Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows multiple security vulnerabilities
updated since 09.05.2012
Published:13.08.2012
Source:
SecurityVulns ID:12357
Type:library
Threat Level:
9/10
Description:TCP/IP privilege escalation, partition manager privilege escalation, multiple security vulnerabililities in .Net, Silverlight, font management, GDI+, window components, etc.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability.")
 CVE-2012-0181 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability.")
 CVE-2012-0180 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability.")
 CVE-2012-0179 (Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability.")
 CVE-2012-0178 (Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability.")
 CVE-2012-0176 (Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability.")
 CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability.")
 CVE-2012-0167 (Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability.")
 CVE-2012-0165 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability.")
 CVE-2012-0164 (Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability.")
 CVE-2012-0162 (Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability.")
 CVE-2012-0161 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability.")
 CVE-2012-0160 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability.")
 CVE-2012-0159 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability.")
 CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability.")
Original documentdocumentZDI, ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability (13.08.2012)
 documentZDI, ZDI-12-129: Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel) (13.08.2012)
 documentadvisories-publication_(at)_coresecurity.com, CORE-2011-1123: Windows Kernel ReadLayoutFile Heap Overflow (09.05.2012)
Files:Microsoft Security Bulletin MS12-032 - Important Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
 Microsoft Security Bulletin MS12-033 - Important Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
 Microsoft Security Bulletin MS12-033 - Important Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
 Microsoft Security Bulletin MS12-034 - Critical Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
 Microsoft Security Bulletin MS12-035 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

AOL Deskbar ActiveX code exeuction
updated since 24.06.2012
Published:13.08.2012
Source:
SecurityVulns ID:12435
Type:client
Threat Level:
5/10
Description:AOL dnUpdater ActiveX uninitialized potiner.
Original documentdocumentrgod, AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution (13.08.2012)
 documentZDI, ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability (24.06.2012)

HP Network Node Manager i crossite scripting
updated since 09.07.2012
Published:13.08.2012
Source:
SecurityVulns ID:12455
Type:remote
Threat Level:
5/10
Affected:HP : Network Node Manager i 9.0
 HP : Network Node Manager i 9.1
 HP : Network Node Manager I 9.20
CVE:CVE-2012-2022 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (13.08.2012)
 documentHP, [security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (09.07.2012)

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 20.07.2012
Published:13.08.2012
Source:
SecurityVulns ID:12483
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, code execution, data spoofing, crossite scripting, information leakage.
Affected:MOZILLA : Firefox 13.0
 MOZILLA : Thunderbird 13.0
 MOZILLA : SeaMonkey 2.10
CVE:CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.)
 CVE-2012-1966 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.)
 CVE-2012-1965 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.)
 CVE-2012-1964 (The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element.)
 CVE-2012-1963 (The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.)
 CVE-2012-1962 (Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.)
 CVE-2012-1961 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.)
 CVE-2012-1960 (The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation.)
 CVE-2012-1959 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content.)
 CVE-2012-1958 (Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.)
 CVE-2012-1955 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls.)
 CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.)
 CVE-2012-1953 (The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.)
 CVE-2012-1952 (The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.)
 CVE-2012-1951 (Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.)
 CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.)
 CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.)
Original documentdocumentZDI, ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability (13.08.2012)
Files:Mozilla Foundation Security Advisory 2012-41
 Mozilla Foundation Security Advisory 2012-42
 Mozilla Foundation Security Advisory 2012-43
 Mozilla Foundation Security Advisory 2012-44
 Mozilla Foundation Security Advisory 2012-45
 Mozilla Foundation Security Advisory 2012-46
 Mozilla Foundation Security Advisory 2012-47
 Mozilla Foundation Security Advisory 2012-48
 Mozilla Foundation Security Advisory 2012-49
 Mozilla Foundation Security Advisory 2012-50
 Mozilla Foundation Security Advisory 2012-51
 Mozilla Foundation Security Advisory 2012-52
 Mozilla Foundation Security Advisory 2012-53
 Mozilla Foundation Security Advisory 2012-54
 Mozilla Foundation Security Advisory 2012-55
 Mozilla Foundation Security Advisory 2012-56

Oracle Sun Solaris Update Manager symbolic links vulnerability
updated since 30.07.2012
Published:13.08.2012
Source:
SecurityVulns ID:12496
Type:local
Threat Level:
5/10
Description:Insecure temporary files creation.
Affected:ORACLE : Solaris 10
Original documentdocumentlarry0_(at)_me.com, Another Solaris 10 Patch Cluster Symlink Attack (13.08.2012)
 documentlarry0_(at)_me.com, file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install. (30.07.2012)

Linux kernel multiple security vulnerabilities
Published:13.08.2012
Source:
SecurityVulns ID:12501
Type:local
Threat Level:
7/10
Description:Multiple DoS conditions, privilege escalation.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.2
CVE:CVE-2012-3400 (Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.)
 CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.)
 CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.)
 CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations.)
 CVE-2012-2373 (The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.)
 CVE-2012-2372 (The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.)
 CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.)
 CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.)
 CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.)
Original documentdocumentUBUNTU, [USN-1531-1] Linux kernel vulnerabilities (13.08.2012)
 documentUBUNTU, [USN-1529-1] Linux kernel vulnerabilities (13.08.2012)

KOffice / Calligra code execution
Published:13.08.2012
Source:
SecurityVulns ID:12502
Type:local
Threat Level:
5/10
Description:Code execution on MS Word document parsing.
Affected:KDE : KOffice 2.3
 CALLIGRA : Calligra 2.4
CVE:CVE-2012-3456 (Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.)
 CVE-2012-3455 (Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.)
Original documentdocumentUBUNTU, [USN-1526-1] KOffice vulnerability (13.08.2012)

IBM Lotus iNotes / Quickr ActiveX code execution
Published:13.08.2012
Source:
SecurityVulns ID:12503
Type:client
Threat Level:
5/10
Description:dwa85W.cab / QP2.cab ActiveX buffer overflow
Affected:IBM : Lotus iNotes 8.5
 IBM : Lotus Quickr 8.2
CVE:CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.)
 CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.)
Original documentdocumentZDI, ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability (13.08.2012)

GE Intelligent Platforms Proficy Historian code execution
Published:13.08.2012
Source:
SecurityVulns ID:12504
Type:client
Threat Level:
6/10
Description:Multiple Data Archiver (TCP/14000) service memory corruptions.
Affected:GE : Proficy Historian 4.5
CVE:CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings.)
 CVE-2012-0229 (The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe.)
Original documentdocumentZDI, ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities (13.08.2012)

libxml integer overflows
Published:13.08.2012
Source:
SecurityVulns ID:12505
Type:library
Threat Level:
6/10
Description:Multiple integer overflows.
Affected:LIBXML : libxml 2.8
CVE:CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2521-1] libxml2 security update (13.08.2012)

Iomega StorCenter/EMC Lifeline unauthorized access
Published:13.08.2012
Source:
SecurityVulns ID:12506
Type:remote
Threat Level:
6/10
Description:Remote unauthenticated access is possible under some conditions.
Affected:EMC : Iomega Home Media Network Hard Drive
 EMC : Iomega iConnect 2.5
 EMC : StorCenter ix2
 EMC : StorCenter ix4
 EMC : StorCenter ix12
 EMC : StorCenter px4
 EMC : StorCenter px6
 EMC : StorCenter px12
CVE:CVE-2012-2283 (The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors.)
Original documentdocumentEMC, ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability (13.08.2012)

Oracle Business Transaction Management Server directory traversal
Published:13.08.2012
Source:
SecurityVulns ID:12507
Type:remote
Threat Level:
6/10
Description:FlashTunnelService allows arbitrary files deletion via SOAP interface.
Affected:ORACLE : Business Transaction Management Server 12.1
Original documentdocumentrgod, Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion (13.08.2012)

libtiff tiff2pdf code execution
Published:13.08.2012
Source:
SecurityVulns ID:12508
Type:library
Threat Level:
5/10
Description:Code exeucution on tiff parsing.
Affected:LIBTIFF : libtiff 3.9
CVE:CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:127 ] libtiff (13.08.2012)

Globus GridFTP privilege escalation
Published:13.08.2012
Source:
SecurityVulns ID:12510
Type:library
Threat Level:
5/10
Description:Insufficient validation on name lookup.
Affected:globus : Globus Toolkit 5.2
CVE:CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2523-1] globus-gridftp-server security update (13.08.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.08.2012
Source:
SecurityVulns ID:12511
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPLIST : phpList 2.10
 FCKEDITOR : FCKeditor 2.6
 LEDGERSMB : LedgerSMB 1.3
 SOCIALENGINE : Social Engine 4.2
 PPBOARD : PBBoard 2.1
 CAKEPHP : CakePHP 2.2
 DIR2WEB : Dir2web 3.0
 OPENCONSTRUCTOR : Openconstructor 3.12
 REDAXO : Redaxo 4.4
 TEKNOPORTAL : tekno.Portal 0.1
 OCPORTAL : ocPoral 7.1
CVE:CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.)
 CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.)
 CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.)
 CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.)
 CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.)
 CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.)
 CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.)
 CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.)
 CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php.)
Original documentdocumentYGN Ethical Hacker Group, ocPortal 7.1.5 <= | Open URL Redirection Vulnerability (13.08.2012)
 documentChris Travers, Security Advisory in LedgerSMBv 1.3.20 and below: Denial of Service vulnerability (13.08.2012)
 documentX-Cisadane, Social Engine 4 Persistent XSS & Non-Persistent XSS (13.08.2012)
 documentSocket_0x03_(at)_teraexe.com, Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability (13.08.2012)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Redaxo (13.08.2012)
 documentlorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities (13.08.2012)
 documentlorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability (13.08.2012)
 documentlorenzo.cantoni86_(at)_gmail.com, [CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities (13.08.2012)
 documentDaniel Correa, Dir2web3 Mutiple Vulnerabilities (13.08.2012)
 documentVulnerability Lab, Joomla com_package - SQL Injection Vulnerability (13.08.2012)
 documentVulnerability Lab, Joomla com_photo - SQL Injection Vulnerability (13.08.2012)
 documentVulnerability Lab, Inout Mobile Webmail APP - Multiple Web Vulnerabilities (13.08.2012)
 documentVulnerability Lab, iAuto Mobile Application 2012 - Multiple Web Vulnerabilities (13.08.2012)
 documentMultiple vulnerabilities in PBBoard, Multiple vulnerabilities in PBBoard (13.08.2012)
 documentDEBIAN, [SECURITY] [DSA 2522-1] fckeditor security update (13.08.2012)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in phpList (13.08.2012)
 documentMustLive, XXE Injection in CakePHP and Squiz CMS (13.08.2012)
 documentMustLive, Zend Framework - Local file disclosure via XXE injection (13.08.2012)

OpenTTD DoS
Published:13.08.2012
Source:
SecurityVulns ID:12512
Type:remote
Threat Level:
5/10
Description:Few DoS conditions against game server.
Affected:OPENTTD : OpenTTD 1.0
CVE:CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half.")
 CVE-2012-0049
Original documentdocumentDEBIAN, [SECURITY] [DSA 2524-1] openttd security update (13.08.2012)

Wireshark security vulnerabilities
updated since 13.08.2012
Published:20.08.2012
Source:
SecurityVulns ID:12509
Type:remote
Threat Level:
5/10
Description:Few different DoS conditions in NFS and PPP dissectors.
Affected:WIRESHARK : Wireshark 1.4
CVE:CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.)
 CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.)
 CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.)
 CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.)
 CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.)
 CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.)
 CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.)
 CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.)
 CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.)
 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:135 ] wireshark (20.08.2012)
 documentMANDRIVA, [ MDVSA-2012:125 ] wireshark (13.08.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod