Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows multiple security vulnerabilities
updated since 10.07.2013
Published:29.07.2013
Source:
SecurityVulns ID:13160
Type:library
Threat Level:
9/10
Description:Multiple vulnerabilities in .Net and Silverlight, multiple kernel components vulnerabilities, GDI+ TrueType parsing memory corruption, DirectShow memory corruption, VMW parsing memory corruption, multiple Internet Explorer memory corruption, Windows Defender privilege escalation.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows RT
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability.")
 CVE-2013-3178 (Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability.")
 CVE-2013-3174 (DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability.")
 CVE-2013-3173 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability.")
 CVE-2013-3172 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability.")
 CVE-2013-3171 (The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability.")
 CVE-2013-3167 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability.")
 CVE-2013-3166 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015.)
 CVE-2013-3164 (Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2013-3163 (Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.)
 CVE-2013-3162 (Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115.)
 CVE-2013-3161 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143.)
 CVE-2013-3154 (The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability.")
 CVE-2013-3153 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148.)
 CVE-2013-3152 (Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146.)
 CVE-2013-3151 (Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.)
 CVE-2013-3150 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145.)
 CVE-2013-3149 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2013-3148 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153.)
 CVE-2013-3147 (Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2013-3146 (Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152.)
 CVE-2013-3145 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150.)
 CVE-2013-3144 (Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.)
 CVE-2013-3143 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.)
 CVE-2013-3134 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability.")
 CVE-2013-3133 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability.")
 CVE-2013-3132 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability.")
 CVE-2013-3131 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability.")
 CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability.")
 CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability.")
 CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability.")
 CVE-2013-3127 (The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability.")
 CVE-2013-3115 (Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3162.)
 CVE-2013-1345 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability.")
 CVE-2013-1340 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability.")
 CVE-2013-1300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability.")
Original documentdocumentAndres Gomez Ramirez, DirectShow Arbitrary Memory Overwrite Vulnerability ms13-056 (29.07.2013)
Files:Microsoft Security Bulletin MS13-052 - Critical Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
 Microsoft Security Bulletin MS13-053 - Critical Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
 Microsoft Security Bulletin MS13-054 - Critical Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
 Microsoft Security Bulletin MS13-055 - Critical Cumulative Security Update for Internet Explorer (2846071)
 Microsoft Security Bulletin MS13-056 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
 Microsoft Security Bulletin MS13-057 - Critical Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
 Microsoft Security Bulletin MS13-058 - Important Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)

squid DoS
updated since 16.07.2013
Published:29.07.2013
Source:
SecurityVulns ID:13190
Type:remote
Threat Level:
7/10
Description:Crash on invalid Host: header.
Affected:SQUID : squid 3.3
CVE:CVE-2013-4115 (Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:199 ] squid (29.07.2013)
 documentHI-TECH ., Squid-3.3.5 DoS PoC (16.07.2013)

Dell Kace security vulnerabilities
updated since 17.07.2013
Published:29.07.2013
Source:
SecurityVulns ID:13193
Type:remote
Threat Level:
4/10
Description:Crossite scripting and SQL injection in web administration.
Affected:DELL : Kace 1000
Original documentdocumentVulnerability Lab, Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities (29.07.2013)
 documentVulnerability Lab, Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities (17.07.2013)

Foscam cameras security vulnerabilities
updated since 11.03.2013
Published:29.07.2013
Source:
SecurityVulns ID:12941
Type:remote
Threat Level:
5/10
Description:Directory traversal, CSRF.
CVE:CVE-2013-2574
 CVE-2013-2560 (Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions (29.07.2013)
 documentshekyan_(at)_gmail.com, [CVE-REQUEST] Multiple CSRF vulnerabilities on Foscam IP cameras web UI (15.04.2013)
 documentFrederic Basse, [CVE-REQUEST] Foscam <= 11.37.2.48 path traversal vulnerability (11.03.2013)

HP Network Node Manager multiple security vulnerabilities
updated since 19.07.2013
Published:29.07.2013
Source:
SecurityVulns ID:13207
Type:remote
Threat Level:
6/10
Description:Unauthorized access, code execution, DoS.
Affected:HP : Network Node Manager 9.2
CVE:CVE-2013-2351 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.)
 CVE-2012-3546 (org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.)
 CVE-2011-4858 (Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.)
 CVE-2011-4605 (The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.)
 CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484.)
 CVE-2011-1483 (wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.)
 CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.)
 CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.)
 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.)
 CVE-2009-3554 (Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file.)
 CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.)
Original documentdocumentHP, [security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code (29.07.2013)
 documentHP, [security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access (19.07.2013)

Symantec Web Gateway multiple security vulnerabilities
Published:29.07.2013
Source:
SecurityVulns ID:13215
Type:remote
Threat Level:
7/10
Description:Crossite scripting, crossite request forgery, SQL injection, code execution, privilege escalation.
Affected:SYMANTEC : Symantec Web Gateway 5.1
CVE:CVE-2013-4672 (The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command.)
 CVE-2013-4671 (Cross-site request forgery (CSRF) vulnerability in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2013-4670 (Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-1617 (Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2013-1616 (The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20130726-0 :: Multiple vulnerabilities - Surveillance via Symantec Web Gateway (29.07.2013)

Apache OpenOffice security vulnerabilities
Published:29.07.2013
Source:
SecurityVulns ID:13216
Type:client
Threat Level:
6/10
Description:Few memory corruptions.
Affected:APACHE : OpenOffice 3.4
CVE:CVE-2013-4156 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.)
 CVE-2013-2189 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.)
Original documentdocumentAPACHE, CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability (29.07.2013)
 documentAPACHE, CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability (29.07.2013)

CA Service Desk Manager crossite scripting
Published:29.07.2013
Source:
SecurityVulns ID:13217
Type:remote
Threat Level:
5/10
Description:Web interface crossite scripting.
Affected:CA : CA Service Desk Manager 12.7
CVE:CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
Original documentdocumentCA, CA20130725-01: Security Notice for CA Service Desk Manager (29.07.2013)

HP LoadRunner multiple security vulnerabilities
Published:29.07.2013
Source:
SecurityVulns ID:13218
Type:remote
Threat Level:
7/10
Description:DoS, code execution.
Affected:HP : LoadRunner 11.51
CVE:CVE-2013-4801 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736.)
 CVE-2013-4800 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.)
 CVE-2013-4799 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734.)
 CVE-2013-4798 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.)
 CVE-2013-4797 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690.)
 CVE-2013-2370 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671.)
 CVE-2013-2369 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670.)
 CVE-2013-2368 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669.)
Original documentdocumentHP, [security bulletin] HPSBGN02905 rev.1 - HP LoadRunner, Remote Code Execution and Denial of Service (DoS) (29.07.2013)

HP Application Lifecycle Management crossite scripting
Published:29.07.2013
Source:
SecurityVulns ID:13219
Type:remote
Threat Level:
5/10
Description:HP Application Lifecycle Management Quality Center crossite scripting.
Affected:HP : Application Lifecycle Management 11.50
CVE:CVE-2013-4802 (Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565.)
Original documentdocumentHP, [security bulletin] HPSBGN02906 rev.1 - HP Application Lifecycle Management Quality Center (ALM), Remote Cross Site Scripting (XSS) (29.07.2013)

Samsung TV DoS
Published:29.07.2013
Source:
SecurityVulns ID:13220
Type:remote
Threat Level:
4/10
Description:Crash on oversized GET request.
Affected:SAMSUNG : Samsung PS50C7700
CVE:CVE-2013-4890 (The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.)
Original documentdocumentmalik_(at)_itsecgames.com, Samsung TV - DoS vulnerability (29.07.2013)

Juniper Secure Access crossite scripting
Published:29.07.2013
Source:
SecurityVulns ID:13221
Type:remote
Threat Level:
5/10
Description:Crossite scripting in SSLVPN.
Affected:JUNIPER : Juniper Secure Access 7.3
CVE:CVE-2012-5460 (Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.)
Original documentdocumentAnil Pazvant, Juniper Secure Access XSS Vulnerability (29.07.2013)

Cisco Video Surveillance Manager multiple security vulnerabilities
Published:29.07.2013
Source:
SecurityVulns ID:13222
Type:remote
Threat Level:
6/10
Description:Directory traversal, authentication bypass.
Affected:CISCO : Video Surveillance Manager 7.0
CVE:CVE-2013-3431 (Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.)
 CVE-2013-3430 (Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288.)
 CVE-2013-3429 (Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.)
Files:Multiple Vulnerabilities in the Cisco Video Surveillance Manager

ISC bind DoS
Published:29.07.2013
Source:
SecurityVulns ID:13223
Type:remote
Threat Level:
7/10
Description:assert() on client request processing.
Affected:ISC : bind 9.9
CVE:CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-13:07.bind (29.07.2013)

FreeBSD NFS privilege escalation
Published:29.07.2013
Source:
SecurityVulns ID:13224
Type:remote
Threat Level:
6/10
Description:It's possible to access files with credentials of any user if anonymous NFS acccess is allowed.
Affected:FREEBSD : FreeBSD 8.3
 FREEBSD : FreeBSD 9.1
CVE:CVE-2013-4851 (The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver (29.07.2013)

OpenAFS security vulnerabilities
Published:29.07.2013
Source:
SecurityVulns ID:13225
Type:local
Threat Level:
4/10
Description:Weak enbcryption algorithm
Affected:OPENAFS : OpenAFS 1.6
CVE:CVE-2013-4135 (The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.)
 CVE-2013-4134 (OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2729-1] openafs security update (29.07.2013)

Barracuda Networks products multiple security vulnerabilities
Published:29.07.2013
Source:
SecurityVulns ID:13226
Type:remote
Threat Level:
5/10
Description:Web filter administration crossite scripting.
Affected:BARRACUDA : Barracuda Load Balancer 4.2
 BARRACUDA : Barracuda Spam & Virus Firewall 5.1
 BARRACUDA : Barracuda Web Filter 6.0
 BARRACUDA : Barracuda Web Firewall 7.7
Original documentdocumentVulnerability Lab, Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities (29.07.2013)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.07.2013
Source:
SecurityVulns ID:13227
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:XYMON : Xymon 4.3
 MAGNOLIA : Magnolia CMS 4.5
 JOOMLA : Googlemaps plugin for Joomla 3.2
 DUPLICATOR : Duplicator 0.4
 MAGNOLIA : Magnolia CMS 5.0
 APACHE : OFBiz 12.04
CVE:CVE-2013-4759 (Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.)
 CVE-2013-4625 (Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.)
 CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.)
 CVE-2013-2250 (Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.)
 CVE-2013-2137 (Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentUBUNTU, [USN-1911-1] Little CMS vulnerability (29.07.2013)
 documentAPACHE, [CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz (29.07.2013)
 documentAPACHE, [CVE-2013-2137] Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application (29.07.2013)
 documentSp3ctrecore, Easy Blog by JM LLC - Multiple Vulnerabilities (29.07.2013)
 documentSp3ctrecore, Basic Forum by JM LLC - Multiple Vulnerabilities (29.07.2013)
 documentHenrik Stoerner, Xymon Systems and Network Monitor - remote file deletion vulnerability (29.07.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Magnolia CMS (29.07.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Duplicator WordPress Plugin (29.07.2013)
 documentMustLive, DoS and XSS vulnerabilities in Googlemaps plugin for Joomla (29.07.2013)

SurgeFTP buffer overflow
Published:29.07.2013
Source:
SecurityVulns ID:13228
Type:remote
Threat Level:
6/10
Description:Heap based buffer overflow.
Affected:SURGEFTP : SurgeFTP 23d2
CVE:CVE-2013-4742 (Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string within the authentication request.)
Original documentdocumentAnil Pazvant, SurgeFtp Server BufferOverflow Vulnerability (29.07.2013)

XnView buffer overflow
Published:29.07.2013
Source:
SecurityVulns ID:13229
Type:local
Threat Level:
4/10
Description:Buffer overflow on .PCT parsing.
Affected:XNVIEW : XnView 2.03
CVE:CVE-2013-2577 (Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0705 - XnView Buffer Overflow Vulnerability (29.07.2013)

Artweaver buffer overflow
Published:29.07.2013
Source:
SecurityVulns ID:13230
Type:local
Threat Level:
4/10
Description:Buffer overflow on .AWD files parsing.
Affected:ARTWEAVER : Artweaver 3.1
CVE:CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability (29.07.2013)

EMC NetWorker information leakage
Published:29.07.2013
Source:
SecurityVulns ID:13231
Type:remote
Threat Level:
5/10
Description:It's possible to retrieve sensible configuration information.
Affected:EMC : NetWorker 7.6
 EMC : NetWorker 8.0
CVE:CVE-2013-0943 (EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.)
Original documentdocumentEMC, ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability (29.07.2013)

Little CMS library DoS
Published:29.07.2013
Source:
SecurityVulns ID:13232
Type:library
Threat Level:
5/10
Description:Crash on file parsing.
Affected:LCMS : Little CMS 2.4
CVE:CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.)
Original documentdocumentUBUNTU, [USN-1911-1] Little CMS vulnerability (29.07.2013)

Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
updated since 29.07.2013
Published:12.08.2013
Source:
SecurityVulns ID:13214
Type:remote
Threat Level:
8/10
Description:Quarterly CPU fixes 89 dufferent vulnerabilities.
Affected:ORACLE : Solaris 8
 ORACLE : Solaris 9
 ORACLE : Solaris 10
 ORACLE : Oracle 10g
 ORACLE : Oracle E-Business Suite 11i
 ORACLE : Oracle 11g
 ORACLE : PeopleSoft Enterprise Portal 9.1
 ORACLE : Enterprise Manager Grid Control 11g
 ORACLE : Enterprise Manager Grid Control 10g
 ORACLE : Enterprise Manager Plugin for Database 12c
 ORACLE : Outside In Technology 8.4
 ORACLE : Oracle E-Business Suite 12i
 ORACLE : PeopleSoft HRMS 9.1
 ORACLE : PeopleSoft PeopleTools 8.53
 ORACLE : MySQL 5.6
 ORACLE : Oracle Access Manager 11.1
 ORACLE : Endeca Server 7.5
 ORACLE : Oracle HTTP Server 10.1
 ORACLE : JRockit 27.7
 ORACLE : JRockit 28.2
 ORACLE : Oracle WebCenter Content 11.1
 ORACLE : Hyperion BI 11.1
 ORACLE : Agile Collaboration Framework 9.3
 ORACLE : Agile PLM Framework 9.3
 ORACLE : Agile Product Framework 9.3
 ORACLE : iLearning 5.2
 ORACLE : iLearning 6.0
 ORACLE : Oracle Policy Automation 10.4
 ORACLE : Solaris 11.1
 ORACLE : Solaris Cluster 3.3
 ORACLE : Solaris Cluster 4.1
 ORACLE : SPARC Enterprise M
 ORACLE : Oracle Secure Global Desktop 4.7
CVE:CVE-2013-3825 (Unspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders & Files Attachment.)
 CVE-2013-3824 (Unspecified vulnerability in the Oracle Agile Collaboration Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Manufacturing/Mfg Parts.)
 CVE-2013-3823 (Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.)
 CVE-2013-3822 (Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS).)
 CVE-2013-3821 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via unknown vectors related to Integration Broker.)
 CVE-2013-3820 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect availability via unknown vectors related to Business Interlink.)
 CVE-2013-3819 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via unknown vectors related to Mobile Applications.)
 CVE-2013-3818 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Portal.)
 CVE-2013-3816 (Unspecified vulnerability in the Oracle Policy Automation component in Oracle Industry Applications 10.2.0, 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Determinations Engine.)
 CVE-2013-3813 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix.)
 CVE-2013-3812 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.)
 CVE-2013-3811 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.)
 CVE-2013-3810 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.)
 CVE-2013-3809 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.)
 CVE-2013-3808 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.)
 CVE-2013-3807 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.)
 CVE-2013-3806 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.)
 CVE-2013-3805 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.)
 CVE-2013-3804 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.)
 CVE-2013-3803 (Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service.)
 CVE-2013-3802 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.)
 CVE-2013-3801 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.)
 CVE-2013-3800 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Interlinks.)
 CVE-2013-3799 (Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel.)
 CVE-2013-3798 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.)
 CVE-2013-3797 (Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS.)
 CVE-2013-3796 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.)
 CVE-2013-3795 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.)
 CVE-2013-3794 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.)
 CVE-2013-3793 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.)
 CVE-2013-3791 (Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.)
 CVE-2013-3790 (Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Privileged Account.)
 CVE-2013-3789 (Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2013-3788 (Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Supplier Management.)
 CVE-2013-3787 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel.)
 CVE-2013-3786 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.)
 CVE-2013-3784 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors Time and Labor.)
 CVE-2013-3783 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.)
 CVE-2013-3782 (Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors related to Web UI.)
 CVE-2013-3781 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776.)
 CVE-2013-3780 (Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Saved Search.)
 CVE-2013-3779 (Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI.)
 CVE-2013-3778 (Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Help.)
 CVE-2013-3777 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Signon.)
 CVE-2013-3776 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781.)
 CVE-2013-3775 (Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.)
 CVE-2013-3774 (Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2013-3773 (Unspecified vulnerability in the SPARC Enterprise M Series Servers component in Oracle and Sun Systems Products Suite XCP 1114 and earlier allows remote attackers to affect availability via vectors related to XSCF Control Package (XCP).)
 CVE-2013-3772 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Web Forms.)
 CVE-2013-3771 (Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3760.)
 CVE-2013-3770 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server.)
 CVE-2013-3769 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote attackers to affect integrity via unknown vectors related to Site Studio.)
 CVE-2013-3768 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Rich Text Editor.)
 CVE-2013-3767 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2013-3765 (Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM.)
 CVE-2013-3764 (Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3763.)
 CVE-2013-3763 (Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.)
 CVE-2013-3761 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products Portal 9.1 and PeopleTools 8.52 allows remote attackers to affect integrity via vectors related to PIA Core Technology.)
 CVE-2013-3760 (Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3771.)
 CVE-2013-3759 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Search Functionality.)
 CVE-2013-3758 (Unspecified vulnerability in the Enterprise Manager (EM) Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to Schema Management.)
 CVE-2013-3757 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.)
 CVE-2013-3756 (Unspecified vulnerability in the Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Shipment Workbench.)
 CVE-2013-3755 (Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0, 11.1.1.7.0, and 11.1.2.0.0 allows remote attackers to affect integrity via vectors related to SSO Engine.)
 CVE-2013-3754 (Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to HA for TimesTen.)
 CVE-2013-3753 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.)
 CVE-2013-3752 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect integrity via vectors related to Service Management Facility (SMF).)
 CVE-2013-3751 (Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2013-3750 (Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/VM)
 CVE-2013-3749 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous information is from the July 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to storage of credentials in the (1) FND_LOG_MESSAGES database table or (2) log files.)
 CVE-2013-3748 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover).)
 CVE-2013-3747 (Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Client System Analyzer.)
 CVE-2013-3746 (Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.2, 3.3, and 4 prior to 4.1 SRU 3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Cluster Infrastructure.)
 CVE-2013-3745 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.)
 CVE-2013-2461 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm.")
 CVE-2013-1861 (MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.)
 CVE-2013-0398 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd).)
 CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.)
 CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.)
 CVE-2011-0419 (Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.)
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.)
 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.)
 CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers.")
 CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.)
 CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.)
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.)
 CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.)
Original documentdocumentNCC Group Research, NGS00434 Technical Advisory: Oracle Hyperion 11 Directory Traversal (12.08.2013)
Files:Oracle Critical Patch Update Advisory - July 2013

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod