Информационная безопасность
[RU] switch to English


Ошибка форматной строки в Applicure dotDefender
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12721
Тип:удаленная
Уровень опасности:
5/10
Описание:Не проверяются форматные спецификаторы при выводе сообщения об ошибке.
Затронутые продукты:APPLICURE : dotDefender 4.26
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20121115-0 :: Applicure dotDefender WAF format string vulnerability (18.11.2012)

Уязвимости безопасности в Media Player Classic
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12722
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS, межсайтовый скриптинг во встроенном веб-сервере.
Затронутые продукты:MEDIAPLAYERCLASS : Media Player Classic 1.6
Оригинальный текстdocumentX-Cisadane, MPC (Media Player Classic) WebServer Multiple Vulnerabilities (18.11.2012)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12715
Тип:удаленная
Уровень опасности:
7/10
Описание:Несколько ошибок использования памяти после освобождения.
Затронутые продукты:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-4775 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability.")
 CVE-2012-1539 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability.")
 CVE-2012-1538 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-071 - Critical Cumulative Security Update for Internet Explorer (2761451)

Уязвимости безопасности в Microsoft Windows
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12716
Тип:библиотека
Уровень опасности:
8/10
Описание:Целочисленные переполнения в Windows Briefcase, обход ограничений, утечка информации и выполнение кода в .Net, повышение привилегий через драйверы ядра.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-4777 (The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability.")
 CVE-2012-4776 (The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability.")
 CVE-2012-2897 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability.")
 CVE-2012-2553 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability.")
 CVE-2012-2530 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability.")
 CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability.")
 CVE-2012-1896 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability.")
 CVE-2012-1895 (The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability.")
 CVE-2012-1528 (Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability.")
 CVE-2012-1527 (Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-072 - Critical Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
 Microsoft Security Bulletin MS12-074 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
 Microsoft Security Bulletin MS12-075 - Critical Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)

Уязвимости безопасности в Microsoft Internet Information Services
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12717
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Утечка информации через лог-файлы, внедрение команд в STARTTLS-сеанс FTP.
Затронутые продукты:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-2532 (Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability.")
 CVE-2012-2531 (Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-073 - Moderate Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)

Многочисленные уязвимости безопасности в Microsoft Excel
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12718
Тип:клиент
Уровень опасности:
8/10
Описание:Переполнения буфера, повреждения памяти, использование памяти после освобождения.
Затронутые продукты:MICROSOFT : Microsoft Office 2010
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Office 2011 for Mac
 MICROSOFT : Microsoft Office 2003
 MICROSOFT : Microsoft Office 2007
CVE:CVE-2012-2543 (Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability.")
 CVE-2012-1887 (Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability.")
 CVE-2012-1886 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability.")
 CVE-2012-1885 (Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability.")

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12719
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:TYPO3 : typo3 4.5
 BUGZILLA : Bugzilla 4.2
 WORDPRESS : WordPress 3.3
 DJANGO : django 1.4
 XENFORO : XenForo 1.1
 OPENREALITY : Open-Realty 2.5
 BABYGEKKO : BabyGekko 1.2
 BULBSECURITY : Smartphone Pentest Framework 0.1
 BUGZILLA : Bugzilla 4.4
 IDEV : iDev Rentals 1.0
CVE:CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some of these details are obtained from third party information.)
 CVE-2012-5699
 CVE-2012-5698
 CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files.)
 CVE-2012-5696 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.)
 CVE-2012-5695 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.)
 CVE-2012-5694 (Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/.)
 CVE-2012-5693
 CVE-2012-5475 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5881, CVE-2012-5882, CVE-2012-5883. Reason: This candidate is a duplicate of CVE-2012-5881, CVE-2012-5882, and CVE-2012-5883. Notes: All CVE users should reference one or more of CVE-2012-5881, CVE-2012-5882, and CVE-2012-5883 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2012-4520 (The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.)
 CVE-2012-4199 (template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.)
 CVE-2012-4198 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error.)
 CVE-2012-4197 (Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.)
 CVE-2012-4189 (Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.)
 CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.)
Оригинальный текстdocumentVulnerability Lab, iDev Rentals v1.0 - Multiple Web Vulnerabilities (18.11.2012)
 documentLpSolit_(at)_gmail.com, Security advisory for Bugzilla 4.4rc1, 4.2.4, 4.0.9 and 3.6.12 (18.11.2012)
 documentDEBIAN, [SECURITY] [DSA 2574-1] typo3-src security update (18.11.2012)
 documentUBUNTU, [USN-1632-1] Django vulnerability (18.11.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in BabyGekko (18.11.2012)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in Smartphone Pentest Framework (SPF) (18.11.2012)
 documentYGN Ethical Hacker Group, Open-Realty CMS 2.5.8 (2.x.x) <= Cross Site Request Forgery (CSRF) Vulnerability (18.11.2012)
 documentMustLive, XSS vulnerability in web applications with swfupload: AionWeb, Magento, Liferay Portal, SurgeMail, symfony. (18.11.2012)
 documentMustLive, XSS vulnerability in web applications with swfupload: Dotclear, XenForo, InstantCMS, AionWeb, Dolphin (18.11.2012)
 documentMustLive, XSS vulnerability in swfupload in WordPress (18.11.2012)

Переполнение буфера в libtiff
дополнено с 28 октября 2012 г.
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12671
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе компрессии PixarLog, переполнение буфера в ppm2tiff
Затронутые продукты:LIBTIFF : libtiff 4.0
CVE:CVE-2012-4564 (ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.)
 CVE-2012-4447 (Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2561-1] tiff security update (28.10.2012)

Уязвимости безопасности в Samsung Kies Air
Опубликовано:18 ноября 2012 г.
Источник:
SecurityVulns ID:12720
Тип:клиент
Уровень опасности:
5/10
Описание:Обход аутентификации, DoS.
Затронутые продукты:SAMSUNG : Kies Air 2.1
CVE:CVE-2012-5859 (Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php.)
 CVE-2012-5858 (Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.)
Оригинальный текстdocumentcjlacayo_(at)_gmail.com, [CVE-2012-5858] [CVE-2012-5859] DoS/Authorization Bypass - Kies Air (18.11.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород