Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Linksys routers multiple security vulnerabilities
updated since 11.02.2013
Published:18.02.2013
Source:
SecurityVulns ID:12871
Type:remote
Threat Level:
5/10
Description:Directory traversals, code execution, etc.
Affected:CISCO : Linksys WAG200G
 CISCO : Linksys E1500
 CISCO : Linksys E2500
 CISCO : Linksys WRT160Nv2
Original documentdocumentdevnull_(at)_s3cur1ty.de, Multiple Vulnerabilities in Linksys WRT160Nv2 (18.02.2013)
 documentdevnull_(at)_s3cur1ty.de, Multiple Vulnerabilities in Linksys WAG200G (18.02.2013)
 documentdevnull_(at)_s3cur1ty.de, Multiple Vulnerabilities in Linksys E1500/E2500 (11.02.2013)

PostgreSQL information leakage
Published:18.02.2013
Source:
SecurityVulns ID:12889
Type:local
Threat Level:
5/10
Description:Array index overflow.
Affected:POSTGRES : PostgreSQL 9.2
CVE:CVE-2013-0255 (PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.)

Qt multiple security vulnerabilities
Published:18.02.2013
Source:
SecurityVulns ID:12890
Type:library
Threat Level:
5/10
Description:Information leakage, incalid SSL error messages.
Affected:QT : qt 5.0
 QT : qt 4.8
CVE:CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.)
 CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.)
 CVE-2012-5624 (The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.)
Original documentdocumentUBUNTU, [USN-1723-1] Qt vulnerabilities (18.02.2013)

OpenConnect buffer overflow
Published:18.02.2013
Source:
SecurityVulns ID:12892
Type:client
Threat Level:
5/10
Description:Buffer overflow on server response parsing.
CVE:CVE-2012-6128 (Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2623-1] openconnect security update (18.02.2013)

Edimax access points multiple security vulnerabilities
Published:18.02.2013
Source:
SecurityVulns ID:12893
Type:remote
Threat Level:
5/10
Description:Multiple web interface vulnerabilities
Affected:EDIMAX : Edimax EW-7206APg
 EDIMAX : Edimax EW-7209APg
Original documentdocumentdevnull_(at)_s3cur1ty.de, Multiple Vulnerabilities in Edimax EW-7206-APg and EW-7209APg (18.02.2013)

TP-Link access points multiple security vulnereabilities
Published:18.02.2013
Source:
SecurityVulns ID:12894
Type:remote
Threat Level:
5/10
Description:Multiple web interface vulnerabilities
Affected:TPLINK : TP-Link TL-WA701N
 TPLINK : TP-Link TL-WA701ND
Original documentdocumentdevnull_(at)_s3cur1ty.de, Multiple Vulnerabilities in TP-Link TL-WA701N / TL-WA701ND (18.02.2013)

Pidgin multiple security vulnerabilities
Published:18.02.2013
Source:
SecurityVulns ID:12895
Type:remote
Threat Level:
5/10
Description:Different vulnerabilities in MXit and IPnP implementations.
Affected:PIDGIN : Pidgin 2.10
CVE:CVE-2013-0274 (upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.)
 CVE-2013-0273 (sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-0272 (Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.)
 CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.)
Original documentdocumentSLACKWARE, [slackware-security] pidgin (SSA:2013-044-01) (18.02.2013)

Dell Sonicwall Scrutinizer multiple security vulnerabilities
Published:18.02.2013
Source:
SecurityVulns ID:12896
Type:remote
Threat Level:
4/10
Description:Multiple web interface vulnerabilities
Affected:DELL : Sonicwall Scrutinizer 9.5
Original documentdocumentVulnerability Lab, Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability (18.02.2013)
 documentVulnerability Lab, Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities (18.02.2013)

gnome screensaver protection bypass
Published:18.02.2013
Source:
SecurityVulns ID:12897
Type:local
Threat Level:
3/10
Description:Screensaver doesn't start automatically.
Affected:GNOME : gnome-screensaver 3.6
CVE:CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation.)
Original documentdocumentUBUNTU, [USN-1716-1] gnome-screensaver vulnerability (18.02.2013)

Atmel crypto co-processors information leakage
Published:18.02.2013
Source:
SecurityVulns ID:12898
Type:local
Threat Level:
5/10
Description:Keys may be leaked via JTAG interface.
Affected:ATMEL : Atmel AT91SAM7XC
Original documentdocumentAdam Laurie, Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack (18.02.2013)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.02.2013
Source:
SecurityVulns ID:12899
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:RAILS : rails 2.3
 IRIS : iris 1.3
 JQUERY : jquery 1.6
 JFORUM : jforum 2.1
CVE:CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.)
 CVE-2013-0276 (ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.)
 CVE-2012-6446
 CVE-2012-6445
 CVE-2011-4969 (Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.)
Original documentdocumentUBUNTU, [USN-1722-1] jQuery vulnerability (18.02.2013)
 documentDEBIAN, [SECURITY] [DSA 2620-1] rails security update (18.02.2013)
 documentaeon.s.flux_(at)_gmail.com, I Read It Somewhere (IRIS) citations management tool <= v1.3 (post auth) Remote Command Execution (18.02.2013)

IBM Lotus Domino crossite scripting and open redirect
updated since 17.12.2012
Published:18.02.2013
Source:
SecurityVulns ID:12789
Type:remote
Threat Level:
5/10
Description:IBM Lotus Domino Web Server crossite scripting and open redirection.
Affected:IBM : Lotus Domino 8.5
CVE:CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
Original documentdocumentMustLive, CSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino (18.02.2013)
Files:Security Bulletin: IBM Lotus Domino Web Server Open Redirect (CVE-2012-4842) and Cross-site Scripting (CVE-2012-4844) Vulnerabilities

Photodex ProShow Producer multiple security vulnerabilities
updated since 18.02.2013
Published:24.03.2013
Source:
SecurityVulns ID:12891
Type:local
Threat Level:
5/10
Description:Buffer overflow on .pxs / .pxt files parsing. Privilege escalations via weak executable permissions and incorrect DLL paths.
Affected:PHOTODEX : ProShow Producer 5.0
Original documentdocumentInshell Security, [IA49] Photodex ProShow Producer v5.0.3310 ScsiAccess Local Privilege Escalation (24.03.2013)
 documentInshell Security, [IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability (02.03.2013)
 documentInshell Security, [IA47] Photodex ProShow Producer v5.0.3297 PXT File title Value Handling Buffer Overflow (24.02.2013)
 documentInshell Security, [IA46] Photodex ProShow Producer v5.0.3297 ColorPickerProc() Memory Corruption (18.02.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod