Computer Security
[EN] securityvulns.ru no-pyccku


TP-LINK TL-WR841N security vulnerabilities
updated since 01.11.2012
Published:26.11.2012
Source:
SecurityVulns ID:12687
Type:remote
Threat Level:
4/10
Description:Directory traversal and crossite scripting in web interface.
Affected:TPLINK : TP-LINK TL-WR841N
CVE:CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.)
Original documentdocumentMatan Azugi, FW: =| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |= (26.11.2012)
 documentMatan Azugi, [BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE] (01.11.2012)

libproxy buffer overflow
updated since 06.11.2012
Published:26.11.2012
Source:
SecurityVulns ID:12699
Type:library
Threat Level:
5/10
Description:Integer overflow on Content-Length parsing leads to buffer overflow, buffer overflow on proxy.pac parsing.
Affected:LIBPROXY : libproxy 0.3
CVE:CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.)
 CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:172 ] libproxy (26.11.2012)
 documentDEBIAN, [SECURITY] [DSA 2571-1] libproxy security update (06.11.2012)

FreeBSD privilege escalation
Published:26.11.2012
Source:
SecurityVulns ID:12724
Type:local
Threat Level:
6/10
Description:Kernel memory overwrite via Linux compatibility subsystem.
Affected:FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 9.0
 FREEBSD : FreeBSD 8.3
 FREEBSD : FreeBSD 9.1
CVE:CVE-2012-4576
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-12:08.linux (26.11.2012)

Apache Tomcat multiple security vulnerabilities
Published:26.11.2012
Source:
SecurityVulns ID:12725
Type:remote
Threat Level:
6/10
Description:Authentication bypass and replay attacks on Digest authentication, DoS.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.)
 CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.)
 CVE-2012-5885 (The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.)
 CVE-2012-2733 (java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.)
Original documentdocumentUBUNTU, [USN-1637-1] Tomcat vulnerabilities (26.11.2012)

trousers DoS
Published:26.11.2012
Source:
SecurityVulns ID:12726
Type:remote
Threat Level:
5/10
Description:tcsd DoS
Affected:TROUSERS : trousers 0.3
CVE:CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2576-1] trousers security update (26.11.2012)

libunity memory corruption
Published:26.11.2012
Source:
SecurityVulns ID:12727
Type:library
Threat Level:
5/10
Description:Memory corruption in hash tables handling.
CVE:CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted web site, related to "certain hash tables.")
Original documentdocumentUBUNTU, [USN-1635-1] libunity-webapps vulnerability (26.11.2012)

Belkin wireless routers weak key
Published:26.11.2012
Source:
SecurityVulns ID:12728
Type:remote
Threat Level:
5/10
Description:Firmware WPA2 key is generated by MAC address.
CVE:CVE-2012-4366 (Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.)
Original documentdocumentJakob Lell , CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers (26.11.2012)

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 26.11.2012
Published:03.12.2012
Source:
SecurityVulns ID:12723
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, buffer overflows, privilege escalations and protection bypass.
Affected:MOZILLA : Firefox ESR 10.0
 MOZILLA : Thunderbird ESR 10.0
 MOZILLA : SeaMonkey 2.13
 MOZILLA : Firefox 16.0
 MOZILLA : Thunderbird 16.0
CVE:CVE-2012-5843 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-5842 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-5841 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.)
 CVE-2012-5840 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214.)
 CVE-2012-5839 (Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-5838 (The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.)
 CVE-2012-5837 (The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.)
 CVE-2012-5836 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.)
 CVE-2012-5835 (Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.)
 CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.)
 CVE-2012-5830 (Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.)
 CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-4218 (Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4217 (Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4216 (Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4215 (Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4214 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.)
 CVE-2012-4213 (Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4212 (Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4210 (The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.)
 CVE-2012-4209 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin.)
 CVE-2012-4208 (The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.)
 CVE-2012-4207 (The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.)
 CVE-2012-4206 (Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.)
 CVE-2012-4205 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.)
 CVE-2012-4204 (The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.)
 CVE-2012-4203 (The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.)
 CVE-2012-4202 (Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.)
 CVE-2012-4201 (The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Free Vulnerability (03.12.2012)
 documentVUPEN Security Research, VUPEN Security Research - Mozilla Firefox "imgRequestProxy" Remote Use-After-Free Vulnerability (02.12.2012)
Files:Mozilla Foundation Security Advisory 2012-91
 Mozilla Foundation Security Advisory 2012-92
 Mozilla Foundation Security Advisory 2012-93
 Mozilla Foundation Security Advisory 2012-94
 Mozilla Foundation Security Advisory 2012-95
 Mozilla Foundation Security Advisory 2012-96
 Mozilla Foundation Security Advisory 2012-97
 Mozilla Foundation Security Advisory 2012-98
 Mozilla Foundation Security Advisory 2012-99
 Mozilla Foundation Security Advisory 2012-100
 Mozilla Foundation Security Advisory 2012-101
 Mozilla Foundation Security Advisory 2012-102
 Mozilla Foundation Security Advisory 2012-103
 Mozilla Foundation Security Advisory 2012-104
 Mozilla Foundation Security Advisory 2012-105
 Mozilla Foundation Security Advisory 2012-106

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod