Computer Security
[EN] securityvulns.ru no-pyccku


FreePBX information leakage
Published:16.02.2012
Source:
SecurityVulns ID:12206
Type:remote
Threat Level:
6/10
Description:It's possible to obtain extensions passwords via gen_amp_conf.php
Affected:FREEPBX : FreePBX 2.10
 FREEPBX : FreePBX 1.88
Original documentdocumentdougw_(at)_linuxsecurityblog.com, FreePBX Remote Exploit (16.02.2012)

Adobe Shockwave Player multiple security vulnerabilities
Published:16.02.2012
Source:
SecurityVulns ID:12207
Type:client
Threat Level:
8/10
Description:Buffer overflow, multiple memory corruptions.
Affected:ADOBE : Shockwave Player 11.6
CVE:CVE-2012-0766 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0764.)
 CVE-2012-0764 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0766.)
 CVE-2012-0763 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0762 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0761 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0760 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0759 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2012-0758 (Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
Original documentdocumentvulnhunt_(at)_gmail.com, [CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow (16.02.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability (16.02.2012)
 documentADOBE, Security update available for Adobe Shockwave Player (16.02.2012)

Adobe Flash Player multiple security vulnerabilities
updated since 16.02.2012
Published:13.06.2012
Source:
SecurityVulns ID:12208
Type:client
Threat Level:
8/10
Description:Memory corruptions, protection bypass, crossite scripting.
Affected:ADOBE : Flash Player 11.1
CVE:CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0756 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.)
 CVE-2012-0755 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.)
 CVE-2012-0754 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2012-0753 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.)
 CVE-2012-0752 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion.")
 CVE-2012-0751 (The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
Original documentdocumentZDI, ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability (13.06.2012)
 documentADOBE, http://www.adobe.com/support/security/bulletins/apsb12-03.html (16.02.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod