Computer Security

Search:Vulnerability:24.04.2012
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:24.04.2012
Source:
SecurityVulns ID:12338
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WEBCALENDAR : Webcalendar 1.2
CVE:CVE-2012-1496
 CVE-2012-1495
Original documentdocumentThomas Richards, PHP Ticket System Beta 1 'p' SQL Injection (24.04.2012)
 documentn0b0d13s_(at)_gmail.com, WebCalendar <= 1.2.4 Two Security Vulnerabilities (24.04.2012)
 documentThomas Richards, ChurchCMS 0.0.1 'admin.php' Multiple SQLi (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

Asterisk multiple security vulnerabilities
Published:24.04.2012
Source:BUGTRAQ
SecurityVulns ID:12339
Type:remote
Level:7/10
Description:Buffer overflow on Skinny processing, DoS via SIP, Asterisk Manager code execution.
Affected:ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
 ASTERISK : Asterisk 10.3
Original documentdocumentASTERISK, AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver (24.04.2012)
 documentASTERISK, AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver (24.04.2012)
 documentASTERISK, AST-2012-004: Asterisk Manager User Unauthorized Shell Access (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

InspIRCd buffer overflow
Published:24.04.2012
Source:BUGTRAQ
SecurityVulns ID:12341
Type:remote
Level:6/10
Description:Buffer overflow on DNS request processing.
Affected:INSPIRCD : InspIRCd 2.0
CVE:CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2448-1] inspircd security update (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

Astaro Command Center crossite scripting
Published:24.04.2012
Source:BUGTRAQ
SecurityVulns ID:12342
Type:remote
Level:4/10
Description:Multiple crossite scripting vulnerabilities.
Affected:ASTARO : Astaro Command Center 2.0
Original documentdocumentVulnerability Lab, Astaro Command Center v2.x - Multiple Web Vulnerabilities (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

Astaro Security Gateway crossite scripting
Published:24.04.2012
Source:BUGTRAQ
SecurityVulns ID:12343
Type:remote
Level:4/10
Description:Multiple crossite scripting possibilities.
Affected:ASTARO : Astaro Security Gateway 625
Original documentdocumentVulnerability Lab, Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

HP ProCurve switches compact flash cards virus
Published:24.04.2012
Source:BUGTRAQ
SecurityVulns ID:12344
Type:local
Level:4/10
Description:Some of the devices contain virus on compact flash card.
Affected:HP : ProCurve 5400
Original documentdocumentHP, [security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

Plixer Scrutinizer NetFlow and sFlow Analyzer multiple security vulnerabilities
Published:24.04.2012
Source:BUGTRAQ
SecurityVulns ID:12345
Type:remote
Level:6/10
Description:Authentication bypass, SQL injection, crossite scripting.
Affected:PLIXER : Scrutinizer 8.6
CVE:CVE-2012-1261
 CVE-2012-1260
 CVE-2012-1259
 CVE-2012-1258
Original documentdocumentTrustwave Advisories, TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

VMWare ESXi / ESX weak permissions
Published:24.04.2012
Source:BUGTRAQ
SecurityVulns ID:12346
Type:local
Level:5/10
Description:VMWare Tools folder weak permissions
Affected:VMWARE : ESXi 4.1
 VMWARE : ESXi 4.0
 VMWARE : ESX 4.0
 VMWARE : ESX 4.1
 VMWARE : ESXi 5.0
 VMWARE : ESXi 3.5
 VMWARE : ESX 3.5
 VMWARE : VMWare Fusion 4.1
 VMWARE : VMWare Player 4.0
 VMWARE : VMWare Workstation 8.0
CVE:CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 though 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.)
Original documentdocumentVMWARE, VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

OpenSSL memory corruption
updated since 22.04.2012
Published:24.04.2012
Source: BUGTRAQ
SecurityVulns ID:12332
Type:remote
Level:6/10
Description:Memory corruption in asn1_d2i_read_bio()/SMIME_read_PKCS7()/SMIME_read_CMS()
Affected:OPENSSL : OpenSSL 0.9
 POLARSSL : OpenSSL 1.0
CVE:CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.)
 CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:064 ] openssl0.9.8 (24.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2454-1] openssl security update (22.04.2012)
Discuss:Read or add your comments to this news (0 comments)

RuggedCom SCADA equipment backdoor
Published:24.04.2012
Source:BUGTRAQ
SecurityVulns ID:12347
Type:remote
Level:5/10
Description:RuggedCom's Rugged Operating System backdoor account.
CVE:CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.)
Original documentdocumentjc, RuggedCom - Backdoor Accounts in my SCADA network? You don't say... (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)

Android information leakage
updated since 24.04.2012
Published:10.05.2012
Source:BUGTRAQ
SecurityVulns ID:12340
Type:local
Level:3/10
Description:All local applications have unrestricted /proce access and access to SQLite journal files.
Affected:GOOGLE : Android 2.3
Original documentdocumentRoee Hay, Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901) (10.05.2012)
 documentsumanj_(at)_gmail.com, Android information leak (24.04.2012)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru