Computer Security
[EN] securityvulns.ru no-pyccku


torque authentication bypass
updated since 13.10.2013
Published:18.11.2013
Source:
SecurityVulns ID:13367
Type:remote
Threat Level:
6/10
Description:It's possible to queue code execution by connecting directly to pbs_mom port. Shell characters vulnerability.
Affected:TORQUE : Terascale Open-Source Resource and Queue Manager 2.5
 TORQUE : Terascale Open-Source Resource and Queue Manager 4.0
CVE:CVE-2013-4495 (The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.)
 CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2796-1] torque security update (18.11.2013)
 documentDEBIAN, [SECURITY] [DSA 2770-1] torque security update (13.10.2013)

Apple iOS authentication bypass
Published:18.11.2013
Source:
SecurityVulns ID:13401
Type:local
Threat Level:
4/10
Description:It's possible to complete AppStore transaction without entering password.
Affected:APPLE : Apple iOS 7.0
CVE:CVE-2013-5193 (The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.)
Original documentdocumentAPPLE, APPLE-SA-2013-11-14-1 iOS 7.0.4 (18.11.2013)

VMWare Workstation privilege escalation
Published:18.11.2013
Source:
SecurityVulns ID:13402
Type:local
Threat Level:
5/10
Description:Unsafe shared library loading.
Affected:VMWARE : VMware Workstation 9.0
 VMWARE : VMware Player 5.0
CVE:CVE-2013-5972 (VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.)
Original documentdocumentVMWARE, NEW VMSA-2013-0013 VMware Workstation host privilege escalation vulnerability (18.11.2013)

Dahua DVR authentication bypass
Published:18.11.2013
Source:
SecurityVulns ID:13403
Type:remote
Threat Level:
5/10
Description:Some commands may be executed without authentication via TCP/37777 protocol.
CVE:CVE-2013-6117 (Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.)
 CVE-2013-3615 (Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.)
 CVE-2013-3614 (Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.)
 CVE-2013-3613 (Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.)
 CVE-2013-3612 (Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.)
Original documentdocumentJake_(at)_depthsecurity.com, Dahua DVR Authentication Bypass - CVE-2013-6117 (18.11.2013)

Android su applications privilege escalation
Published:18.11.2013
Source:
SecurityVulns ID:13404
Type:local
Threat Level:
3/10
Description:Unsafe environment variables and file descriptors usage
Affected:CHAINSDD : ChainsDD Superuser 3.1
 CHAINFIRE : Chainfire SuperSU 1.68
CVE:CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.)
 CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.)
 CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.)
 CVE-2013-6768 (Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.)
Original documentdocumentKevin Cernekee, Superuser "su --daemon" vulnerability on Android >= 4.3 (18.11.2013)
 documentKevin Cernekee, Android Superuser shell character escape vulnerability (18.11.2013)
 documentKevin Cernekee, Superuser unsanitized environment vulnerability on Android <= 4.2.x (18.11.2013)

lighttpd multiple security vulnerabilities
Published:18.11.2013
Source:
SecurityVulns ID:13405
Type:remote
Threat Level:
6/10
Description:Protection bypass, privilege escalation, memory corruption.
Affected:LIGHTTPD : lighttpd 1.4
CVE:CVE-2013-4560 (Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.)
 CVE-2013-4559 (lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.)
 CVE-2013-4508 (lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2795-1] lighttpd security update (18.11.2013)

HP Integrated Lights-Out security vulnerabilities
Published:18.11.2013
Source:
SecurityVulns ID:13406
Type:remote
Threat Level:
4/10
Description:Crossite scripting, information leakage.
Affected:HP : HP iLO4
CVE:CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.)
 CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBHF02939 rev.1 - HP Integrated Lights-Out 4 (iLO4), Remote Cross Site Scripting (XSS), Unauthorized Disclosure of Information (18.11.2013)

SPICE library buffer overflow
Published:18.11.2013
Source:
SecurityVulns ID:13407
Type:library
Threat Level:
6/10
Description:Buffer overflow on oversized password.
Affected:SPICE : spice 0.12
CVE:CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.)
Original documentdocumentUBUNTU, [USN-2027-1] SPICE vulnerability (18.11.2013)

Libvirt code privilege escalation
Published:18.11.2013
Source:
SecurityVulns ID:13408
Type:library
Threat Level:
5/10
Description:virConnectDomainXMLToNative() invalid privileges check.
Affected:LIBVIRT : libvirt 1.1
CVE:CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.)
Original documentdocumentUBUNTU, [USN-2026-1] libvirt vulnerability (18.11.2013)

libav memory corruptions
Published:18.11.2013
Source:
SecurityVulns ID:13409
Type:library
Threat Level:
6/10
Description:Memory corruptions on media formats parsing.
Affected:LIBAV : libav 0.8
CVE:CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access.)
 CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.)
 CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.)
 CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.)
 CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.)
 CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.)
 CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2793-1] libav security update (18.11.2013)
 documentUBUNTU, [USN-2025-1] Libav vulnerabilities (18.11.2013)

Juniper JunOS crossite scripting
Published:18.11.2013
Source:
SecurityVulns ID:13410
Type:remote
Threat Level:
5/10
Description:Crossite scripting in EmbedThis.
Affected:JUNIPER : JUNOS 11.4
Original documentdocumentinfo_(at)_andreabodei.com, XSS on Juniper JUNOS 11.4 Embedthis Appweb 3.2.3 (18.11.2013)

Apple Mac OS X and QuickTime multiple security vulnerabilities
updated since 18.11.2010
Published:18.11.2013
Source:
SecurityVulns ID:11263
Type:remote
Threat Level:
9/10
Description:Multiple vulnerabilities in kernel, networking components, printing services, AFP Server, AppKit, Apple Type Services, CFNetwork, CoreGraphics, CoreText, Directory Services, diskdev_cmds, Disk Images, Image Capture, ImageIO, Image RAW, Password Server, QuickLook, QuickTime, Safari RSS, Time Machine, Wiki Server, X11 and third party applications.
Affected:APPLE : MacOS X 10.5
 QUICKTIME : QuickTime 7.6
 APPLE : MacOS X 10.6
CVE:CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.)
 CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.)
 CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.)
 CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.)
 CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.)
 CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.)
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.)
 CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.)
 CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.)
 CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.)
 CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.)
 CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.)
 CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.)
 CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors.)
 CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.)
 CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.)
 CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.)
 CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.)
 CVE-2010-1847 (The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.)
 CVE-2010-1846 (Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.)
 CVE-2010-1845 (ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.)
 CVE-2010-1844 (Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.)
 CVE-2010-1843 (Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.)
 CVE-2010-1842 (Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.)
 CVE-2010-1841 (Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.)
 CVE-2010-1840 (Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.)
 CVE-2010-1838 (Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.)
 CVE-2010-1837 (CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.)
 CVE-2010-1836 (Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.)
 CVE-2010-1834 (CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.)
 CVE-2010-1833 (Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.)
 CVE-2010-1832 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.)
 CVE-2010-1831CVE-2010-1831
 CVE-2010-1830 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.)
 CVE-2010-1829 (Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.)
 CVE-2010-1828 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.)
 CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.)
 CVE-2010-1803 (Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.)
 CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.)
 CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.)
 CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.)
 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.)
 CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.)
 CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.)
 CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.)
 CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.6.2 and 10.6.3 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions.)
 CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.)
Original documentdocumentsubmit_(at)_cxsec.org, Apple MacOSX 10.9 Hard Link Memory Corruption (18.11.2013)
 document[email protected], NGS00015 Patch Notification: ImageIO Memory Corruption (23.11.2010)
 documentCHECKPOINT, Apple Directory Services Memory Corruption - CVE-2010-1840 (18.11.2010)
 documentSECUNIA, Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability (18.11.2010)
 documentLaurent OUDOT at TEHTRI-Security, [TEHTRI-Security] CVE-2010-1752: Update your MacOSX (18.11.2010)
 documentIDEFENSE, iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability (18.11.2010)
 documentAPPLE, About the security content of Mac OS X v10.6.5 and Security Update 2010-007 (18.11.2010)

MAAS privileg escalation
Published:18.11.2013
Source:
SecurityVulns ID:13411
Type:local
Threat Level:
5/10
Description:maas-import-pxe-files privilege escalations.
Affected:MAAS : maas-cluster-controller 1.3
CVE:CVE-2013-1058 (maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.)
 CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.)
Original documentdocumentUBUNTU, [USN-2013-1] MAAS vulnerabilities (18.11.2013)

Cisco WAAS directory traversal
Published:18.11.2013
Source:
SecurityVulns ID:13412
Type:remote
Threat Level:
5/10
Description:Directory traversal on file upload.
Affected:CISCO : Wide Area Application Services 3.5
CVE:CVE-2013-5554 (Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.)
Files:Cisco WAAS Mobile Remote Code Execution Vulnerability

Cisco IOS multiple security vulnerabilities
updated since 01.10.2013
Published:18.11.2013
Source:
SecurityVulns ID:13299
Type:remote
Threat Level:
8/10
Description:Multiple DoS conditions, information leakage.
Affected:CISCO : IOS 12.2
 CISCO : IOS 15.3
 CISCO : IOS XR 4.3
CVE:CVE-2013-5553 (Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote attackers to cause a denial of service (memory consumption or device reload) by sending a crafted SIP message over (1) IPv4 or (2) IPv6, aka Bug IDs CSCuc42558 and CSCug25383.)
 CVE-2013-5549 (Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380.)
 CVE-2013-5547 (Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.)
 CVE-2013-5546 (The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509.)
 CVE-2013-5545 (The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936.)
 CVE-2013-5543 (Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470.)
 CVE-2013-5503 (The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon detecting full packet queues, which allows remote attackers to cause a denial of service (memory consumption) via UDP packets to listening ports, aka Bug ID CSCue69413.)
 CVE-2013-5480 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCuf28733.)
 CVE-2013-5479 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730.)
 CVE-2013-5478 (Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023.)
 CVE-2013-5477 (The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 through 15.3, when an HDLC32 driver is used, allows remote attackers to cause a denial of service (interface queue wedge) via bursty network traffic, aka Bug ID CSCub67465.)
 CVE-2013-5476 (The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174.)
 CVE-2013-5475 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561.)
 CVE-2013-5474 (Race condition in the IPv6 virtual fragmentation reassembly (VFR) implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.3 allows remote attackers to cause a denial of service (device reload or hang) via fragmented IPv6 packets, aka Bug ID CSCud64812.)
 CVE-2013-5473 (Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3.4.5S; and IOS XE 3.6.xS before 3.6.1S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed IKEv1 packets, aka Bug ID CSCtx66011.)
 CVE-2013-5472 (The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.1, and IOS XE 2.1 through 3.3, does not properly handle encapsulation of multicast NTP packets within MSDP SA messages, which allows remote attackers to cause a denial of service (device reload) by leveraging an MSDP peer relationship, aka Bug ID CSCuc81226.)
Files:Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability
 Cisco IOS Software Network Address Translation Vulnerabilities
 Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability
 Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability
 Cisco IOS Software Queue Wedge Denial of Service Vulnerability
 Cisco IOS Software DHCP Denial of Service Vulnerability
 Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability
 Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability
 Cisco IOS XR Software Memory Exhaustion Vulnerability
 Cisco IOS XR Software Route Processor Denial of Service Vulnerability
 Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Cisco TelePresence VX Clinical Assistant unauthorized access
Published:18.11.2013
Source:
SecurityVulns ID:13413
Type:remote
Threat Level:
5/10
Description:admin password is reset on every reboot.
Affected:CISCO : TelePresence VX Clinical Assistant 1.2
CVE:CVE-2013-5558 (The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 before 1.21 changes the admin password to an empty password upon a reboot, which makes it easier for remote attackers to obtain access via the administrative interface, aka Bug ID CSCuj17238.)
Files:Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability

Light Display Manager protection bypass
Published:18.11.2013
Source:
SecurityVulns ID:13414
Type:local
Threat Level:
5/10
Description:AppArmor policy is not applied correctly.
Affected:LDM : lightdm 1.8
CVE:CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.)
Original documentdocumentUBUNTU, [USN-2012-1] Light Display Manager vulnerability (18.11.2013)

Open-Xchange multiple security vulnerabilities
updated since 01.10.2013
Published:18.11.2013
Source:
SecurityVulns ID:13293
Type:library
Threat Level:
5/10
Description:Multiple different vulnerabilities.
Affected:OPENXCHANGE : Open-Xchange 7.2
CVE:CVE-2013-6074 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.)
 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.)
 CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.)
 CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.)
 CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.)
Original documentdocumentOPENXCHANGE, Open-Xchange Security Advisory 2013-11-06 (18.11.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-09-30 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-09-10 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-08-16 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-07-31 (01.10.2013)

Vivotek IP cameras authentication bypass
Published:18.11.2013
Source:
SecurityVulns ID:13415
Type:remote
Threat Level:
5/10
Description:RTSP access authentication bypass.
Affected:VIVOTEK : Vivotek IP7160
 VIVOTEK : Vivotek IP7361
 VIVOTEK : Vivotek IP8332
CVE:CVE-2013-4985
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass (18.11.2013)

wireshark multiple security vulnerabilities
updated since 02.10.2013
Published:18.11.2013
Source:
SecurityVulns ID:13309
Type:remote
Threat Level:
5/10
Description:Vulnerabilities in different protocols dissectors.
Affected:WIRESHARK : Wireshark 1.10
CVE:CVE-2013-6340 (epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-6338 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-6337 (Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-6336 (The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-5722 (Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-5721 (The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-5720 (Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-5719 (epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2013-5718 (The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2792-1] wireshark security update (18.11.2013)
 documentMANDRIVA, [ MDVSA-2013:238 ] wireshark (02.10.2013)

EMC Documentum crossite scripting
Published:18.11.2013
Source:
SecurityVulns ID:13416
Type:remote
Threat Level:
5/10
Description:Crossite scripting in different modules.
Affected:EMC : Documentum eRoom 7.4
 EMC : Documentum 6.7
CVE:CVE-2013-3286 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.)
 CVE-2013-3281 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.)
Original documentdocumentEMC, ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability. (18.11.2013)
 documentEMC, ESA-2013-073: EMC Documentum eRoom Multiple Cross Site Scripting Vulnerabilities. (18.11.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod