Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.08.2011
Source:
SecurityVulns ID:11860
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPLIST : phpList 2.10
 WEBSITEBAKER : WebsiteBaker 2.8
 ELGG : Elgg 1.7
 ELGG : Elgg 1.8
 AWIKI : awiki 20100125
 ECHATSERVER : EChat Server 2.5
 WORDPRESS : Fast Secure Contact Form 3.0
 WORDPRESS : WP-Stats-Dashboard 2.6
Original documentdocumentEhsan_Hp200_(at)_hotmail.com, phpWebSite (userpage) Cross Site Scripting Vulnerabilities (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, dpconsulenze (dettaglio.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, ECHO Creative Company (dettaglio.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Muzedon (dettaglio.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, netplanet (dettaglio.asp?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, InYourLife (dettaglio.php?id) (dettaglio_immobile.php?id) (notizia.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, lab382 (dettaglio.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentHigh-Tech Bridge Security Research, Multiple XSS in WP-Stats-Dashboard (17.08.2011)
 documentHigh-Tech Bridge Security Research, XSS in Fast Secure Contact Form wordpress plugin (17.08.2011)
 documentrunlvl, INSECT Pro - Exploit EChat Server <= v2.5 20110812 - Remote Buffer Overflow Exploit (17.08.2011)
 documentYGN Ethical Hacker Group, WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability (17.08.2011)
 documentYGN Ethical Hacker Group, WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability (17.08.2011)
 documentLostmon lords, Calisto light, light plus and full, Sql Injection And user or Admin bypass (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, Neox (categoria.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, QOLQA (categoria.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, cdeVision (index.php?page) Remote File Inclusion Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, CdeVision Cross Site Scripting Vulnerabilities (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, CdeVision(students.php?id) (gallery.php?cat) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, BACKEND (categoria.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentEhsan_Hp200_(at)_hotmail.com, SAY Comunicacion (producto.php?id) Remote SQL injection Vulnerability (17.08.2011)
 documentmuuratsalo experimental hack lab, awiki 20100125 multiple local file inclusion vulnerabilities (17.08.2011)
 documentcyber netron, The LAD Melbourne Cms Sql Injection Vulnerability (17.08.2011)
 documentLostmon lords, {LostmonÒ‘s Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection (17.08.2011)
 documentDavide Canali, phpList Improper Access Control and Information Leakage vulnerabilities (17.08.2011)

foomatic code execution
Published:17.08.2011
Source:
SecurityVulns ID:11861
Type:local
Threat Level:
4/10
Description:It's possible to execute code via .ppd files.
Affected:FOOMATIC : Foomatic 4.0
 FOOMATIC : Foomatic 3.11
CVE:CVE-2011-2964 (foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.)
 CVE-2011-2697 (foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:125 ] foomatic-filters (17.08.2011)

Adobe Shockwave Player multiple security vulnerabilities
updated since 12.08.2011
Published:17.08.2011
Source:
SecurityVulns ID:11849
Type:remote
Threat Level:
7/10
Description:Multiple memory corruptions.
Affected:ADOBE : Shockwave Player 11.6
CVE:CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file.)
 CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4308.)
 CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19) (17.08.2011)
Files:Security update available for Adobe Shockwave Player

ISC DHCPD DoS
Published:17.08.2011
Source:
SecurityVulns ID:11862
Type:remote
Threat Level:
6/10
Description:Crash on BOOTP packet parsing.
CVE:CVE-2011-2749 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.)
 CVE-2011-2748 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2292-1] ISC DHCP security update (17.08.2011)

CheckPoint SSL VPN ActiveX code execution
Published:17.08.2011
Source:
SecurityVulns ID:11863
Type:client
Threat Level:
7/10
Description:Unsafe methods allow file upload and execute.
CVE:CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827 (17.08.2011)

VMware vFabric tc Server weak encryption
Published:17.08.2011
Source:
SecurityVulns ID:11865
Type:m-i-t-m
Threat Level:
4/10
Description:Server accepts cleartext password even if it's not allowed for user.
Affected:VMWARE : vFabric tc Server 2.0
 VMWARE : vFabric tc Server 2.1
CVE:CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.)
Original documentdocumentVMWARE, CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass (17.08.2011)

Apache Tomcat security vulnerabilities
Published:17.08.2011
Source:
SecurityVulns ID:11866
Type:remote
Threat Level:
6/10
Description:Privilege escalation, information disclosure.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.)
 CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.)
Original documentdocumentAPACHE, [SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat) (17.08.2011)

NetSaro Enterprise Messenger Server weak encryption
Published:17.08.2011
Source:
SecurityVulns ID:11867
Type:local
Threat Level:
4/10
Description:Passwords are stored in cleartext or in reverible form.
Affected:NETSARO : NetSaro Enterprise Messenger Server 2.0
Original documentdocumentrobkraus_(at)_soutionary.com, NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability (17.08.2011)
 documentrobkraus_(at)_soutionary.com, NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability (17.08.2011)

Oracle Sun Java multiple security vulnerabilities
Published:17.08.2011
Source:
SecurityVulns ID:11868
Type:library
Threat Level:
8/10
Affected:ORACLE : Java SE 6
CVE:CVE-2011-0871 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.)
 CVE-2011-0869 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.)
 CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.)
 CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.)
 CVE-2011-0865 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.)
 CVE-2011-0864 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.)
 CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:126 ] java-1.6.0-openjdk (17.08.2011)

Nortel / Avaya Media Application Server buffer overflow
Published:17.08.2011
Source:
SecurityVulns ID:11869
Type:remote
Threat Level:
6/10
Description:Buffer overflow on TCP/52005 request parsing.
Affected:AVAYA : Aura Application Server 5300
Original documentdocumentZDI, ZDI-11-260: Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability (17.08.2011)

Symantec Veritas Storage Foundation multiple security vulnerabilities
Published:17.08.2011
Source:
SecurityVulns ID:11870
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities on TCP/2148 request parsing.
CVE:CVE-2011-0547 (Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.)
Original documentdocumentZDI, ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability (17.08.2011)
 documentZDI, ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability (17.08.2011)

RealNetworks Realplayer multiple security vulnerabilities
Published:17.08.2011
Source:
SecurityVulns ID:11871
Type:client
Threat Level:
7/10
Description:QCP, AAC, MP3, SWF, SIPR parsing memory corruptions, crossite scripting, unsafe methods and buffer overflow in ActiveX.
Affected:REAL : RealPlayer Enterprise 2.1
 REAL : RealPlayer 14.0
 REAL : Mac RealPlayer 12.0
CVE:CVE-2011-2955 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.)
 CVE-2011-2954 (Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2953 (An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.)
 CVE-2011-2952 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.)
 CVE-2011-2951 (Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.)
 CVE-2011-2950 (Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.)
 CVE-2011-2949 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.)
 CVE-2011-2948 (RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.)
 CVE-2011-2947 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document.)
 CVE-2011-2946 (Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2011-2945 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.)
Original documentdocumentZDI, ZDI-11-265: RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability (17.08.2011)
Files:RealNetworks, Inc. Releases Update to Address Security Vulnerabilities

EMC RSA Adaptive Authentication authentication data reuse (On-Premise)
Published:17.08.2011
Source:
SecurityVulns ID:11872
Type:m-i-t-m
Threat Level:
5/10
Affected:EMC : RSA AAOP 6.0
CVE:CVE-2011-2733 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.)
Original documentdocumentEMC, ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise) (17.08.2011)

StudioLine Photo Basic ActiveX code execution
Published:17.08.2011
Source:
SecurityVulns ID:11873
Type:remote
Threat Level:
5/10
Description:Unsafe EnableLog() method.
Original documentdocumentHigh-Tech Bridge Security Research, StudioLine Photo Basic 3 ActiveX control Insecure Method (17.08.2011)

Microsoft Windows DHCPv6 DoS
Published:17.08.2011
Source:
SecurityVulns ID:11858
Type:client
Threat Level:
4/10
Description:RPC crashes on DHCP reply with empty Domain Search List.
Affected:MICROSOFT : Windows 7
Original documentdocumenttunterleitner_(at)_barracuda.com, Malformed DHCPv6 packets cause RPC to become unresponsive (17.08.2011)

CheckPoint Security Management products symbolic links vulnerability
Published:17.08.2011
Source:
SecurityVulns ID:11859
Type:local
Threat Level:
4/10
Description:Symbolic links vulnerability during installation
CVE:CVE-2011-2664 (Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.)
Original documentdocumentMatthew Flanagan, CVE-2011-2664 Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products (17.08.2011)

Mozilla Fireox / Seamonkey / Thunderbird multiple security vulnerabilities
updated since 17.08.2011
Published:19.08.2011
Source:
SecurityVulns ID:11874
Type:remote
Threat Level:
9/10
Description:Multiple memory corruptions, crossite access, information leak, restriction bypass.
Affected:MOZILLA : Firefox 3.6
 MOZILLA : Firefox 5.0
 MOZILLA : Thunderbird 6.0
 MOZILLA : Thunderbird 3.6
 MOZILLA : SeaMonkey 2.2
CVE:CVE-2011-2993 (The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.)
 CVE-2011-2992 (The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2011-2991 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2011-2990 (The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.)
 CVE-2011-2989 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2011-2988 (Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.)
 CVE-2011-2987 (Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2986 (Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.)
 CVE-2011-2985 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.)
 CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.)
 CVE-2011-2982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2011-2981 (The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.)
 CVE-2011-2980 (Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.)
 CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer.")
 CVE-2011-0084 (The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5, does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer.")
Original documentdocumentACROS Security, ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox (19.08.2011)
 documentACROS Security, ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird (19.08.2011)
 documentZDI, ZDI-11-271: Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability (18.08.2011)
 documentZDI, ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability (18.08.2011)
Files:Mozilla Foundation Security Advisory 2011-29 Security issues addressed in Firefox 6
 Mozilla Foundation Security Advisory 2011-30 Security issues addressed in Firefox 3.6.20
 Mozilla Foundation Security Advisory 2011-31 Security issues addressed in Thunderbird 6
 Mozilla Foundation Security Advisory 2011-32 Security issues addressed in Thunderbird 3.1.12
 Mozilla Foundation Security Advisory 2011-33 Security issues addressed in SeaMonkey 2.3

libXfont memory corruption
updated since 17.08.2011
Published:17.08.2013
Source:
SecurityVulns ID:11864
Type:library
Threat Level:
5/10
Description:Memory corruption on compressed font parsing.
CVE:CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.)
Original documentdocumentUBUNTU, [USN-1191-1] libXfont vulnerability (17.08.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod