Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Application Control Engine privilege escalation
Published:25.06.2012
Source:
SecurityVulns ID:12441
Type:local
Threat Level:
4/10
Description:Context administrator can access wrong context.
Affected:CISCO : ACE A4
 CISCO : ACE A5
CVE:CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability (25.06.2012)

Cisco ASA DoS
Published:25.06.2012
Source:
SecurityVulns ID:12442
Type:remote
Threat Level:
6/10
Description:It's possible to reboot device remotely.
Affected:CISCO : ASA 5500
CVE:CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability (25.06.2012)

ClamAV antivirus multiple security vulnerabilities
Published:25.06.2012
Source:
SecurityVulns ID:12443
Type:library
Threat Level:
6/10
Description:Vulnerabilitie on TAR and CHM parsing.
Affected:CLAMAV : ClamAV 0.96
CVE:CVE-2012-1459 (The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro A)
 CVE-2012-1458 (The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.)
 CVE-2012-1457 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field t)

QNAP Turbo NAS multiple security vulnerabilities
Published:25.06.2012
Source:
SecurityVulns ID:12444
Type:local
Threat Level:
4/10
Description:Information leakage, privilege esclation, system access.
Affected:QNAP : Turbo NAS
Original documentdocumentlists_(at)_senseofsecurity.com, QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory (25.06.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.06.2012
Source:
SecurityVulns ID:12445
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYBB : Mybb 1.6
 SQUIZ : Squiz Matrix 4.6
 TRAQ : traq 2.3
 WEBATALL : [email protected] 2.6
 COMMENTICS : Commentics 2.0
 NEWSSCRIPTSPHP : News Script PHP 1.2
 WEBIFY : Webify 6.5
 SWOOPO : Gold Shop 8.4
 ERGON : Airlock 4.2
CVE:CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in [email protected] 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.)
 CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in [email protected] 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass (25.06.2012)
 documentVulnerability Lab, Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007 (25.06.2012)
 documentVulnerability Lab, [Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities (25.06.2012)
 documentVulnerability Lab, Webify Product Series - Multiple Web Vulnerabilities (25.06.2012)
 documentVulnerability Lab, News Script PHP v1.2 - Multiple Web Vulnerabilites (25.06.2012)
 documentpereira_(at)_secbiz.de, Commentics 2.0 <= Multiple Vulnerabilities (25.06.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in [email protected] (25.06.2012)
 documentchin4b0y, Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy (25.06.2012)
 documentchin4b0y, traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns (25.06.2012)

Western Digital ShareSpace information leakage
Published:25.06.2012
Source:
SecurityVulns ID:12446
Type:remote
Threat Level:
4/10
Description:It's possible to access configuration files via Web interface.
Affected:WD : ShareSpace
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure (25.06.2012)

Lattice Diamond Programmer buffer overflow
Published:25.06.2012
Source:
SecurityVulns ID:12437
Type:local
Threat Level:
4/10
Description:Code execution via .xcf files.
Affected:LATTICE : Diamond Programmer 1.4
CVE:CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow (25.06.2012)

snmpd DoS
Published:25.06.2012
Source:
SecurityVulns ID:12438
Type:remote
Threat Level:
5/10
Description:Crash on request to non-existent extension table entry.
Affected:NETSNMP : net-snmp 5.6
CVE:CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:099 ] net-snmp (25.06.2012)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.06.2012
Published:25.06.2012
Source:
SecurityVulns ID:12404
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, code executions, information leakage.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability.")
 CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability.")
 CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability.")
 CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability.")
 CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability.")
 CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability.")
 CVE-2012-1876 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.)
 CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability.")
 CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability.")
 CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability.")
 CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability.")
 CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.")
 CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037) (25.06.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875) (25.06.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876) (25.06.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability (17.06.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability (17.06.2012)
 documentZDI, ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability (17.06.2012)
Files:Microsoft Security Bulletin MS12-037 - Critical Cumulative Security Update for Internet Explorer (2699988)

FreeBSD kernel privilege escalation
updated since 13.06.2012
Published:25.06.2012
Source:
SecurityVulns ID:12411
Type:local
Threat Level:
6/10
Description:Privilege escalation on susret on some CPUs.
Affected:FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 9.0
 FREEBSD : FreeBSD 8.3
CVE:CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the Intel x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability.")
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED] (25.06.2012)
 documentFREEBSD, CVE-2012-0217 (13.06.2012)

HP Business Service Management multiple security vulnerabilities
Published:25.06.2012
Source:
SecurityVulns ID:12439
Type:remote
Threat Level:
5/10
Description:Information leakage, unauthorized access, DoS.
Affected:HP : HP Business Service Management 9.12
CVE:CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.)
Original documentdocumentHP, [security bulletin] HPSBMU02792 SSRT100820 rev.1 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) (25.06.2012)

Cisco AnyConnect Secure Mobility Client multiple security vulnerabilities
updated since 25.06.2012
Published:27.08.2012
Source:
SecurityVulns ID:12440
Type:m-i-t-m
Threat Level:
5/10
Description:Code execution, protection bypass.
Affected:CISCO : AnyConnect Secure Mobility 3.0
CVE:CVE-2012-4655 (The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.)
 CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.)
 CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.)
 CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.)
 CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.)
Original documentdocumentZDI, ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability (26.08.2012)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client (25.06.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod