Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
updated since 12.10.2012
Published:29.10.2012
Source:
SecurityVulns ID:12639
Type:remote
Threat Level:
9/10
Description:Information leakage, multiple memory corruptions, crossite scripting, etc.
Affected:MOZILLA : Firefox 14
 MOZILLA : SeaMonkey 2.12
 MOZILLA : Firefox 15
 MOZILLA : Firefox 16
 MOZILLA : SeaMonkey 2.11
 MOZILLA : SeaMonkey 2.13
 MOZILLA : Thunderbird 15
 MOZILLA : Thunderbird 16
CVE:CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.)
 CVE-2012-4196 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.)
 CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.)
 CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.)
 CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.)
 CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.)
 CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-4187 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.)
 CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-4185 (Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4184 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.)
 CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4181 (Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4180 (Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-4179 (Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-3994 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.)
 CVE-2012-3993 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.)
 CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.)
 CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.)
 CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.)
 CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.)
 CVE-2012-3989 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.)
 CVE-2012-3988 (Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.)
 CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.)
 CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.)
 CVE-2012-3985 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.)
 CVE-2012-3984 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.)
 CVE-2012-3983 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-3977 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4930. Reason: This candidate is a duplicate of CVE-2012-4930. Notes: All CVE users should reference CVE-2012-4930 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Files:Mozilla Foundation Security Advisory 2012-90
 Mozilla Foundation Security Advisory 2012-73
 Mozilla Foundation Security Advisory 2012-74
 Mozilla Foundation Security Advisory 2012-75
 Mozilla Foundation Security Advisory 2012-76
 Mozilla Foundation Security Advisory 2012-77
 Mozilla Foundation Security Advisory 2012-78
 Mozilla Foundation Security Advisory 2012-79
 Mozilla Foundation Security Advisory 2012-80
 Mozilla Foundation Security Advisory 2012-81
 Mozilla Foundation Security Advisory 2012-82
 Mozilla Foundation Security Advisory 2012-83
 Mozilla Foundation Security Advisory 2012-84
 Mozilla Foundation Security Advisory 2012-85
 Mozilla Foundation Security Advisory 2012-86
 Mozilla Foundation Security Advisory 2012-87
 Mozilla Foundation Security Advisory 2012-88
 Mozilla Foundation Security Advisory 2012-89

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.10.2012
Source:
SecurityVulns ID:12674
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIMPLEMACHINES : Simple Machines Forum 2.0
 VIEWVC : viewvc 1.1
 TASKFREAK : TaskFreak 0.6
 WORDPRESS : Wordpress 3.4
 WORDPRESS : Wordpress Download Monitor 3.3
 LAYTON : Layton Helpbox 4.4
 INVENTORY : Inventory 1.0
 WORDPRESS : GRAND Flash Album Gallery 1.9
 WORDPRESS : GRAND Flash Album Gallery 2.0
 VAM : VaM Shop 1.69
 CLIPBUCKET : ClipBucket 2.6
 CMSMINI : CMSMini 0.2
 NOVOSOLUTIONS : Knowledge Base EE 4.62
CVE:CVE-2012-4977 (Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network.)
 CVE-2012-4976 (selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.)
 CVE-2012-4975 (editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.)
 CVE-2012-4974 (Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie.)
 CVE-2012-4973
 CVE-2012-4972 (Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp.)
 CVE-2012-4971 (Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp.)
 CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.)
 CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.)
 CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak.")
 CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.)
 CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.)
Original documentdocumentVulnerability Lab, ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities (29.10.2012)
 documentVulnerability Lab, Knowledge Base EE v4.62.0 - SQL Injection Vulnerability (29.10.2012)
 documentRoberto Paleari, Multiple vulnerabilities in Ezylog photovoltaic management server (29.10.2012)
 documentJoseph Sheridan, Wordpress Download Monitor - Download Page Cross-Site Scripting (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in TaskFreak (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in CMSMini (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in ClipBucket (29.10.2012)
 documentsec.team_(at)_cyberservices.com, VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities (29.10.2012)
 documentIrIsT.Ir_(at)_gmail.com, Smf 2.0.2 Cross-Site Scripting Vulnerability (29.10.2012)
 documentJanek Vind, [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin (29.10.2012)
 documentIrIsT.Ir_(at)_gmail.com, Wordpress 3.4 Cross-Site Scripting Vulnerability (29.10.2012)
 documentThomas Richards, Inventory 1.0 Multiple SQL Vulnerabilities (29.10.2012)
 documentThomas Richards, Inventory 1.0 Multiple XSS Vulnerabilities (29.10.2012)
 documentJoseph Sheridan, [SECURITY] [DSA 2563-1] viewvc security update (29.10.2012)
 documentJoseph Sheridan, Layton Helpbox 4.4.0 Multiple Security Issues (29.10.2012)

Sybase ASE security vulnerabilities
Published:29.10.2012
Source:
SecurityVulns ID:12675
Type:library
Threat Level:
6/10
Description:Повышение привилегий, выполнение кода.
Affected:SYBASE : Sybase ASE 15.0
 SYBASE : Sybase ASE 15.5
 SYBASE : Sybase ASE 15.7
Original documentdocumentSHATTER, Team SHATTER Security Advisory: Elevated roles through DBCC (29.10.2012)
 documentSHATTER, Team SHATTER Security Advisory: Java Operating System command execution (29.10.2012)

IBM DB2 privilege escalation
Published:29.10.2012
Source:
SecurityVulns ID:12676
Type:library
Threat Level:
5/10
Description:Privilege escalation via GET_WRAP_CFG_C and GET_WRAP_CFG_C2 stored procedures.
Affected:IBM : DB2 LUW 9.1
 IBM : DB2 LUW 9.5
 IBM : DB2 LUW 9.7
 IBM : DB2 LUW 10.1
Original documentdocumentSHATTER, Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2 (29.10.2012)

IBM Informix Dynamic Server buffer overflow
Published:29.10.2012
Source:
SecurityVulns ID:12677
Type:library
Threat Level:
5/10
Description:SET COLLATION buffer overflow.
Affected:IBM : Informix Dynamic Server 11.50
Original documentdocumentEwerson Guimarгes (Crash) - Dclabs, [DCA-2011-0013] - IBM Informix Dynamic Server 11.50 SET COLLATION Stack OverFlow (29.10.2012)

Beaker information leakage
Published:29.10.2012
Source:
SecurityVulns ID:12678
Type:library
Threat Level:
5/10
Description:Information leakage in AES ECB mode.
Affected:PYTHON : Beaker 1.6
CVE:CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2541-1] beaker security update (29.10.2012)

RSA BSAFE security vulnerabilities
Published:29.10.2012
Source:
SecurityVulns ID:12679
Type:remote
Threat Level:
5/10
Description:BEAST attacks, buffer overflows.
Affected:RSA : BSAFE Micro Edition Suite 4.0
 RSA : BSAFE SSL-C 2.8
CVE:CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.)
 CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Original documentdocumentEMC, ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks (29.10.2012)
 documentEMC, ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities (29.10.2012)

Sitecom Home Storage Center security vulnerabilities
Published:29.10.2012
Source:
SecurityVulns ID:12680
Type:remote
Threat Level:
4/10
Description:SQL injection, XSS.
Affected:SITECOM : Sitecom MD-253
 SITECOM : Sitecom MD-254
Original documentdocumentmattijs_(at)_alcyon.nl, Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center (29.10.2012)
 documentmattijs_(at)_alcyon.nl, Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center (29.10.2012)

Cisco Unified Presence / Jabber Extensible Communications Platform DoS
Published:29.10.2012
Source:
SecurityVulns ID:12682
Type:remote
Threat Level:
5/10
Description:Crash on stream header parsing.
Affected:CISCO : Cisco Unified Presence 8.6
 CISCO : Jabber Extensible Communications Platform 5.2
CVE:CVE-2012-3935 (Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.)
Files:Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability

Cisco ASA-CX Context-Aware Security appliance / Cisco Prime Security Manager DoS
Published:29.10.2012
Source:
SecurityVulns ID:12683
Type:remote
Threat Level:
5/10
Description:File resources exhaustion.
Affected:CISCO : Cisco ASA-CX Context-Aware Security 9.0
 CISCO : Cisco Prime Security Manager 9.0
CVE:CVE-2012-4629 (The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603.)
Files:Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability

OpenStack security vulnerabilities
updated since 29.10.2012
Published:10.12.2012
Source:
SecurityVulns ID:12681
Type:remote
Threat Level:
5/10
Description:User authorization vulnerabilities.
CVE:CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.)
 CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.)
 CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.)
 CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.)
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.)
Original documentdocumentUBUNTU, [USN-1641-1] OpenStack Keystone vulnerabilities (10.12.2012)
 documentUBUNTU, [USN-1565-1] OpenStack Horizon vulnerability (29.10.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod