 |
|
|
|
Asterisk SIP processing security vulnerabilities
updated since 11.12.2011 | | Published: |  | 26.12.2011 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 12079 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | DoS, information leakage. |
Microsoft Windows multiple security vulnerabilities
updated since 15.12.2011 | | Published: | | 26.12.2011 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 12090 | | Type: | | client | | Level: | | 9/10 | | Description: | | Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution. |
| Affected: |  | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | | | MICROSOFT : Windows 2008 Server_ | | CVE: |  | CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability.") | | | | CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability.") | | | | CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability.") | | | | CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability.") | | | | CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability.") |
Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2011 | | Published: | | 26.12.2011 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 12091 | | Type: | | client | | Level: | | 6/10 | | Description: | | Information leakage, insecure library loading. |
| Affected: | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | CVE: | | CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability.") | | | | CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability.") | | | | CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability.") |
Adobe Flash Player multiple security vulnerabilities
updated since 11.11.2011 | | Published: | | 26.12.2011 | | Source: | | ADOBE | | SecurityVulns ID: | | 12035 | | Type: | | client | | Level: | | 9/10 | | Description: | | Multiple memory corruptions, buffer overflows, crossite data access. |
| Affected: | | ADOBE : Flash Player 11.0 | | | | ADOBE : AIR 3.0 | | CVE: | | CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.) | | | | CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.) | | | | CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.) | | | | CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.) | | | | CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.) | | | | CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.) | | | | CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.) | | | | CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.) | | | | CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.) | | | | CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.) | | | | CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.) | | | | CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.) |
| tor buffer overflows | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12108 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Heap buffer overflow on SOCKS request parsing. |
| Affected: | | TOR : tor 0.2 | | CVE: | | CVE-2011-2778 (Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.) |
| Google Crome for Androind certificate information spoofing | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12109 | | Type: | | client | | Level: | | 4/10 | | Description: | | It's possible to spoof certificate information by using IFRAME. |
| libarchive library buffer overflow | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12110 | | Type: | | library | | Level: | | 5/10 | | Description: | | Buffer overflow on ISO 9660 image parsing. |
| CVE: | | CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.) |
| IBM TS3100 / IBM TS3200 tape libraries authentication bypass | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12111 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Authentication bypass in Web interface. |
| CVE: | | CVE-2011-1372 (The Web User Interface on the IBM TS3100 and TS3200 tape libraries with firmware before A.60 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors.) |
| Unbound DNS resolver DoS conditions | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12112 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Different denial of service conditions |
| Affected: | | UNBOUND : unbound 1.4 | | CVE: | | CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.) | | | | CVE-2011-4528 (Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.) |
| pfSense invalid certificates issue | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12113 | | Type: | | library | | Level: | | 5/10 | | Description: | | All certificates are issued with CA:true flag. |
| Affected: | | PFSENSE : pfSense 2.0 | | CVE: | | CVE-2011-4197 (etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.) |
| WellinTech KingView buffer overflow | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12114 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on TCP/777 request parsing. |
| CVE: | | CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.) |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 26.12.2011 | | Source: | | | | SecurityVulns ID: | | 12117 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | PHPMYADMIN : phpMyAdmin 3.4 | | | | TIKI : Tiki Wiki CMS Groupware 8.2 | | | | EPESIBIM : epesi BIM 1.2 | | | | OBM : obm 2.4 | | | | PHPSHOP : PHPShop CMS Free 3.4 | | | | MEDIAWIKI : mediawiki 1.16 | | | | DTC : dtc 0.34 | | | | BOOKINGCALENDAR : PHP Booking Calendar 10e | | | | SASHA : SASHA 0.2 | | | | APPRAIN : appRain CMF 0.1 | | | | NOVELL : Sentinel Log Manager 1.2 | | CVE: | | CVE-2011-4782 (Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.) | | | | CVE-2011-4551 | | | | CVE-2011-4361 (MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.) | | | | CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.) | | | | CVE-2011-3199 | | | | CVE-2011-3198 | | | | CVE-2011-3197 | | | | CVE-2011-3196 | | | | CVE-2011-3195 | | | | CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.) | | | | CVE-2011-1580 (The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.) | | | | CVE-2011-1579 (The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.) | | | | CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.) |
| Original document |  | Andrea Fabrizi, Novell Sentinel Log Manager <=1.2.0.1 Path Traversal (26.12.2011) |
| | | research_(at)_vulnerability-lab.com, appRain CMF v0.1.5 - Multiple Web Vulnerabilities (26.12.2011) |
| | | tom, SASHA v0.2.0 Mutiple XSS (26.12.2011) |
| | | tom, PHP Booking Calendar 10e XSS (26.12.2011) |
| | | DEBIAN, [SECURITY] [DSA 2365-1] dtc security update (26.12.2011) |
| | | DEBIAN, [SECURITY] [DSA 2366-1] mediawiki security update (26.12.2011) |
| | | advisory_(at)_htbridge.ch, Multiple vulnerabilities in PHPShop CMS Free (26.12.2011) |
| | | security_(at)_infoserve.de, Tiki Wiki CMS Groupware Stored Cross-Site-Scripting (26.12.2011) |
| | | advisory_(at)_htbridge.ch, Multiple vulnerabilities in epesi BIM (26.12.2011) |
| | | Trustwave Advisories, TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin (26.12.2011) |
| | | n0b0d13s_(at)_gmail.com, Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection (26.12.2011) |
| WhatsApp messenging protocol multiple security vulnerabilities | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12118 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Unauthroized user status change, registration bypass, cleartext data transmission. |
| Enterasys NetSight buffer overflow | | Published: | | 26.12.2011 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12119 | | Type: | | remote | | Level: | | 6/10 | | Description: | | nssyslogd buffer overflow on UDP/514 packet parsing. |
lighthttpd security vulnerabilities
updated since 26.12.2011 | | Published: | | 02.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12116 | | Type: | | remote | | Level: | | 4/10 | | Description: | | DoS on base64 parsing. |
| Affected: | | LIGHTHTTPD : lighttpd 1.4 | | CVE: | | CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.) | | | | CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.) |
HP Managed Printing Administration multiple security vulnerabilities
updated since 26.12.2011 | | Published: | | 09.01.2012 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 12115 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflows, unauthorized files access, directory raversal. |
| CVE: | | CVE-2011-4169 (Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.) | | | | CVE-2011-4168 (Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.) | | | | CVE-2011-4167 (Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp.) | | | | CVE-2011-4166 (Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.) |
|
|
|
|
|
|
|
|
