Computer Security
[EN] securityvulns.ru no-pyccku


VMWare View directory traversal
Published:17.12.2012
Source:
SecurityVulns ID:12784
Type:remote
Threat Level:
6/10
Description:VMware View Connection Server directory traversal.
Affected:VMWARE : VMware View 4.6
 VMWARE : VMware View 5.1
CVE:CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.)
Original documentdocumentddivulnalert_(at)_ddifrontline.com, DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978) (17.12.2012)

unity firefox extension crossorigin policy bypass
Published:17.12.2012
Source:
SecurityVulns ID:12785
Type:client
Threat Level:
5/10
Affected:UNITY : unity-firefox-extension 2.4
CVE:CVE-2012-0958 (content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage.)
Original documentdocumentUBUNTU, [USN-1665-1] unity-firefox-extension vulnerability (17.12.2012)

btrfs DoS
Published:17.12.2012
Source:
SecurityVulns ID:12786
Type:local
Threat Level:
3/10
Description:DoS via reproducable hash collisions.
Original documentdocumentPascal Junod, [btrfs] is vulnerable to a hash-DoS attack (17.12.2012)

Nova information leakage
Published:17.12.2012
Source:
SecurityVulns ID:12787
Type:local
Threat Level:
4/10
Description:LVM images are not cleared on reallocation.
Affected:OPENSTACK : Nova 2012.2
CVE:CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).)
Original documentdocumentUBUNTU, [USN-1663-1] Nova vulnerability (17.12.2012)

D-Link IP cameras information leakage
updated since 17.12.2012
Published:04.02.2013
Source:
SecurityVulns ID:12788
Type:remote
Threat Level:
6/10
Description:It's possible to retrieve camera password.
Affected:DLINK : D-Link DCS-932L
 DLINK : D-Link DCS-930L
CVE:CVE-2012-4046 (The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.)
Original documentdocumentRoberto Paleari, Unauthenticated remote access to D-Link DCS cameras (04.02.2013)
 documentdoylej.ia_(at)_gmail.com, Password Disclosure in D-Link IP Cameras (CVE-2012-4046) (17.12.2012)
Files:Password Disclosure in D-Link Surveillance Cameras (CVE-2012-4046)

IBM Lotus Domino crossite scripting and open redirect
updated since 17.12.2012
Published:18.02.2013
Source:
SecurityVulns ID:12789
Type:remote
Threat Level:
5/10
Description:IBM Lotus Domino Web Server crossite scripting and open redirection.
Affected:IBM : Lotus Domino 8.5
CVE:CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
Original documentdocumentMustLive, CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino (18.02.2013)
Files:Security Bulletin: IBM Lotus Domino Web Server Open Redirect (CVE-2012-4842) and Cross-site Scripting (CVE-2012-4844) Vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod