Информационная безопасность
[RU] switch to English


Обход ограничений ограниченной среды в Java
дополнено с 29 августа 2012 г.
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12548
Тип:библиотека
Уровень опасности:
8/10
Описание:Существует несколько способов обхода ограничений и выполнения привилегированного кода из апплета.
Затронутые продукты:ORACLE : JDK 7
 ORACLE : JRE 7
CVE:CVE-2012-4681 (Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.)
Оригинальный текстdocumentSecurity Explorations, [SE-2012-01] New security issue affecting Java SE 7 Update 7 (02.09.2012)
 documentCERT, US-CERT Alert TA12-240A - Oracle Java 7 Security Manager Bypass Vulnerability (29.08.2012)
 documentSecurity Explorations, [SE-2012-01] information regarding recently discovered Java 7 attack (29.08.2012)

Уязвимости безопасности в Asterisk
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12552
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода в Asterisk Manager, обход ограничений IAX2.
Затронутые продукты:ASTERISK : Asterisk 1.8
 ASTERISK : Asterisk 10.7
CVE:CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.)
 CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.)
Оригинальный текстdocumentASTERISK, AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users (02.09.2012)
 documentASTERISK, AST-2012-012: Asterisk Manager User Unauthorized Shell Access (02.09.2012)

Ошибка форматной строки в EMC Networker
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12553
Тип:удаленная
Уровень опасности:
6/10
Описание:Ошибка форматной строки при разборе RPC-Запроса.
Затронутые продукты:EMC : Emc Networker 7.6
 EMC : NetWorker 8.0
CVE:CVE-2012-2288 (Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.)
Оригинальный текстdocumentEMC, ESA-2012-038: EMC NetWorker Format String Vulnerability (02.09.2012)

Выполнение кода в HP iNode Management Center
дополнено с 27 августа 2012 г.
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12532
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода в iNodeMngChecker.exe при обработке запроса TCP/9090.
CVE:CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet.)
Оригинальный текстdocumentHP, [security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code (02.09.2012)
 documentHP, ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability (27.08.2012)

DoS против squidguard
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12555
Тип:удаленная
Уровень опасности:
5/10
Описание:Запрос длинной URL приводит к отключению защиты.
Затронутые продукты:SQUIDGUARD : squidGuard 1.4
Оригинальный текстdocumentStefan Bauer, squidGuard 1.4 - Remote Denial of Service - POC (02.09.2012)

Некорректная работа с сертификатами в libgdata
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12556
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Не проверяется сертификат, что позволяет атаки man-in-the-middle.
Затронутые продукты:LIBGDATA : libgdata 0.10
 LIBGDATA : libgdata 0.11
CVE:CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.)
Оригинальный текстdocumentUBUNTU, [USN-1547-1] libGData, evolution-data-server vulnerability (02.09.2012)

Многочисленные уязвимости безопасности в HP SiteScope
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12557
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные возможности выполнения кода через вызовы SOAP и UploadFileHandler.
Оригинальный текстdocumentZDI, ZDI-12-173 : (0Day) HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, ZDI-12-174 : (0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, ZDI-12-175 : (0Day) HP SiteScope SOAP Call create Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, ZDI-12-176 : (0Day) HP SiteScope SOAP Call getFileInternal Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, ZDI-12-177 : (0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, ZDI-12-178 : (0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, SOAP и UploadFileHandler. (02.09.2012)

Несанкционированный доступ через EMC ApplicationXtender
дополнено с 27 августа 2012 г.
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12536
Тип:удаленная
Уровень опасности:
7/10
Описание:Возможна загрузка файлов на удаленную систему.
Затронутые продукты:EMC : ApplicationXtender 6.5
CVE:CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors.)
Оригинальный текстdocumentZDI, ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability (02.09.2012)
 documentEMC, ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability (27.08.2012)

Переполнение буфера в Novell iPrint
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12558
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в nipplib
Затронутые продукты:NOVELL : iPrint Client 5.77
CVE:CVE-2011-4186 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705.)
Оригинальный текстdocumentZDI, ZDI-12-181 : Novell iPrint nipplib.dll client-file-name Parsing Remote Code Execution Vulnerability (02.09.2012)

Повреждение памяти в ActiveX Novell ZENWorks AdminStudio
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12559
Тип:клиент
Уровень опасности:
5/10
Описание:Повреждение памяти в ISGrid.dll
Оригинальный текстdocumentZDI, ZDI-12-180 : Novell ZENWorks AdminStudio ISGrid.dll ActiveX Remote Code Execution Vulnerability (02.09.2012)

Инъекция SQL в HP Operations Orchestration
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12560
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекция SQL в сервисе RSScheduler на порту TCP/9001
Оригинальный текстdocumentZDI, ZDI-12-172 : (0Day) HP Operations Orchestration RSScheduler Service JDBC Connector Remote Code Execution Vulnerability (02.09.2012)

Переполнение буфера в Hewlett-Packard Intelligent Management Center
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12561
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в службе UDP/1811
Оригинальный текстdocumentZDI, ZDI-12-171 : (0Day) Hewlett-Packard Intelligent Management Center UAM sprintf Remote Code Execution Vulnerability (02.09.2012)

Перезапись памяти в AcitveX HP Application Lifecycle Management
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12562
Тип:клиент
Уровень опасности:
5/10
Описание:Перезапись памяти по контролируемому пользователем адресу в XGO.ocx
Оригинальный текстdocumentZDI, ZDI-12-170 : (0Day) HP Application Lifecycle Management XGO.ocx ActiveX Control Remote Code Execution Vulnerability (02.09.2012)

Переполнение буфера в ActiveX InduSoft Thin Client
дополнено с 27 августа 2012 г.
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12530
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера через параметр InternationalOrder ISSymbol.ocx
CVE:CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.)
Оригинальный текстdocumentZDI, ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, CVE-2011-0340 (27.08.2012)

Выполнение кода через ActiveX GE Proficy Historian
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12563
Тип:клиент
Уровень опасности:
5/10
Описание:Выполнение кода в KeyHelp

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 2 сентября 2012 г.
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12565
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHORUM : Phorum 5.2
 BUGZILLA : Bugzilla 3.6
 CHAMILIO : Chamilo 1.8
 TYPO3 : typo3 4.5
 BUGZILLA : Bugzilla 4.3
 OTRS : otrs2 3.1
 RTFM : rtfm 4.0
 PRESTASHOP : PrestaShop 1.4
 MIHALISM : Mihalism Multi Host 5.0
 COMMPORT : CommPort 1.01
CVE:CVE-2012-4234 (Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.)
 CVE-2012-4030
 CVE-2012-4029
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt.)
 CVE-2012-3531 (Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-3530 (Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.)
 CVE-2012-3529 (The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.)
 CVE-2012-3528 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-3527 (view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC).")
 CVE-2012-2768 (Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-2582 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.)
 CVE-2012-2517
Оригинальный текстdocumentLpSolit_(at)_gmail.com, Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10 (03.09.2012)
 documentadvisories_(at)_highsecure.ir, Paliz CMS Full Path Disclosure Vulnerability (02.09.2012)
 documentexplo21ter_(at)_gmail.com, Exploit Title: Mihalism Multi Host v 5.0 (02.09.2012)
 documentIrIsT.Ir_(at)_gmail.com, Wordpress fckeditor Arbitrary File Upload Vulnerability (02.09.2012)
 documentpereira_(at)_secbiz.de, CommPort 1.01 <= SQL Injection Vulnerability (02.09.2012)
 documentbeford, Chamilo 1.8.8.4 Multiple Vulnerabilities (02.09.2012)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Phorum (02.09.2012)
 documentHigh-Tech Bridge Security Research, XSS in PrestaShop (02.09.2012)
 documentadmin_(at)_eidelweiss.info, Sistem Biwes Multiple Vulnerability` (02.09.2012)
 documentDEBIAN, [SECURITY] [DSA 2535-1] rtfm security update (02.09.2012)
 documentDEBIAN, [SECURITY] [DSA 2536-1] otrs2 security update (02.09.2012)
 documentUBUNTU, [SECURITY] [DSA 2537-1] typo3-src security update (02.09.2012)
 documentLpSolit_(at)_gmail.com, Security advisory for Bugzilla 4.3.3, 4.2.3, 4.0.8 and 3.6.11 (02.09.2012)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 2 сентября 2012 г.
Опубликовано:18 сентября 2012 г.
Источник:
SecurityVulns ID:12551
Тип:клиент
Уровень опасности:
8/10
Описание:Повышение привилегий, многочисленные повреждения памяти, переполнения буфера, использование после освобождения и т.п.
Затронутые продукты:MOZILLA : Firefox ESR 10.0
 MOZILLA : Thunderbird ESR 10.0
 MOZILLA : Firefox 14
 MOZILLA : Thunderbird 14
 MOZILLA : SeaMonkey 2.12
CVE:CVE-2012-3980 (The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.)
 CVE-2012-3979 (Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.)
 CVE-2012-3978 (The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code.)
 CVE-2012-3976 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.)
 CVE-2012-3975 (The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.)
 CVE-2012-3974 (Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.)
 CVE-2012-3973 (The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.)
 CVE-2012-3972 (The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.)
 CVE-2012-3971 (Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.)
 CVE-2012-3970 (Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another.)
 CVE-2012-3969 (Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow.)
 CVE-2012-3968 (Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.)
 CVE-2012-3967 (The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.)
 CVE-2012-3966 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.)
 CVE-2012-3965 (Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.)
 CVE-2012-3964 (Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-3963 (Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-3962 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.)
 CVE-2012-3961 (Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-3960 (Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-3959 (Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-3958 (Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-3957 (Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-3956 (Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-1976 (Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-1975 (Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-1974 (Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-1973 (Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-1972 (Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-1971 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors.)
 CVE-2012-1970 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-1956 (Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN - Mozilla Firefox "nsHTMLEditRules" Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58) (18.09.2012)
Файлы:Mozilla Foundation Security Advisory 2012-72
 Mozilla Foundation Security Advisory 2012-71
 Mozilla Foundation Security Advisory 2012-70
 Mozilla Foundation Security Advisory 2012-69
 Mozilla Foundation Security Advisory 2012-68
 Mozilla Foundation Security Advisory 2012-67
 Mozilla Foundation Security Advisory 2012-66
 Mozilla Foundation Security Advisory 2012-65
 Mozilla Foundation Security Advisory 2012-64
 Mozilla Foundation Security Advisory 2012-63
 Mozilla Foundation Security Advisory 2012-62
 Mozilla Foundation Security Advisory 2012-61
 Mozilla Foundation Security Advisory 2012-60
 Mozilla Foundation Security Advisory 2012-59
 Mozilla Foundation Security Advisory 2012-58
 Mozilla Foundation Security Advisory 2012-57

Закладка в Symantec Messaging Gateway
дополнено с 2 сентября 2012 г.
Опубликовано:19 сентября 2012 г.
Источник:
SecurityVulns ID:12554
Тип:удаленная
Уровень опасности:
6/10
Описание:Имеется пользователь support с известным паролем.
Затронутые продукты:SYMANTEC : Symantec Messaging Gateway 9.5
CVE:CVE-2012-3579 (Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.)
Оригинальный текстdocumentNCC Group Research, NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account (19.09.2012)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor (02.09.2012)

Межсайтовый скриптинг в IBM Lotus Domino
дополнено с 2 сентября 2012 г.
Опубликовано:1 апреля 2013 г.
Источник:
SecurityVulns ID:12564
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг и Response Splitting.
Затронутые продукты:IBM : Lotus Domino 8.5
CVE:CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.)
 CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.)
Оригинальный текстdocumentMustLive, Multiple XSS vulnerabilities in IBM Lotus Domino (01.04.2013)
 documentMustLive, HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino (09.09.2012)
 documentMustLive, XSS and IL vulnerabilities in IBM Lotus Domino (03.09.2012)
 documentMustLive, IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities (02.09.2012)
Файлы:IBM Security Bulletin: Aug-2012 IBM Lotus Domino Web Server Cross-Site Scripting Vulnerabilities

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород