
 CVE-2013-0001 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability.")
Files:Microsoft Security Bulletin MS13-001 - Critical Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
 Microsoft Security Bulletin MS13-002 - Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
 Microsoft Security Bulletin MS13-004 - Important Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
 Microsoft Security Bulletin MS13-005 - Important Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
 Microsoft Security Bulletin MS13-006 - Important Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
 Microsoft Security Bulletin MS13-007 - Important Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)

Microsoft System Center Operations Manager crossite scripting
Published:10.01.2013
Source:
SecurityVulns ID:12818
Type:remote
Threat Level:
5/10
Description:Crossite scripting in Web console.
Affected:MICROSOFT : System Center Operations Manager 2007
CVE:CVE-2013-0010 (Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.)
 CVE-2013-0009 (Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.)
Files:Microsoft Security Bulletin MS13-003 - Important Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.01.2013
Source:
SecurityVulns ID:12819
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TOMATOCART : TomatoCart 1.1
 OPENSOLUTION : Quick.Cms 5.0
 OPENSOLUTION : Quick.Cart 6.0
 RAILS : Ruby on Rails 3.0
 RUBY : Ruby on Rails 3.1
 RUBY : Ruby on Rails 3.2
 WEECHAT : WeeChat 0.3
 ZEND : Zend 1.11
CVE:CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.)
 CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.)
 CVE-2012-6430 (Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.)
 CVE-2012-5664 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6496, CVE-2012-6497. Reason: this candidate was intended for one issue, but the candidate was publicly used to label concerns about multiple products. Notes: All CVE users should consult CVE-2012-6496 and CVE-2012-6497 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.)
 CVE-2012-5534 (The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion.")
 CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2602-1] zendframework security update (10.01.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart (10.01.2013)
 documentMustLive, New vulnerabilities in MODx Revolution (10.01.2013)
 documentYGN Ethical Hacker Group, TomatoCart 1.x | Cross Site Request Forgery Protection Bypass via JavaScript Hijacking (10.01.2013)
 documentYGN Ethical Hacker Group, TomatoCart 1.x | Unrestricted File Creation (10.01.2013)

Google Chrome for Android multiple security vulnerabilities
Published:10.01.2013
Source:
SecurityVulns ID:12820
Type:library
Threat Level:
5/10
Description:Multiple protection bypass and privilege escalation vulnerabilities.
Affected:GOOGLE : Chrome 18.0
CVE:CVE-2012-4909 (Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.)
 CVE-2012-4908 (Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.)
 CVE-2012-4907 (Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.)
 CVE-2012-4906 (Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.)
 CVE-2012-4905 (Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS).")
Original documentdocumentmbsdtest01_(at)_gmail.com, Chrome for Android - Cookie theft from Chrome by malicious Android app (10.01.2013)
 documentmbsdtest01_(at)_gmail.com, Chrome for Android - Bypassing SOP for Local Files By Symlinks (10.01.2013)
 documentmbsdtest01_(at)_gmail.com, Chrome for Android - Android APIs exposed to JavaScript (10.01.2013)
 documentmbsdtest01_(at)_gmail.com, Chrome for Android - Download Function Information Disclosure (10.01.2013)
 documentmbsdtest01_(at)_gmail.com, Chrome for Android - UXSS via com.android.browser.application_id Intent extra (10.01.2013)

Facebook for Android information leakage
Published:10.01.2013
Source:
SecurityVulns ID:12821
Type:local
Threat Level:
4/10
Description:Malicious app can steal private files.
Original documentdocumentmbsdtest01_(at)_gmail.com, Facebook for Android - Information Diclosure Vulnerability (10.01.2013)

EMC Networker buffer overflow
Published:10.01.2013
Source:
SecurityVulns ID:12822
Type:remote
Threat Level:
6/10
Description:Buffer overflow in nsrindexd RPC based service.
Affected:EMC : NetWorker 7.6
 EMC : NetWorker 7.5
 EMC : NetWorker 8.0
CVE:CVE-2012-4607 (Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data.)
Original documentdocumentEMC, ESA-2013-001: EMC NetWorker Buffer Overflow vulnerability (10.01.2013)

X.Org / XFree86 xfs DoS
Published:10.01.2013
Source:
SecurityVulns ID:12823
Type:library
Threat Level:
5/10
Description:Invalid SendErrToClient function use.
Affected:XFREE86 : XFree86 3.3
 XORG : X.Org X11R6.6
CVE:CVE-2012-1699 (The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.)

Nero MediaHome DoS
Published:10.01.2013
Source:
SecurityVulns ID:12824
Type:remote
Threat Level:
5/10
Description:Different vulnerabilities on TCP/54444 requests parsing.
Affected:NERO : MediaHome 4.5
CVE:CVE-2012-5877 (Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.)
 CVE-2012-5876 (Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.)
Original documentdocumentHigh-Tech Bridge Security Research, Nero MediaHome Multiple Remote DoS Vulnerabilities (10.01.2013)

Cisco Unified IP Phones 7900 privilege escalation
Published:10.01.2013
Source:
SecurityVulns ID:12825
Type:local
Threat Level:
4/10
Description:Insufficient syscall arguments check.
Affected:CISCO : Cisco Unified IP Phone 7900
CVE:CVE-2012-5445 (The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.)
Files:Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability

Cisco Prime LAN Management Solution code execution
Published:10.01.2013
Source:
SecurityVulns ID:12826
Type:remote
Threat Level:
7/10
Description:Insufficient network traffic validation.
Affected:CISCO : Cisco Prime LMS 4.2
CVE:CVE-2012-6392 (Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.)

Samsung Kies ActiveX multiple security vulnerabilities
updated since 17.10.2012
Published:10.01.2013
Source:
SecurityVulns ID:12653
Type:client
Threat Level:
5/10
Description:Code execution, files modification.
Affected:SAMSUNG : Samsung Kies 2.3
 SAMSUNG : Samsung Kies 2.5
CVE:CVE-2012-6429 (Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.)
 CVE-2012-3810
 CVE-2012-3809
 CVE-2012-3808
 CVE-2012-3807
 CVE-2012-3806
Original documentdocumentHigh-Tech Bridge Security Research, Remote Buffer Overflow Vulnerability in Samsung Kies (10.01.2013)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Samsung Kies (17.10.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod