Информационная безопасность
[RU] switch to English


Уязвимости безопасности в ядре Linux
дополнено с 3 июня 2013 г.
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13100
Тип:удаленная
Уровень опасности:
8/10
Описание:Повреждение памяти в iSCSI, многочисленные утечки информации, DoS, повышение привилегий в драйвере Broadcom B43.
Затронутые продукты:LINUX : kernel 3.8
CVE:CVE-2013-4127 (Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.)
 CVE-2013-4125 (The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.)
 CVE-2013-3235 (net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3234 (The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3233 (The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3232 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3231 (The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3230 (The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3229 (The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3228 (The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3227 (The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3225 (The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3224 (The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3223 (The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3222 (The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.)
 CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.)
 CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.)
 CVE-2013-2851 (Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.)
 CVE-2013-2850 (Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet.)
 CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.)
 CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.)
 CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.)
 CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.)
 CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.)
 CVE-2013-2148 (The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.)
 CVE-2013-2147 (The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.)
 CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit.)
 CVE-2013-2141 (The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.)
 CVE-2013-2094 (The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.)
 CVE-2013-1774 (The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.)
 CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.)
 CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.)
 CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.)
 CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.)
Оригинальный текстdocumentchanam.park_(at)_hkpco.kr, (CVE-2013-1059) Linux Kernel libceph Null Pointer Dereference Vulnerability (15.07.2013)
 documentMANDRIVA, [ MDVSA-2013:194 ] kernel (15.07.2013)
 documentUBUNTU, [USN-1878-1] Linux kernel vulnerabilities (17.06.2013)
 documentUBUNTU, [USN-1844-1] Linux kernel vulnerability (03.06.2013)
 documentUBUNTU, [USN-1849-1] Linux kernel (Raring HWE) vulnerability (03.06.2013)

Уязвимости безопасности в EMC RSA Authentication Manager
дополнено с 4 июня 2013 г.
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13108
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка информации, инъекция SQL.
Затронутые продукты:EMC : RSA Authentication Manager 8.0
CVE:CVE-2013-3273 (EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.)
 CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).)
 CVE-2013-0947 (EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file.)
Оригинальный текстdocumentEMC, ESA-2013-052: RSA(r) Authentication Manager Sensitive Information Disclosure Vulnerability (15.07.2013)
 documentEMC, ESA-2013-040: RSA® Authentication Manager 8.0 Multiple Vulnerabilities (04.06.2013)

DoS против fail2ban
дополнено с 8 июля 2013 г.
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13154
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно инициировать блокировку произвольного клиента.
Затронутые продукты:FAIL2BAN : fail2ban 0.8
CVE:CVE-2013-2178 (The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.)
Оригинальный текстdocumentKrzysztof Katowicz-Kowalewski, Fail2ban 0.8.9, Denial of Service (Apache rules only) (15.07.2013)
 documentMANDRIVA, [ MDVSA-2013:191 ] fail2ban (08.07.2013)

Утечка информации в MiniUPnPd
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13168
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка содержимого памяти при ответе на SSDP запрос.
Затронутые продукты:MINIUPNPD : MiniUPnPd 1.8
CVE:CVE-2013-2600
Оригинальный текстdocumentCraig Young, MiniUPnPd Information Disclosure (CVE-2013-2600) (15.07.2013)

Уязвимости безопасности в маршрутизаторах Linksys
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13169
Тип:удаленная
Уровень опасности:
4/10
Описание:Межсайтовая подмена запросов, XSS, выполнение кода в веб-интерфейсе администрирования.
Затронутые продукты:CISCO : Linksys E1200
 CISCO : Linksys N300
 CISCO : Linksys WRT110
 CISCO : Linksys X3000
CVE:CVE-2013-3568
 CVE-2013-2679
Оригинальный текстdocumentdevnull_(at)_s3cur1ty.de, Linksys X3000 - Multiple Vulnerabilities (15.07.2013)
 documentCarl Benedict, Re: Cisco/Linksys E1200 N300 Reflected XSS (15.07.2013)
 documentvuln-report_(at)_secur3.us, CVE-2013-3568 - Linksys CSRF + Root Command Injection (15.07.2013)

Утечка информации в Microsoft Windows
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13170
Тип:локальная
Уровень опасности:
4/10
Описание:Возможно восстановить пароль администратора использовавшийся при установке системы.
Затронутые продукты:MICROSOFT : Windows 7
 MICROSOFT : Windows 8
Оригинальный текстdocumentDnegel X., Windows 7/8 admin account installation password stored in the clear in LSA Secrets (15.07.2013)

Межсайтовая подмена запросов в DD-WRT
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13171
Тип:удаленная
Уровень опасности:
4/10
Описание:Межсайтовая подмена запросов через веб-интерфейс.
Затронутые продукты:DDWRT : DD-WRT 24
CVE:CVE-2012-6297
Оригинальный текстdocumentCraig Young, CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2 (15.07.2013)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13172
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OPENX : OpenX 2.8
 APACHE : Struts 2.3
 APACHE : CXF 2.5
 WORDPRESS : WordPress 3.5
 BMC : BMC SERVICE DESK EXPRESS 10.2
 CORDA : Corda Server .NET Redirector 7.3
 TINYMCE : TinyMCE Image Manager 1.1
 ALMACOR : aCMS 1.0
 JOOMLA : aiContactSafe 2.0
 APACHE : CXF 2.7
 APACHE : CXF 2.6
 AIRDRIVEPLUS : Air Drive Plus 2.4
 KASSELER : Kasseler CMS 2
 OTRS : otrs 3.2
 EXPONENT : Exponent CMS 2.2
 BOONEX : Dolphin 7.1
 XARAYA : Xaraya 2.4
 MAGNOLIA : Magnolia CMS 4.5
 APACHE : Geronimo 3.0
 JOOMLA : Joomla 3.1
 CTERA : CTERA Portal 3.1
 WEATHERMAP : Weathermap 0.97
 TELAEN : Telaen 1.3
 SAURUS : Saurus CMS 4.7
CVE:CVE-2013-4621
 CVE-2013-4088
 CVE-2013-3739 (Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.)
 CVE-2013-3729 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.)
 CVE-2013-3728 (Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.)
 CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.)
 CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.)
 CVE-2013-3638
 CVE-2013-3637
 CVE-2013-3636
 CVE-2013-3635
 CVE-2013-3551
 CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.)
 CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.)
 CVE-2013-3295 (Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.)
 CVE-2013-3294 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter index.php.)
 CVE-2013-2624
 CVE-2013-2623
 CVE-2013-2621
 CVE-2013-1777 (The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.)
 CVE-2012-6458 (Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php.)
Оригинальный текстdocumentJanek Vind, [waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1 (15.07.2013)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen <= 1.3.0 (15.07.2013)
 documentAnthony Dubuissez, CVE-2013-3739 Local File Inclusion in Weathermap <= 0.97C (15.07.2013)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20130605-0 :: Multiple vulnerabilities in CTERA Portal (15.07.2013)
 documentAPACHE, [ANN] Struts 2.3.14.3 GA (fast-track) release available (15.07.2013)
 documentAPACHE, [ANN] Struts 2.3.14.1 GA (fast track | security) (15.07.2013)
 documentprairie_(at)_mailinator.com, Barnraiser Prairie OpenID idp: Directory traversal attack (15.07.2013)
 documentMarco Beierer, Joomla crypto vulnerability (all versions) (15.07.2013)
 documentJarek Gawor, [SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure (15.07.2013)
 documentAdrian Furtuna, [Full-disclosure] Magnolia CMS multiple access control vulnerabilities (15.07.2013)
 documentHigh-Tech Bridge Security Research, Multiple XSS Vulnerabilities in Xaraya (15.07.2013)
 documentHigh-Tech Bridge Security Research, SQL Injection in Dolphin (15.07.2013)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in Exponent CMS (15.07.2013)
 documentMANDRIVA, [ MDVSA-2013:188 ] otrs (15.07.2013)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in OpenX (15.07.2013)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in Kasseler CMS (15.07.2013)
 documentVulnerability Lab, Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability (15.07.2013)
 documentCarl Benedict, Re: Project Pier Web Vulnerabilities (15.07.2013)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF (15.07.2013)
 documentJose Carlos de Arriba, [Foreground Security 2013-001]: Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability (15.07.2013)
 documentMustLive, Multiple vulnerabilities in aCMS (15.07.2013)
 documentMustLive, IA and AFU vulnerabilities in aCMS (15.07.2013)
 documentMustLive, XSS, CS and FPD vulnerabilities in I Love It theme for WordPress (15.07.2013)
 documentMustLive, CS, XSS and FPD vulnerabilities in WordPress (15.07.2013)
 documentMustLive, XSS and CS vulnerabilities in TinyMCE Image Manager (15.07.2013)
 documentAdam Willard, [Foreground Security 2013-002]: Corda Path Disclosure and XSS (15.07.2013)
 documentNCIRC INFOSEC EVAL, Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95 (15.07.2013)

Уязвимости безопасности в Apache
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13173
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS через запрос MERGE в mod_dav, манипуляция лог-файлами в mod_rewrite.
Затронутые продукты:APACHE : Apache 2.2
CVE:CVE-2013-2249 (mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.)
 CVE-2013-1896 (mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.)
 CVE-2013-1862 (mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:193 ] apache (15.07.2013)

Многочисленные уязвимости безопасности в Adobe Acrobat / Reader
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13174
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти, выполнение кода, повышение привилегий.
Затронутые продукты:ADOBE : Reader 9.5
 ADOBE : Reader 11.0
 ADOBE : Acrobat 11.0
CVE:CVE-2013-3342 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.)
 CVE-2013-3341 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.)
 CVE-2013-3340 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3341.)
 CVE-2013-3339 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-3338 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-3337 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2737 (A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to obtain sensitive information via unspecified vectors.)
 CVE-2013-2736 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2735 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2734 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2733 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2730.)
 CVE-2013-2732 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2731 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2730 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.)
 CVE-2013-2729 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.)
 CVE-2013-2727 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2729.)
 CVE-2013-2726 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2725 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2724 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2013-2723 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2722 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2721 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2720 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2719 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2718 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.)
 CVE-2013-2550 (Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.)
 CVE-2013-2549 (Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.)
Оригинальный текстdocumentStefan Kanthak, VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe (15.07.2013)
Файлы:Security updates available for Adobe Reader and Acrobat

Многочисленные уязвимости безопасности в Adobe Coldfusion
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13175
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода, DoS.
Затронутые продукты:ADOBE : ColdFusion 9.0
 ADOBE : ColdFusion 10
CVE:CVE-2013-3350 (Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components (CFC) public methods via WebSockets.)
 CVE-2013-3349 (Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when the JRun application server is used, allows remote attackers to cause a denial of service via unknown vectors.)
 CVE-2013-3336 (Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.)
 CVE-2013-1389 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors.)
Файлы:Security update: Hotfix available for ColdFusion
 Security update: Hotfixes available for ColdFusion

Многочисленные уязвимости безопасности в Adobe Flash Player
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13176
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти, выполнение кода.
Затронутые продукты:ADOBE : Flash Player 11.7
CVE:CVE-2013-3347 (Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.)
 CVE-2013-3345 (Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2013-3344 (Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2013-3335 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334.)
 CVE-2013-3334 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335.)
 CVE-2013-3333 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3332 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3331 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3330 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3329 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3328 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3327 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3326 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
 CVE-2013-2728 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.)
Файлы:Security updates available for Adobe Flash Player
 Security updates available for Adobe Flash Player

Многочисленные уязвимости безопасности в Adobe Shockwave Player
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13177
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждение памяти, выполнение кода.
Затронутые продукты:ADOBE : Shockwave Player 12.0
CVE:CVE-2013-3348 (Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2013-3343 (Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
Файлы:Security updates available for Adobe Flash Player
 Security update available for Adobe Shockwave Player

Несанкционированный доступ к HP StoreVirtual
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13178
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : LeftHand OS 10.5
CVE:CVE-2013-2352 (LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of an unused one-time password.)
Оригинальный текстdocumentHP, [security bulletin] HPSBST02896 rev.1 - HP StoreVirtual Storage, Remote Unauthorized Access (15.07.2013)

Встроенная учетная запись во многих IP-камерах
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13179
Тип:удаленная
Уровень опасности:
6/10
Описание:Встроенная неизменяемая учетная запись.
Затронутые продукты:3S : 3S Vision
 ASANTE : Asante Voyager 1
 ASANTE : Asante Voyager 2
Оригинальный текстdocumentroberto.paleari_(at)_emaze.net, Hard-coded accounts on multiple network cameras (15.07.2013)

Обратный путь в каталогах Gnome File Roller
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13180
Тип:локальная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах при обработке архивов.
Затронутые продукты:GNOME : File Roller 3.9
CVE:CVE-2013-4668 (Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.)
Оригинальный текстdocumentDaniele Bianco, [oCERT-2013-001] File Roller path sanitization errors (15.07.2013)

Утечка информации в EMC Replication Manager
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13181
Тип:локальная
Уровень опасности:
5/10
Описание:Пароли записываются в лог-файл.
Затронутые продукты:EMC : EMC Replication Manager 5.4
CVE:CVE-2013-3272 (EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack.)
Оригинальный текстdocumentEMC, ESA-2013-050: EMC Replication Manager Sensitive Information Disclosure Vulnerability (15.07.2013)

Многочисленные уязвимости безопасности в Cisco Email Security / Web Security / Content Security
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13184
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода, DoS.
Затронутые продукты:CISCO : IronPort AsyncOS 7.9
CVE:CVE-2013-3386 (The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.)
 CVE-2013-3385 (The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.)
 CVE-2013-3384 (The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.)
Файлы:Multiple Vulnerabilities in Cisco Email Security Appliance
 Multiple Vulnerabilities in Cisco Web Security Appliance
 Multiple Vulnerabilities in Cisco Content Security Management Appliance

DoS против Cisco ASA NGFW
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13185
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при обработке фрагментированных пакетов.
CVE:CVE-2013-3382 (The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387.)
Файлы:Cisco ASA Next-Generation Firewall Fragmented Traffic Denial of Service Vulnerability

Многочисленные уязвимости безопасности в EMC RSA BSAFE
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13186
Тип:удаленная
Уровень опасности:
6/10
Описание:Различные атаки против SSL.
Затронутые продукты:EMC : RSA BSAFE Micro Edition Suite 4.0
 EMC : RSA BSAFE SSL-J 6.0
 EMC : RSA BSAFE SSL-C 2.8
CVE:CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Оригинальный текстdocumentEMC, ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability (15.07.2013)
 documentEMC, ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities (15.07.2013)
 documentEMC, ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability (15.07.2013)

DoS против libxml2
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13187
Тип:библиотека
Уровень опасности:
5/10
Описание:Чтение за пределами памяти при разборе неполного документа.
Затронутые продукты:LIBXML : libxml2 2.9
CVE:CVE-2013-2877 (parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.)

Уязвимости безопасности в маршрутизаторах Asus
Опубликовано:15 июля 2013 г.
Источник:
SecurityVulns ID:13188
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, выполнение кода.
Затронутые продукты:ASUS : Asus RT-N66U
 ASUS : Asus RT-AC66R
 ASUS : Asus RT-AC66U
 ASUS : Asus RT-N66R
 ASUS : Asus RT-AC56U
 ASUS : Asus RT-N56R
 ASUS : Asus RT-N56U
 ASUS : Asus RT-N14U
 ASUS : Asus RT-N16
 ASUS : Asus RT-N16R
Оригинальный текстdocumentkyle Lovett, Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units (15.07.2013)
 documentkyle Lovett, ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln (15.07.2013)

Уязвимости безопасности в McAfee ePolicy Orchestrator
дополнено с 15 июля 2013 г.
Опубликовано:16 июля 2013 г.
Источник:
SecurityVulns ID:13167
Тип:удаленная
Уровень опасности:
7/10
Описание:Несколько уязвимостей используется in-the-wild для компрометации корпоративных сетей.
Затронутые продукты:MCAFEE : ePolicy Orchestrator 4.5
 MCAFEE : ePolicy Orchestrator 4.6
CVE:CVE-2013-0141 (Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory.)
 CVE-2013-0140 (SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.)
Оригинальный текстdocumentMCAFEE, Re: Multiple vulnerabilities in McAfee ePO 4.6.6 (16.07.2013)
 documentNCIRC INFOSEC EVAL, Multiple vulnerabilities in McAfee ePO 4.6.6 (15.07.2013)
 documentCERT, TA13-193A: Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO) (15.07.2013)

Повреждение памяти в PHP
дополнено с 15 июля 2013 г.
Опубликовано:16 июля 2013 г.
Источник:
SecurityVulns ID:13189
Тип:библиотека
Уровень опасности:
7/10
Описание:Повреждение памяти при работе с XML, DoS в функции jdtojewish.
Затронутые продукты:PHP : PHP 5.3
CVE:CVE-2013-4635 (Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.)
 CVE-2013-4113 (ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.)
Оригинальный текстdocumentGabriel Maggiotti, Re: [ MDVSA-2013:195 ] php (16.07.2013)
 documentMANDRIVA, [ MDVSA-2013:195 ] php (15.07.2013)

Уязвимости безопасности в коммутаторах HP / 3COM / H3C
дополнено с 15 июля 2013 г.
Опубликовано:12 августа 2013 г.
Источник:
SecurityVulns ID:13183
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, выполнение кода.
CVE:CVE-2013-4806 (The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.)
 CVE-2013-2341 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execute arbitrary code or obtain sensitive information via unknown vectors.)
 CVE-2013-2340 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service (12.08.2013)
 documentHP, [security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure (16.07.2013)
 documentHP, [security bulletin] HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution (15.07.2013)

Многочисленные уязвимости безопасности в приложениях для iOS
дополнено с 15 июля 2013 г.
Опубликовано:30 декабря 2013 г.
Источник:
SecurityVulns ID:13182
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости в различных приложениях, предоставляющих удаленный доступ к данным.
Затронутые продукты:WIRELESSDISKPRO : Wireless Disk PRO 2.3
 WIFIPHOTOTRANSFE : Wifi Photo Transfer 2.1
 WIFIALBUM : Wifi Album 1.47
 WIRELESSPHOTOACC : Wireless Photo Access 1.0
 SIMPLETRANSFER : SimpleTransfer 2.2
 FILELITE : File Lite 3.3
 BLUETOOTHCHATCON : Bluetooth Chat Connect 1.0
 EFILEWIFITRANSFE : eFile Wifi Transfer Manager 1.0
 MOBILEUSBDRIVEHD : Mobile USB Drive HD 1.2
 MOBILEATLASCREAT : Mobile Atlas Creator 1.9
 EXPONENT : Exponent CMS 2.2
 FTPSPRITE : FTP Sprite 1.2
 OLIVEFILEMANAGER : Olive File Manager 1.0
 EPHOTOTRANSFER : ePhoto Transfer 1.2
 FLUXPLAYER : Flux Player 3.1
 WIFLY : WiFly 1.0
 IPIC : iPic Sharp 1.2
 PHOTOSERVER : Photo Server 2.0
 DOWNLOADLITE : Download Lite 4.3
 PRIVATEPHOTOS : Private Photos 1.0
 WEBDISK : WebDisk 3.0
 FTPONCONNECT : FTP OnConnect 1.4
 WITHU : withU Music Share 1.3
 PHOTOTRANSFERUPL : Photo Transfer Upload 1.0
 COPYTOWEBDAV : Copy to WebDAV 1.1
 METACLASSY : Byword 2.0
 HIDEPHOTOVIDEOSA : Hide Photo+Video Safe 1.6
 PHOTOTRANSFERUPW : Photo Transfer Wifi 1.4
 APPOLOGICS : AirBeam 1.9
 MYFILEEXPLORER : My File Explorer 1.3
 OLIVEOFFICE : OliveOffice Mobile Suite 2.0
 BLUETOOTHU : Bluetooth U 1.2
 PRINTNSHARE : Print n Share 5.5
 WIRELESSTRANSFER : Wireless Transfer App 3.7
 IMAGAM : Imagam iFiles 1.16
 ZIPPIYUM : Subway Ordering for California 3.4
 PHOTOVIDEOALBUMT : Photo Video Album Transfer 1.0
 PHONEDRIVEEIGHTY : Phone Drive Eightythree 4.1
 FILEMASTERSYIT : FileMaster SY-IT 3.1
 SONGEXPORTER : Song Exporter 2.1
CVE:CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements.)
 CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL.)
Оригинальный текстdocumentVulnerability Lab, Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities (30.12.2013)
 documentVulnerability Lab, Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities (30.12.2013)
 documentVulnerability Lab, FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities (30.12.2013)
 documentVulnerability Lab, Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities (30.12.2013)
 documentDaniel Wood, [CVE-2013-6986] Insecure Data Storage in Subway Ordering for California (ZippyYum) 3.4 iOS mobile application (30.12.2013)
 documentVulnerability Lab, Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, Print n Share v5.5 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability (09.12.2013)
 documentVulnerability Lab, Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability (09.12.2013)
 documentVulnerability Lab, Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities (09.12.2013)
 documentVulnerability Lab, Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities (03.10.2013)
 documentmario_(at)_roblest.com, CVE-2013-5118 - XSS Good for Enterprise iOS (01.10.2013)
 documentVulnerability Lab, eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability (01.10.2013)
 documentVulnerability Lab, Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities (01.10.2013)
 documentguillaume_(at)_binaryfactory.ca, [CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability (01.10.2013)
 documentVulnerability Lab, Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities (20.08.2013)
 documentresearch_(at)_vulnerability-lab.com, Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities (20.08.2013)
 documentVulnerability Lab, withU Music Share v1.3.7 iOS - Command Inject Vulnerability (12.08.2013)
 documentFTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities, FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities (12.08.2013)
 documentVulnerability Lab, WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability (29.07.2013)
 documentVulnerability Lab, Private Photos v1.0 iOS - Persistent Path Web Vulnerability (29.07.2013)
 documentVulnerability Lab, Download Lite v4.3 iOS - Persistent File Web Vulnerability (29.07.2013)
 documentVulnerability Lab, Photo Server 2.0 iOS - Multiple Critical Vulnerabilities (29.07.2013)
 documentVulnerability Lab, iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability (29.07.2013)
 documentVulnerability Lab, Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability (19.07.2013)
 documentVulnerability Lab, WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities (19.07.2013)
 documentePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities, [email protected] (19.07.2013)
 documentePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities, ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities (19.07.2013)
 documentVulnerability Lab, Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities (17.07.2013)
 documentVulnerability Lab, FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability (17.07.2013)
 documentVulnerability Lab, eFile Wifi Transfer Manager 1.0 iOS - Multiple Vulnerabilities (15.07.2013)
 documentVulnerability Lab, Mobile USB Drive HD 1.2 - Arbitrary File Upload Vulnerability (15.07.2013)
 documentVulnerability Lab, Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability (15.07.2013)
 documentVulnerability Lab, Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities (15.07.2013)
 documentVulnerability Lab, Wifi Album v1.47 iOS - Command Injection Vulnerability (15.07.2013)
 documentVulnerability Lab, Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities (15.07.2013)
 documentVulnerability Lab, SimpleTransfer 2.2.1 - Command Injection Vulnerabilities (15.07.2013)
 documentVulnerability Lab, File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities (15.07.2013)
 documentVulnerability Lab, Bluetooth Chat Connect v1.0 iOS - Multiple Vulnerabilities (15.07.2013)
 documentVulnerability Lab, Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities (15.07.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород