Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.09.2011
Source:
SecurityVulns ID:11900
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JBOSS : JBoss 3.2
 JBOSS : JBoss 4.0
 MANTIS : Mantis 1.1
 VMWARE : Spring Security 3.0
 VMWARE : Spring Security 2.0
 HBCUMULUS : HB-Cumulus for Habari 1.4
 EZ : EZcumulus 1.0
 EXPRESSION : Simple Tags for Expression Engine 1.6
 SERENDIPITY : Freetag 3.28
 PHPFUSION : Animated tag cloud for PHP-Fusion 1.4
 MAGNETO : 3D Advanced Tags Clouds 2.0
 JBOSS : JBoss 5.0
 PAPOO : CMS Papoo Light 4.0
 BCFG2 : bcfg2 1.1
CVE:CVE-2011-3358 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library.)
 CVE-2011-3357 (Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.)
 CVE-2011-3211 (The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.)
 CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.)
 CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.)
 CVE-2011-2731 (Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.)
 CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2302-1] bcfg2 security update (13.09.2011)
 documentVMWARE, CVE-2011-2730: Spring Framework Information Disclosure (13.09.2011)
 documentVMWARE, CVE-2011-2732: Spring Security header injection vulnerability (13.09.2011)
 documentVMWARE, CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities (13.09.2011)
 documentVMWARE, CVE-2011-2731: Spring Security privilege escalation when using RunAsManager (13.09.2011)
 documentsschurtz_(at)_t-online.de, Multiple XSS vulnerabilities in CMS Papoo Light Version (13.09.2011)
 documentDEBIAN, [SECURITY] [DSA 2308-1] mantis security update (13.09.2011)
 documentMustLive, Уязвимости в JBoss Application Server (13.09.2011)
 documentMustLive, Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron (13.09.2011)

Quassel IRC client DoS
Published:13.09.2011
Source:
SecurityVulns ID:11901
Type:remote
Threat Level:
5/10
Description:CTCP request parsing DoS.
Affected:QUASSEL : quassel 0.6
Original documentdocumentUBUNTU, [USN-1200-1] Quassel vulnerability (13.09.2011)

EMC Avamar privilege escalation
Published:13.09.2011
Source:
SecurityVulns ID:11902
Type:local
Threat Level:
4/10
Description:Domain administrator can access data from different domain.
Affected:EMC : Avamar 5.0
 EMC : Avamar 6.0
CVE:CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.)
Original documentdocumentEMC, ESA-2011-018: Domain administration privilege enforcement bypass in EMC Avamar (13.09.2011)

squid buffer overflow
Published:13.09.2011
Source:
SecurityVulns ID:11903
Type:remote
Threat Level:
6/10
Description:Buffer overflow on gopher reply parsing.
Affected:SQUID : squid 3.0
 SQUID : squid 3.1
 SQUID : squid 3.2
CVE:CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2304-1] squid3 security update (13.09.2011)

Google Сhrome multiple security vulnerabilities
Published:13.09.2011
Source:
SecurityVulns ID:11904
Type:client
Threat Level:
6/10
Description:DoS, information leakage, memory corruption.
Affected:GOOGLE : Chrome 13.0
CVE:CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.)
 CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.)
 CVE-2011-2359 (Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2307-1] chromium-browser security update (13.09.2011)

Linux kernel security vulnerabilities
Published:13.09.2011
Source:
SecurityVulns ID:11905
Type:remote
Threat Level:
7/10
Description:Predictable TCP ISN numbers, CIFS client memory corruption.
Affected:LINUX : kernel 2.6
CVE:CVE-2011-3191 (Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.)
 CVE-2011-3188 (The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression (13.09.2011)

rsyslog buffer overflow
Published:13.09.2011
Source:
SecurityVulns ID:11906
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized syslog TAG.
Affected:RSYSLOG : rsyslog 4.6
CVE:CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:134 ] rsyslog (13.09.2011)

Cisco Nexus switches protection bypass
updated since 13.09.2011
Published:31.10.2011
Source:
SecurityVulns ID:11907
Type:remote
Threat Level:
6/10
Description:It's possible to bypass ACL limitation. Local code execution.
Affected:CISCO : Cisco MDS 9000
 CISCO : Cisco Nexus 5000
 CISCO : Cisco Nexus 7000
 CISCO : Cisco Nexus 3000
 CISCO : Cisco Nexus 2000
 CISCO : Cisco Nexus 4000
CVE:CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490.)
 CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.)
Original documentdocumentCISCO, RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues. (31.10.2011)
 document0x9950_(at)_gmail.com, [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues. (26.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability (13.09.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod