Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в pcp
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12567
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера, утечка информации, DoS.
Затронутые продукты:PCP : Performance Co-Pilot 3.6
CVE:CVE-2012-3421 (The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw.")
 CVE-2012-3420 (Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.)
 CVE-2012-3419 (Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.)
 CVE-2012-3418 (libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_in)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2533-1] pcp security update (03.09.2012)

Проблема символьных линков в Config::IniFiles
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12568
Тип:библиотека
Уровень опасности:
5/10
Описание:Проблема символьных линков при создании временных файлов.
Затронутые продукты:PERL : libconfig-inifiles 2.70
CVE:CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.)
Оригинальный текстdocumentUBUNTU, [USN-1543-1] Config-IniFiles vulnerability (03.09.2012)

Уязвимости безопасности в ActiveX Citrix Access Gateway plugin
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12569
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера, целочисленное переполнение.
Затронутые продукты:CITRIX : Access Gateway Plug-in for Windows 9.3
CVE:CVE-2011-2593 (Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow.)
 CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header.)
Оригинальный текстdocumentSECUNIA, Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow (03.09.2012)
 documentSECUNIA, Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow (03.09.2012)

Многочисленные уязвимости езопасности в DataWatch Monarch BI
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12570
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый скриптинг, инъекция SQL в интерфейсе администрирования.
Затронутые продукты:DATAWATCH : Monarch Business Intelligence 5.1
Оригинальный текстdocumentvulns_(at)_dionach.com, DataWatch Monarch BI v5.1 admin section reflected cross-site scripting (03.09.2012)
 documentvulns_(at)_dionach.com, DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting (03.09.2012)
 documentvulns_(at)_dionach.com, DataWatch Monarch Business Intelligence (BI) v5.1 client section stored cross-site scripting (03.09.2012)
 documentvulns_(at)_dionach.com, DataWatch Monarch Business Intelligence (BI) v5.1 Blind SQL injection (03.09.2012)
 documentvulns_(at)_dionach.com, DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection (03.09.2012)

Межсайтовый скриптинг через Dr. Web Enterprise Server
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12571
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг через журнал событий.
Затронутые продукты:DRWEB : Dr. Web Enterprise Server 6.00
Оригинальный текстdocumentOliver Karow, Dr. Web Control Center Admin UI Remote Script Code Injection (03.09.2012)

Обход ограничений в OpenStack Keystone
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12572
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход ограничений администратора и времени жизни токена.
Затронутые продукты:OPENSTACK : KeyStone 2012.1
CVE:CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.)
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.)
Оригинальный текстdocumentUBUNTU, [USN-1552-1] OpenStack Keystone vulnerabilities (03.09.2012)

Межсайтовый скриптинг в Barracuda SSL VPN
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12573
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные возможности межсайтового скриптинга.
Затронутые продукты:BARRACUDA : Barracuda SSL VPN 680
Оригинальный текстdocumentVulnerability Lab, Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities (03.09.2012)

Уязвимости безопасности в Temenos T24
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12574
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход аутентификации, межсайтовый скриптинг.
Затронутые продукты:TEMENOS : T24 R07.03
Оригинальный текстdocumentvulns_(at)_dionach.com, TEMENOS T24 R07.03 Reflected Cross-Site Scripting (03.09.2012)
 documentvulns_(at)_dionach.com, TEMENOS T24 R07.03 Authentication Bypass (03.09.2012)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:3 сентября 2012 г.
Источник:
SecurityVulns ID:12566
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JARA : Jara 1.6
 ORDERSYS : OrderSys 1.6
 SOCIALENGINE : Social Engine 4.2
 GLPI : GLPI 0.83
 TEKNOPORTAL : tekno.Portal 0.1
 OCPORTAL : ocPoral 8.1
 JEASE : Jease 2.8
 GROUPOFFICE : Group-Office 4.0
 TCEXAM : TCExam 11.3
 TOTALSHOP : Total Shop UK 2.1
 MAGYCMS : MagyCMS 2.0
 JWPLAYER : JW Player Pro 5.10
 ELCOMCMS : Elcom CMS 7.4
 DJANGO : django 1.4
 ADMANAGER : Ad Manager Pro 4
 SALTOS : SaltOS 3.1
 BANANADANCE : Banana Dance CMS
 LABWIKI : LabWiki 1.5
 MONO : mono 4.0
 SQUIZ : Squiz CMS 11654
 MOODLE : Moodle 2.2
 SYSAID : SysAid Helpdesk 8.5
 MANAGEENGINE : ManageEngine OpStor 7.4
 NIKE : Nike+ Panel 3.5
 SHOPPERPRESS : ShopperPress 2.7
 7SEPEHR : 7sepehr CMS 2012
 FLYNAX : Flynax General Classifieds 4.0
 WORDPRESS : Quick Post Widget 1.9
 FLOGR : Flogr 2.5
 JOOMLA : com_fireboard 7.3
 ARASISM : Arasism 6.5
 MANAGINGENGINE : Managingengine Mobile Application Manager 8.1
 MANAGINGENGINE : Managingengine Application Manager 8.1
 DISTIMO : Distimo Monitor 6.0
 CODEIGNITER : CodeIgniter 2.1
 PLIXER : Scrutinizer NetFlow and sFlow Analyzer 9.0
CVE:CVE-2012-4239
 CVE-2012-4238 (Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter.)
 CVE-2012-4237 (Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.)
 CVE-2012-4236 (Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.)
 CVE-2012-4226 (Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3) New category field to wordpress/ or (4) query string to wordpress/.)
 CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter.)
 CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.)
 CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.)
 CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.)
 CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.)
 CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.)
 CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action.)
 CVE-2012-3444 (The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.)
 CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.)
 CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.)
 CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.)
 CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.)
 CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.)
 CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.)
 CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.)
 CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.)
 CVE-2012-1915
Оригинальный текстdocumentTrustwave Advisories, TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer (03.09.2012)
 documentKrzysztof Kotowicz, CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass (03.09.2012)
 documentAmir_(at)_irist.ir, Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability (03.09.2012)
 documentSocket_0x03_(at)_teraexe.com, tekno.Portal 0.1b - SQLi Vulnerability in "anket.php" (03.09.2012)
 documentVulnerability Lab, Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities (03.09.2012)
 documentVulnerability Lab, ME Application Manager 10 - Multiple Web Vulnerabilities (03.09.2012)
 documentVulnerability Lab, ME Mobile Application Manager v10 - SQL Vulnerabilities (03.09.2012)
 documentVulnerability Lab, Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities (03.09.2012)
 documentVulnerability Lab, Joomla com_fireboard - SQL Injection Vulnerability (03.09.2012)
 documentVulnerability Lab, Arasism (IR) CMS - File Upload Vulnerability (03.09.2012)
 documentsschurtz_(at)_darksecurity.de, WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities (03.09.2012)
 documentVulnerability Lab, Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities (03.09.2012)
 documentAdam Caudill, NeoInvoice Blind SQL Injection (CVE-2012-3477) (03.09.2012)
 documentVulnerability Lab, 7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities (03.09.2012)
 documentMANDRIVA, [ MDVSA-2012:132 ] glpi (03.09.2012)
 documentVulnerability Lab, ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities (03.09.2012)
 documentVulnerability Lab, Nike+ Panel & Mobile App - Multiple Web Vulnerabilities (03.09.2012)
 documentVulnerability Lab, ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities (03.09.2012)
 documentVulnerability Lab, ShopperPress v2.7 Wordpress - SQL Injection Vulnerability (03.09.2012)
 documentVulnerability Lab, Social Engine v4.2.5 - Multiple Web Vulnerabilities (03.09.2012)
 document[email protected], NGS00330 Patch Notification: Squiz CMS Directory Traversal (03.09.2012)
 document[email protected], NGS00208 Patch Notification: Moodle CMS stored XSS (03.09.2012)
 document[email protected], NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection (03.09.2012)
 document[email protected], NGS00242 Patch Notification: SysAid Helpdesk stored XSS (03.09.2012)
 documentMANDRIVA, [ MDVSA-2012:140 ] mono (03.09.2012)
 documentvoidloafer_(at)_gmail.com, apache struts2 remote code execute (03.09.2012)
 documentNetsparker Advisories, XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS (03.09.2012)
 documentNetsparker Advisories, XSS and SQL Injection Vulnerabilities in OrderSys (03.09.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in LabWiki (03.09.2012)
 documentNetsparker Advisories, XSS and SQL Injection Vulnerabilities in Jara (03.09.2012)
 documentsschurtz_(at)_darksecurity.de, SaltOS 3.1 Cross-Site Scripting vulnerability (03.09.2012)
 documentCorryL, Ad Manager Pro v. 4 Remote FLI (03.09.2012)
 documentMANDRIVA, [ MDVSA-2012:143 ] python-django (03.09.2012)
 documentlists_(at)_senseofsecurity.com, Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 (03.09.2012)
 documentMustLive, Vulnerabilities in JW Player Pro (03.09.2012)
 document3v1lc0d34, Magy cms v 2.0.1121 BETA Blind Sql injection (03.09.2012)
 documentresearch_(at)_reactionis.co.uk, Total Shop UK eCommerce Generic Cross-Site Scripting (03.09.2012)
 documentresearch_(at)_reactionis.co.uk, TCExam Edit SQL Injection (03.09.2012)
 documentresearch_(at)_reactionis.co.uk, TCExam Edit Cross-Site Scripting (03.09.2012)
 documentresearch_(at)_reactionis.co.uk, Group-Office Cleartext Credentials Stored in Cookies (03.09.2012)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Jease (03.09.2012)
 documentYGN Ethical Hacker Group, ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability (03.09.2012)
 documentYGN Ethical Hacker Group, ocPoral CMS 8.x | Session Hijacking Vulnerability (03.09.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород