Computer Security
[EN] securityvulns.ru
no-pyccku

  

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:24.04.2012
Source:
SecurityVulns ID:12338
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WEBCALENDAR : Webcalendar 1.2
CVE:CVE-2012-1496
 CVE-2012-1495
Original documentdocumentThomas Richards, PHP Ticket System Beta 1 'p' SQL Injection (24.04.2012)
 documentn0b0d13s_(at)_gmail.com, WebCalendar <= 1.2.4 Two Security Vulnerabilities (24.04.2012)
 documentThomas Richards, ChurchCMS 0.0.1 'admin.php' Multiple SQLi (24.04.2012)

Asterisk multiple security vulnerabilities
Published:24.04.2012
Source:
SecurityVulns ID:12339
Type:remote
Threat Level:
7/10
Description:Buffer overflow on Skinny processing, DoS via SIP, Asterisk Manager code execution.
Affected:ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
 ASTERISK : Asterisk 10.3
Original documentdocumentASTERISK, AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver (24.04.2012)
 documentASTERISK, AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver (24.04.2012)
 documentASTERISK, AST-2012-004: Asterisk Manager User Unauthorized Shell Access (24.04.2012)

InspIRCd buffer overflow
Published:24.04.2012
Source:
SecurityVulns ID:12341
Type:remote
Threat Level:
6/10
Description:Buffer overflow on DNS request processing.
Affected:INSPIRCD : InspIRCd 2.0
CVE:CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2448-1] inspircd security update (24.04.2012)

Astaro Command Center crossite scripting
Published:24.04.2012
Source:
SecurityVulns ID:12342
Type:remote
Threat Level:
4/10
Description:Multiple crossite scripting vulnerabilities.
Affected:ASTARO : Astaro Command Center 2.0
Original documentdocumentVulnerability Lab, Astaro Command Center v2.x - Multiple Web Vulnerabilities (24.04.2012)

Astaro Security Gateway crossite scripting
Published:24.04.2012
Source:
SecurityVulns ID:12343
Type:remote
Threat Level:
4/10
Description:Multiple crossite scripting possibilities.
Affected:ASTARO : Astaro Security Gateway 625
Original documentdocumentVulnerability Lab, Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities (24.04.2012)

HP ProCurve switches compact flash cards virus
Published:24.04.2012
Source:
SecurityVulns ID:12344
Type:local
Threat Level:
4/10
Description:Some of the devices contain virus on compact flash card.
Affected:HP : ProCurve 5400
Original documentdocumentHP, [security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus (24.04.2012)

Plixer Scrutinizer NetFlow and sFlow Analyzer multiple security vulnerabilities
Published:24.04.2012
Source:
SecurityVulns ID:12345
Type:remote
Threat Level:
6/10
Description:Authentication bypass, SQL injection, crossite scripting.
Affected:PLIXER : Scrutinizer 8.6
CVE:CVE-2012-1261
 CVE-2012-1260
 CVE-2012-1259
 CVE-2012-1258
Original documentdocumentTrustwave Advisories, TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer (24.04.2012)

VMWare ESXi / ESX weak permissions
Published:24.04.2012
Source:
SecurityVulns ID:12346
Type:local
Threat Level:
5/10
Description:VMWare Tools folder weak permissions
Affected:VMWARE : ESXi 4.1
 VMWARE : ESXi 4.0
 VMWARE : ESX 4.0
 VMWARE : ESX 4.1
 VMWARE : ESXi 5.0
 VMWARE : ESXi 3.5
 VMWARE : ESX 3.5
 VMWARE : VMWare Fusion 4.1
 VMWARE : VMWare Player 4.0
 VMWARE : VMWare Workstation 8.0
CVE:CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 though 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.)
Original documentdocumentVMWARE, VMSA-2012-0007 VMware hosted products and ESXi/ESX patches address privilege escalation (24.04.2012)

OpenSSL memory corruption
updated since 22.04.2012
Published:24.04.2012
Source:
SecurityVulns ID:12332
Type:remote
Threat Level:
6/10
Description:Memory corruption in asn1_d2i_read_bio()/SMIME_read_PKCS7()/SMIME_read_CMS()
Affected:OPENSSL : OpenSSL 0.9
 OPENSSL : OpenSSL 1.0
CVE:CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.)
 CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:064 ] openssl0.9.8 (24.04.2012)
 documentDEBIAN, [SECURITY] [DSA 2454-1] openssl security update (22.04.2012)

RuggedCom SCADA equipment backdoor
Published:24.04.2012
Source:
SecurityVulns ID:12347
Type:remote
Threat Level:
5/10
Description:RuggedCom's Rugged Operating System backdoor account.
CVE:CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.)
Original documentdocumentjc, RuggedCom - Backdoor Accounts in my SCADA network? You don't say... (24.04.2012)

Android information leakage
updated since 24.04.2012
Published:10.05.2012
Source:
SecurityVulns ID:12340
Type:local
Threat Level:
3/10
Description:All local applications have unrestricted /proce access and access to SQLite journal files.
Affected:GOOGLE : Android 2.3
Original documentdocumentRoee Hay, Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901) (10.05.2012)
 documentsumanj_(at)_gmail.com, Android information leak (24.04.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru