Информационная безопасность
[RU] switch to English


Утечка информации в FreePBX
Опубликовано:16 февраля 2012 г.
Источник:
SecurityVulns ID:12206
Тип:удаленная
Уровень опасности:
6/10
Описание:Через gen_amp_conf.php можно получить пароли расширений без аутентификации.
Затронутые продукты:FREEPBX : FreePBX 2.10
 FREEPBX : FreePBX 1.88
Оригинальный текстdocumentdougw_(at)_linuxsecurityblog.com, FreePBX Remote Exploit (16.02.2012)

Многочисленные уязвимости безопасности в Adobe Shockwave Player
Опубликовано:16 февраля 2012 г.
Источник:
SecurityVulns ID:12207
Тип:клиент
Уровень опасности:
8/10
Описание:Переполнение буфера, многочисленные повреждения памяти.
Затронутые продукты:ADOBE : Shockwave Player 11.6
CVE:CVE-2012-0766 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0764.)
 CVE-2012-0764 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0766.)
 CVE-2012-0763 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0762 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0761 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0760 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0759 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2012-0758 (Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
Оригинальный текстdocumentvulnhunt_(at)_gmail.com, [CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow (16.02.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability (16.02.2012)
 documentADOBE, Security update available for Adobe Shockwave Player (16.02.2012)

Многочисленные уязвимости безопасности в Adobe Flash Player
дополнено с 16 февраля 2012 г.
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12208
Тип:клиент
Уровень опасности:
8/10
Описание:Повреждения памяти, обход ограничений, межсайтовый скриптинг.
Затронутые продукты:ADOBE : Flash Player 11.1
CVE:CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0756 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.)
 CVE-2012-0755 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.)
 CVE-2012-0754 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2012-0753 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.)
 CVE-2012-0752 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion.")
 CVE-2012-0751 (The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
Оригинальный текстdocumentZDI, ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability (13.06.2012)
 documentADOBE, http://www.adobe.com/support/security/bulletins/apsb12-03.html (16.02.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород