 |
|
|
|
| Многочисленные уязвимости безопасности в ядре Linux | | Опубликовано: |  | 21 января 2012 г. | | Источник: |  | BUGTRAQ | | SecurityVulns ID: |  | 12151 | | Тип: |  | удаленная | | Опасность: |  | 6/10 | | Описание: |  | DoS условия, утечка информации, повышение привилегий. |
| Затронутые продукты: |  | LINUX : kernel 2.6 | | CVE: |  | CVE-2011-4914 | | | | CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.) | | | | CVE-2011-4611 | | | | CVE-2011-4127 | | | | CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key.") | | | | CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.) | | | | CVE-2011-3353 | | | | CVE-2011-2898 | | | | CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.) |
Многочисленные уязвимости безопасности в Microsoft Windows
дополнено с 11 января 2012 г. | | Опубликовано: | | 21 января 2012 г. | | Источник: | | MICROSOFT | | SecurityVulns ID: | | 12137 | | Тип: | | клиент | | Опасность: | | 7/10 | | Описание: | | Обход защиты SafeSEH, выполнение кода через Windows Object Packager, повышение привилегий через CSRSS, повреждения памяти в DirectShow / Windows Media, выполнение кода в Windows Packager, утечка информации в SSL/TLS. |
| Затронутые продукты: | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | | | MICROSOFT : Windows 7 | | CVE: | | CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability.") | | | | CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability.") | | | | CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability.") | | | | CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability.") | | | | CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability.") | | | | CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability.") | | | | CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.) |
| Двойное освобождение памяти в GreenBrowser | | Опубликовано: | | 21 января 2012 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 12152 | | Тип: | | клиент | | Опасность: | | 5/10 | | Описание: | | Двойное освобождение памяти через тэг iframe |
| Уязвимости безопасности в ActiveX NTR | | Опубликовано: | | 21 января 2012 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 12153 | | Тип: | | клиент | | Опасность: | | 5/10 | | Описание: | | Переполнение буфера, небезопасный метод. |
| Затронутые продукты: | | NTR : NTR ActiveX control 2.0 | | CVE: | | CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.) | | | | CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.) |
| Утечка информации в HP Business Availability Center / Business Service Management | | Опубликовано: | | 21 января 2012 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 12155 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | |
| CVE: | | CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.) | | | | CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.) | | | | CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.) |
| Переполнение буфера в Suhoshin | | Опубликовано: | | 21 января 2012 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 12157 | | Тип: | | библиотека | | Опасность: | | 5/10 | | Описание: | | Переполнение буфера в коде прозрачного шифрования куки. |
| Утечка информации в EMC SourceOne | | Опубликовано: | | 21 января 2012 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 12158 | | Тип: | | локальная | | Опасность: | | 4/10 | | Описание: | | Утечка информации через log-файлы. |
| Затронутые продукты: | | EMC : SourceOne 6.5 | | | | EMC : SourceOne 6.6 | | | | EMC : SourceOne 6.7 | | CVE: | | CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.) |
| DoS против PHP | | Опубликовано: | | 21 января 2012 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 12159 | | Тип: | | библиотека | | Опасность: | | 5/10 | | Описание: | | Обращение по нулевому указателю из-за непроверяемого значения zend_strndup |
| Затронутые продукты: | | PHP : PHP 5.3 | | CVE: | | CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.) |
Уязвимости безопасности в HP StorageWorks P2000
дополнено с 16 января 2012 г. | | Опубликовано: | | 21 января 2012 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 12144 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | Учетная запись по умолчанию, обратный путь в каталогах. |
| Затронутые продукты: | | HP : StorageWorks P2000 | | CVE: | | CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.) |
Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 21 января 2012 г. | | Опубликовано: | | 21 января 2012 г. | | Источник: | | | | SecurityVulns ID: | | 12156 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д. |
| Оригинальный текст |  | security_(at)_infoserve.de, Multiple Cross-Site-Scripting vulnerabilities in x3cms (21.01.2012) |
| | | noreply_(at)_ptsecurity.ru, [PT-2011-01] Cross-Site Scripting in Kayako Support Suite (21.01.2012) |
| | | noreply_(at)_ptsecurity.ru, [PT-2011-02] PHP code Injection in Kayako Support Suite (21.01.2012) |
| | | noreply_(at)_ptsecurity.ru, [PT-2011-03] Information disclosure in Kayako Support Suite (21.01.2012) |
| | | noreply_(at)_ptsecurity.ru, [PT-2011-04] Cross-Site Scripting in Kayako Support Suite (21.01.2012) |
| | | DEBIAN, [SECURITY] [DSA 2386-1] openttd security update (21.01.2012) |
| | | sschurtz_(at)_darksecurity.de, ATutor 2.0.3 Multiple XSS vulnerabilities (21.01.2012) |
| | | sschurtz_(at)_darksecurity.de, BoltWire 3.4.16 Multiple XSS vulnerabilities (21.01.2012) |
| | | sschurtz_(at)_darksecurity.de, phpVideoPro Multiple XSS vulnerabilities (21.01.2012) |
| | | sschurtz_(at)_darksecurity.de, Beehive Forum 101 Multiple XSS vulnerabilities (21.01.2012) |
| | | tom, Family Connections 2.7.2 Multiple XSS (21.01.2012) |
| | | advisory_(at)_htbridge.ch, XSS in OneOrZero AIMS (21.01.2012) |
| | | advisories_(at)_intern0t.net, Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS (21.01.2012) |
| | | n0b0d13s_(at)_gmail.com, appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability (21.01.2012) |
| | | tom, Webcalendar 1.2.4 'location' XSS (21.01.2012) |
Многочисленные уязвимости безопасности в Adobe Acrobat / Reader
дополнено с 21 января 2012 г. | | Опубликовано: | | 13 февраля 2012 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 12154 | | Тип: | | клиент | | Опасность: | | 8/10 | | Описание: | | Выполнение кода, многочисленные повреждения памяти. |
| Затронутые продукты: | | ADOBE : Reader 10.1 | | | | ADOBE : Acrobat 10.1 | | CVE: | | CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.) | | | | CVE-2011-4372 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.) | | | | CVE-2011-4371 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.) | | | | CVE-2011-4370 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.) | | | | CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.) | | | | CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.) |
|
|
|
|
|
|
|
|
