Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12598
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JOOMLA : Joomla 2.5
 WORDPRESS : Wordpress Download Monitor 3.3
 MICROCART : Microcart 1.0
 WORDPRESS : MF Gig Calendar 0.9
 OSSECWUI : ossec-wui 0.3
 ATLASSIAN : Confluence 3.0
CVE:CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.)
 CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.)
 CVE-2012-4241 (Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or (2) query string to _admin/index.php or (3) first_name, (4) last_name, (5) cc, (6) exp, (7) cvv, (8) address1, (9) address2, (10) city, (11) state, (12) zip, (13) phone, or (14) email parameter to checkout.php, which is not properly handled in an error message.)
Оригинальный текстdocumentsschurtz_(at)_darksecurity.de, Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities (01.10.2012)
 documentRobert Gilbert, [CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities (01.10.2012)
 documentA. Ramos, XSS in OSSEC wui 0.3 (01.10.2012)
 documentJoseph Sheridan, Microcart 1.0 Checkout Cross-Site Scripting Security Vulnerability (01.10.2012)
 documentJoseph Sheridan, Microcart 1.0 _Admin Cross-Site Scripting Security Vulnerability (01.10.2012)
 documentJoseph Sheridan, MF Gig Calendar Wordpress Plugin - Cross-Site Scripting (01.10.2012)
 documentJoseph Sheridan, Wordpress Download Monitor - Download Page Cross-Site Scripting (01.10.2012)
 documentMustLive, Multiple vulnerabilities in IFOBS (01.10.2012)
 documentMustLive, BF and XSS vulnerabilities in IFOBS (01.10.2012)
 documentMustLive, CSRF and XSS vulnerabilities in IFOBS (01.10.2012)

Слабые разрешения в Smartfren Connex
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12599
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на исполняемые файлы позволяют повышение привилегий.
Затронутые продукты:SMARTFREN : Connex EC1261-2 UI
Оригинальный текстdocumentX-Cisadane, Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability (01.10.2012)

Обход ограничений в xinetd
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12600
Тип:удаленная
Уровень опасности:
6/10
Описание:Некорректная организация проверок в сервере tcpmux.
Затронутые продукты:XINETD : xinetd 2.3
CVE:CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.)
Оригинальный текстdocumentMANDRIVA, CVE-2012-0862 (01.10.2012)

Уязвимости безопасности в Apache
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12601
Тип:удаленная
Уровень опасности:
5/10
Описание:Повышение привилегий через динамические библиотеки, межсайтовый скриптинг в mod_negotiation
Затронутые продукты:APACHE : Apache 2.4
CVE:CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.)
 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:154 ] apache (01.10.2012)

Многочисленные уязвимости безопасности в Apple Mac OS X
дополнено с 24 сентября 2012 г.
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12597
Тип:библиотека
Уровень опасности:
8/10
Описание:Многочисленные уязвимости в различных компонентах.
Затронутые продукты:APPLE : MacOS X 10.7
 APPLE : MacOS X 10.8
CVE:CVE-2012-3723 (Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device.)
 CVE-2012-3722 (The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.)
 CVE-2012-3721 (Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors.)
 CVE-2012-3720 (Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account.)
 CVE-2012-3719 (Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.)
 CVE-2012-3718 (Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.)
 CVE-2012-3716 (CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.)
 CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.)
 CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.)
 CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.)
 CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.)
 CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.)
 CVE-2012-0650 (Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.)
 CVE-2012-0643 (The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.)
 CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.)
 CVE-2011-3048 (The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.)
 CVE-2011-3026 (Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.)
Оригинальный текстdocumentNCC Group Research, NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution (01.10.2012)
 documentAPPLE, APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 (24.09.2012)

Многочисленные уязвимости безопасности в Cisco IOS
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12602
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные DoS-условия в реализации различных протоколов.
Затронутые продукты:CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
 CISCO : IOS XE 2.1
 CISCO : IOS XE 2.2
 CISCO : IOS XE 2.3
 CISCO : IOS XE 2.4
 CISCO : IOS 15.0
 CISCO : IOS 15.1
 CISCO : IOS XE 2.5
 CISCO : IOS XE 2.6
 CISCO : IOS XE 3.1
 CISCO : IOS 15.2
 CISCO : IOS XE 3.3
 CISCO : IOS XE 3.2
 CISCO : IOS XE 3.4
 CISCO : IOS XE 3.5
CVE:CVE-2012-4623 (The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x, 3.1.xS before 3.1.4S, 3.1.xSG and 3.2.xSG before 3.2.5SG, 3.2.xS, 3.2.xXO, 3.3.xS, and 3.3.xSG before 3.3.1SG allows remote attackers to cause a denial of service (device reload) via a malformed DHCPv6 packet, aka Bug ID CSCto57723.)
 CVE-2012-4621 (The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via a DHCP packet, aka Bug ID CSCty96049.)
 CVE-2012-4620 (Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ID CSCts66808.)
 CVE-2012-4618 (The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 allows remote attackers to cause a denial of service (device reload) via transit IP packets, aka Bug ID CSCtn76183.)
 CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, and IOS XR 4.1.0 through 4.2.2 allows remote attackers to cause a denial of service (multiple connection resets) by leveraging a peer relationship and sending a malformed attribute, aka Bug IDs CSCtt35379, CSCty58300, CSCtz63248, and CSCtz62914.)
 CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976.)
 CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.)
Файлы:Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability
 Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability
 Cisco IOS Software Network Address Translation Vulnerabilities
 Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability
 Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability
 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
 Cisco IOS Software DHCP Denial of Service Vulnerability

DoS против коммутаторов Cisco Catalyst
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12603
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при разборе специфического пакета.
Затронутые продукты:CISCO : Catalyst 4500E
CVE:CVE-2012-4622 (Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, when a Supervisor Engine 7L-E card is installed, allows remote attackers to cause a denial of service (card reload) via malformed packets that trigger uncorrected ECC error messages, aka Bug ID CSCty88456.)
Файлы:Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability

DoS против Cisco Unified Communications Manager
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12604
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе SIP
Затронутые продукты:CISCO : Unified Communications Manager 7.1
 CISCO : Unified Communications Manager 8.5
 CISCO : Unified Communications Manager 8.6
CVE:CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.)
Файлы:Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability

Межсайтовый скриптинг в Transmission
Опубликовано:1 октября 2012 г.
Источник:
SecurityVulns ID:12605
Тип:локальная
Уровень опасности:
3/10
Описание:Межсайтовый скриптинг в Transmission web client
CVE:CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.)
Оригинальный текстdocumentUBUNTU, [USN-1584-1]Transmission vulnerability (01.10.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород