Computer Security
[EN] securityvulns.ru no-pyccku


HP LaserJet P3015 printer unauthorized access
updated since 09.01.2012
Published:11.01.2012
Source:
SecurityVulns ID:12130
Type:remote
Threat Level:
5/10
Description:Web server directory traversal
Affected:HP : LaserJet P3015
CVE:CVE-2011-4785 (Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.)
 CVE-2011-4161 (The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables the Remote Firmware Update (RFU) setting, which allows remote attackers to execute arbitrary code by using a session on TCP port 9100 to upload a crafted firmware update.)
Original documentdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785) (11.01.2012)
 documentHP, [security bulletin] HPSBPI02733 SSRT100646 rev.1 - Certain HP LaserJet Printers, Remote Unauthorized Access to Files (09.01.2012)

Apache mod_proxy unauthorized internal network access
updated since 12.10.2011
Published:11.01.2012
Source:
SecurityVulns ID:11968
Type:remote
Threat Level:
6/10
Description:Invalid processing for URI with preceeding @ sign.
Affected:APACHE : Apache 1.3
 APACHE : Apache 2.0
 APACHE : Apache 2.2
CVE:CVE-2011-4317 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.)
 CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:144 ] apache (12.10.2011)

Apache privilege escalation
Published:11.01.2012
Source:
SecurityVulns ID:12139
Type:local
Threat Level:
5/10
Description:Privilege escalation with SetEnvIf in conjunction with crafted HTTP headers.
Affected:APACHE : Apache 2.0
 APACHE : Apache 2.2
CVE:CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.)

Novell Netware security vulnerabilities
updated since 09.01.2012
Published:11.01.2012
Source:
SecurityVulns ID:12127
Type:remote
Threat Level:
5/10
Description:TCP/32778, UDP/32778, UDP/2039, UDP/32779 RPC-based services buffer overflow.
Affected:NOVELL : Netware 6.5
Original documentdocumentZDI, ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability (11.01.2012)
 documentZDI, ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability (09.01.2012)

PowerDNS response loop
Published:11.01.2012
Source:
SecurityVulns ID:12140
Type:remote
Threat Level:
6/10
Description:Resolver reponds to response, allowing DoS attacks.
Affected:POWERDNS : PowerDNS 2.9
CVE:CVE-2012-0206 (common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2385-1] pdns security update (11.01.2012)

Microsoft AntiXSS library crossite scripting
updated since 11.01.2012
Published:20.01.2012
Source:
SecurityVulns ID:12138
Type:library
Threat Level:
5/10
Description:Crossite scripting during HTML parsing.
Affected:MICROSOFT : AntiXSS 4.0
CVE:CVE-2012-0007 (The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability.")
Original documentdocumentadic_(at)_il.ibm.com, Microsoft Anti-XSS Library Bypass (MS12-007) (20.01.2012)
Files:Microsoft Security Bulletin MS12-007 - Important Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Microsoft Windows multiple security vulnerabilities
updated since 11.01.2012
Published:21.01.2012
Source:
SecurityVulns ID:12137
Type:client
Threat Level:
7/10
Description:SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability.")
 CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability.")
 CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability.")
 CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability.")
 CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability.")
 CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability.")
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentAkita Software Security, Office arbitrary ClickOnce application execution vulnerability (21.01.2012)
Files:Microsoft Security Bulletin MS12-001 - Important Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
 Microsoft Security Bulletin MS12-002 - Important Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
 Microsoft Security Bulletin MS12-003 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
 Microsoft Security Bulletin MS12-004 - Critical Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
 Microsoft Security Bulletin MS12-005 - Important Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
 Microsoft Security Bulletin MS12-006 - Important Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod