Computer Security
[EN] securityvulns.ru no-pyccku


OpenVAS Manager code execution
Published:14.11.2012
Source:
SecurityVulns ID:12711
Type:remote
Threat Level:
5/10
Description:Unescaped shell characters on OMP request processing.
Affected:OPENVAS : OpenVAS Manager 3.0
 OPENVAS : OpenVAS Manager 4.0
CVE:CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.)
Original documentdocumentTim Brown, [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection (14.11.2012)

EMC RSA Data Protection Manager security vulnerabilities
Published:14.11.2012
Source:
SecurityVulns ID:12712
Type:remote
Threat Level:
5/10
Description:Crossite scripting, restrictions bypass.
Affected:EMC : RSA Data Protection Manager 3.2
CVE:CVE-2012-4613 (EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack.)
 CVE-2012-4612 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentEMC, ESA-2012-055: RSA® Data Protection Manager Multiple Vulnerabilities (14.11.2012)

Huawei weak passwords encryption
Published:14.11.2012
Source:
SecurityVulns ID:12713
Type:local
Threat Level:
4/10
Description:Passwords are stored in reversible encryption.
Affected:HUAWEI : Huawei CX600
Original documentdocumentroberto.paleari_(at)_emaze.net, Weak password encryption on Huawei products (14.11.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.11.2012
Source:
SecurityVulns ID:12714
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WP E-Commerce 3.8
 EVENTY : Eventy CMS 1.8
 BANANADANCE : BananaDance Wiki 2.2
CVE:CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentVulnerability Lab, BananaDance Wiki b2.2 - Multiple Web Vulnerabilities (14.11.2012)
 documentdefensecode_(at)_defensecode.com, [DC-2012-11-001] DefenseCode ThunderScan PHP Advisory: Wordpress WP e-Commerce Plugin Multiple Security Vulnerabilities (14.11.2012)
 documentVulnerability Lab, Eventy CMS v1.8 Plus - Multiple Web Vulnerablities (14.11.2012)
 documentEmmanuel FARCY, Reflective XSS in uk cookie plugin (14.11.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod