 |
|
|
|
| Linux kernel multiple security vulnerabilities | | Published: |  | 21.01.2012 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 12151 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | DoS conditions, information leaks, privilege escalation. |
| Affected: |  | LINUX : kernel 2.6 | | CVE: |  | CVE-2011-4914 | | | | CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.) | | | | CVE-2011-4611 | | | | CVE-2011-4127 | | | | CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key.") | | | | CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.) | | | | CVE-2011-3353 | | | | CVE-2011-2898 | | | | CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.) |
Microsoft Windows multiple security vulnerabilities
updated since 11.01.2012 | | Published: | | 21.01.2012 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 12137 | | Type: | | client | | Level: | | 7/10 | | Description: | | SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage. |
| Affected: | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | CVE: | | CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability.") | | | | CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability.") | | | | CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability.") | | | | CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability.") | | | | CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability.") | | | | CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability.") | | | | CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.) |
| GreenBrowser double free | | Published: | | 21.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12152 | | Type: | | client | | Level: | | 5/10 | | Description: | | Double free on iframe tag |
| NTR ActiveX security vulnerabilities | | Published: | | 21.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12153 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow, unsafe method. |
| Affected: | | NTR : NTR ActiveX control 2.0 | | CVE: | | CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.) | | | | CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.) |
| Business Availability Center / Business Service Management information leakage | | Published: | | 21.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12155 | | Type: | | remote | | Level: | | 5/10 | | Description: | | |
| CVE: | | CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.) | | | | CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.) | | | | CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.) |
| Suhoshin buffer overflow | | Published: | | 21.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12157 | | Type: | | library | | Level: | | 5/10 | | Description: | | Buffer overflow in the transparent cookis encryption code. |
| EMC SourceOne information leakage | | Published: | | 21.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12158 | | Type: | | local | | Level: | | 4/10 | | Description: | | Information leakage via log files. |
| Affected: | | EMC : SourceOne 6.5 | | | | EMC : SourceOne 6.6 | | | | EMC : SourceOne 6.7 | | CVE: | | CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.) |
| PHP DoS | | Published: | | 21.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12159 | | Type: | | library | | Level: | | 5/10 | | Description: | | NULL pointer dereference because on unchecked zend_strndup return value. |
| Affected: | | PHP : PHP 5.3 | | CVE: | | CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.) |
HP StorageWorks P2000 security vulnerabilities
updated since 16.01.2012 | | Published: | | 21.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12144 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Default account, directory traversal. |
| Affected: | | HP : StorageWorks P2000 | | CVE: | | CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.) |
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.01.2012 | | Published: | | 21.01.2012 | | Source: | | | | SecurityVulns ID: | | 12156 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | security_(at)_infoserve.de, Multiple Cross-Site-Scripting vulnerabilities in x3cms (21.01.2012) |
| | | noreply_(at)_ptsecurity.ru, [PT-2011-01] Cross-Site Scripting in Kayako Support Suite (21.01.2012) |
| | | noreply_(at)_ptsecurity.ru, [PT-2011-02] PHP code Injection in Kayako Support Suite (21.01.2012) |
| | | noreply_(at)_ptsecurity.ru, [PT-2011-03] Information disclosure in Kayako Support Suite (21.01.2012) |
| | | noreply_(at)_ptsecurity.ru, [PT-2011-04] Cross-Site Scripting in Kayako Support Suite (21.01.2012) |
| | | DEBIAN, [SECURITY] [DSA 2386-1] openttd security update (21.01.2012) |
| | | sschurtz_(at)_darksecurity.de, ATutor 2.0.3 Multiple XSS vulnerabilities (21.01.2012) |
| | | sschurtz_(at)_darksecurity.de, BoltWire 3.4.16 Multiple XSS vulnerabilities (21.01.2012) |
| | | sschurtz_(at)_darksecurity.de, phpVideoPro Multiple XSS vulnerabilities (21.01.2012) |
| | | sschurtz_(at)_darksecurity.de, Beehive Forum 101 Multiple XSS vulnerabilities (21.01.2012) |
| | | tom, Family Connections 2.7.2 Multiple XSS (21.01.2012) |
| | | advisory_(at)_htbridge.ch, XSS in OneOrZero AIMS (21.01.2012) |
| | | advisories_(at)_intern0t.net, Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS (21.01.2012) |
| | | n0b0d13s_(at)_gmail.com, appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability (21.01.2012) |
| | | tom, Webcalendar 1.2.4 'location' XSS (21.01.2012) |
Adobe Acrobat / Reader multiple security vulnerabilities
updated since 21.01.2012 | | Published: | | 13.02.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12154 | | Type: | | client | | Level: | | 8/10 | | Description: | | Code execution, multiple memory corruptions. |
| Affected: | | ADOBE : Reader 10.1 | | | | ADOBE : Acrobat 10.1 | | CVE: | | CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.) | | | | CVE-2011-4372 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.) | | | | CVE-2011-4371 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.) | | | | CVE-2011-4370 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.) | | | | CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.) | | | | CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.) |
|
|
|
|
|
|
|
|
