Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.12.2012
Source:
SecurityVulns ID:12763
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SQUIZ : Squiz CMS 11654
 SYSAID : SysAid Helpdesk 8.5
 MODX : MODx 1.0
 ACHIEVO : Achievo 1.4
 CLIPBUCKET : ClipBucket
 TINYMCPUK : tinymcpuk 0.3
 MANAGEENGINE : Manage Engine Exchange Reporter 4.1
 WORDPRESS : Wordpress Facebook Survey 1
 MANAGEENGINE : ManageEngine ServiceDesk 8.0
 WORDPRESS : Simple Slider 1.0
 DOTPROJECT : dotProject 2.1
 BTNET : BugTracker.Net 3.5
 WORDPRESS : Video Lead Form 0.5
 SILVERSTRIPE : SilverStripe CMS 3.0
CVE:CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.)
 CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.)
 CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.)
 CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.)
 CVE-2012-5849 (Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php.)
 CVE-2012-5702 (Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886.)
 CVE-2012-5701 (Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.)
Original documentdocumentNCC Group Research, NGS000241 Technical Advisory: SysAid Helpdesk Pro Blind SQL Injection (10.12.2012)
 documentNCC Group Research, NGS000330 Technical Advisory: Squiz CMS File Path Traversal (10.12.2012)
 documentlists_(at)_senseofsecurity.com, SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011 (10.12.2012)
 documentEmmanuel FARCY, Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability (10.12.2012)
 documentEmmanuel FARCY, Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL (10.12.2012)
 documentdefensecode_(at)_defensecode.com, [DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities (10.12.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in dotProject (10.12.2012)
 documentEmmanuel FARCY, XSS Vulnerability in Simple Slider Wordpress Plugin (10.12.2012)
 documentVulnerability Lab, ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities (10.12.2012)
 documentVulnerability Lab, Wordpress Facebook Survey v1 - SQL Injection Vulnerability (10.12.2012)
 documentVulnerability Lab, Manage Engine Exchange Reporter v4.1 - Multiple Web Vulnerabilites (10.12.2012)
 documentadmin_(at)_eidelweiss.info, tinymcpuk xss vulnerability (10.12.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Achievo (10.12.2012)
 documentEmmanuel FARCY, Fwd: SQL injection (10.12.2012)
 documentEmmanuel FARCY, Update on CVE assigned for Video Lead Form Plugin Cross-Site (10.12.2012)
 documentEmmanuel FARCY, Update on CVE assigned for Wordpress Plugin Simple Gmail Login (10.12.2012)
 documentMustLive, BF and FPD vulnerabilities in MODx (10.12.2012)
 documentMustLive, XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony (10.12.2012)
 documentMustLive, XSS vulnerability in swfupload in TYPO3 CMS, TinyMCE, Liferay Portal, Drupal, Codeigniter, SentinelleOnAir (10.12.2012)
 documentMustLive, CSRF, AoF, DoS and IAA vulnerabilities in MODx (10.12.2012)
 documentSteevee a.k.a Stefanus, Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability (10.12.2012)

Forescout NAC multiple security vulnerabilities
updated since 03.12.2012
Published:10.12.2012
Source:
SecurityVulns ID:12740
Type:remote
Threat Level:
5/10
Description:Crossite scripting, protection bypass.
Affected:FORESCOUT : Forescout NAC 6.3
CVE:CVE-2012-4985 (The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets.)
 CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch.)
 CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.)
Original documentdocumentJoseph Sheridan, Forescout NAC (Network Access Control) multiple vulnerabilities (10.12.2012)
 documentJoseph Sheridan, Forescout NAC multiple vulnerabilities (03.12.2012)

OpenStack security vulnerabilities
updated since 29.10.2012
Published:10.12.2012
Source:
SecurityVulns ID:12681
Type:remote
Threat Level:
5/10
Description:User authorization vulnerabilities.
CVE:CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.)
 CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.)
 CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.)
 CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.)
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.)
Original documentdocumentUBUNTU, [USN-1641-1] OpenStack Keystone vulnerabilities (10.12.2012)
 documentUBUNTU, [USN-1565-1] OpenStack Horizon vulnerability (29.10.2012)

RSA NetWitness Informer multiple security vulnerabilities
Published:10.12.2012
Source:
SecurityVulns ID:12765
Type:remote
Threat Level:
5/10
Description:Web interface multiple vulnerabilities.
Affected:EMC : RSA NetWitness Informer 2.0
CVE:CVE-2012-4609 (The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors.)
 CVE-2012-4608 (Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users.)
Original documentdocumentEMC, ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities (10.12.2012)

RIM BlackBerry PlayBook information leakage
Published:10.12.2012
Source:
SecurityVulns ID:12766
Type:local
Threat Level:
3/10
Description:Local HTML file can send any data outside.
CVE:CVE-2012-5828
Original documentdocumentTim Brown, Low severity flaw in RIM BlackBerry PlayBook OS browser (10.12.2012)

FortiGate FortiDB crossite scripting
Published:10.12.2012
Source:
SecurityVulns ID:12767
Type:remote
Threat Level:
5/10
Description:Few crossite scripting vulnerabilities.
Affected:FORTIGATE : FortiDB 2000B
 FORTIGATE : FortiDB 1000C
 FORTIGATE : FortiDB 400B
Original documentdocumentVulnerability Lab, FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability (10.12.2012)

FortiGate FortiWeb crossite scripting
Published:10.12.2012
Source:
SecurityVulns ID:12768
Type:remote
Threat Level:
5/10
Description:Few crossite scripting vulnerabilities.
Affected:FORTIGATE : FortiWeb 4000C
 FORTIGATE : FortiWeb 3000C
 FORTIGATE : FortiWeb 1000C
 FORTIGATE : FortiWeb 400C
Original documentdocumentVulnerability Lab, FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities (10.12.2012)

Microsoft Internet Explorer 7 memory corruption
Published:10.12.2012
Source:
SecurityVulns ID:12764
Type:client
Threat Level:
6/10
Description:Memory corruption on redirection to data: uri containing some tags.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
Original documentdocumentMustLive, Microsoft Internet Explorer 7 (10.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod