Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 12 октября 2011 г.
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11965
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти с возможностью выполнения кода.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-2001 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability.")
 CVE-2011-2000 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability.")
 CVE-2011-1999 (Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability.")
 CVE-2011-1998 (Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability.")
 CVE-2011-1997 (Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability.")
 CVE-2011-1996 (Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability.")
 CVE-2011-1995 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability.")
 CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after-free Vulnerability (23.10.2011)
 documentZDI, ZDI-11-287 : Internet Explorer Select Element Cache Remote Code Execution Vulnerability (20.10.2011)
 documentZDI, ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability (20.10.2011)
 documentZDI, ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code,Execution Vulnerability (20.10.2011)
 documentZDI, ZDI-11-290 : Microsoft Internet Explorer SetExpandedClipRect Remote,Code Execution Vulnerability (20.10.2011)
 documentIDEFENSE, iDefense Security Advisory 10.11.11: Microsoft Internet Explorer Object Handling Memory Corruption Vulnerability (16.10.2011)
 documentifsecure_(at)_gmail.com, Two Remote Code Execution Vulnerabilities in Internet Explorer (16.10.2011)
Файлы:Microsoft Security Bulletin MS11-081 - Critical Cumulative Security Update for Internet Explorer (2586448)

Многочисленные уязвимости безопасности в продуктах Oracle / Sun / People Soft
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11986
Тип:удаленная
Уровень опасности:
9/10
Описание:Очередное ежеквартальное обновление закрывает свыше 50 различных уязвимостей.
Затронутые продукты:ORACLE : Oracle E-Business Suite 11.5
 ORACLE : Oracle 10g
 ORACLE : WebLogic Portal 9.2
 ORACLE : Oracle Application Server 10g
 ORACLE : Oracle 11g
 ORACLE : WebLogic Server 10.0
 ORACLE : WebLogic Server 9.2
 ORACLE : PeopleSoft Enterprise HRMS 8.9
 ORACLE : PeopleSoft Enterprise HRMS 9.0
 ORACLE : WebLogic Portal 10.0
 ORACLE : WebLogic Server 10.3
 ORACLE : Oracle E-Business Suite 12.1
 ORACLE : WebLogic Portal 10.3
 ORACLE : Oracle Thesaurus Management System 4.6
 ORACLE : Oracle Identity Management 10g
 ORACLE : Oracle Fusion Middleware 11g
 ORACLE : Oracle Outside In Technology 8.3
 ORACLE : PeopleSoft Enterprise HRMS 9.1
 ORACLE : Oracle Business Intelligence 11.1
 ORACLE : WebLogic Portal 10.2
 ORACLE : Agile Product Supplier Collaboration for Process 6.0
 ORACLE : PeopleSoft Enterprise PeopleTools 8.51
 ORACLE : Siebel CRM Core and Apps 8.1
 ORACLE : Oracle Clinical 4.6
CVE:CVE-2011-3559 (Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container.)
 CVE-2011-3543 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM).)
 CVE-2011-3542 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Performance Counter BackEnd Module (pcbe).)
 CVE-2011-3541 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows local users to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2011-3539 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.)
 CVE-2011-3538 (Unspecified vulnerability in the Sun Ray component in Oracle Virtualization 4.0 allows remote attackers to affect integrity, related to Authentication. NOTE: this identifier was inadvertently used for an Oracle Industry Applications issue involving TMS Help, but that issue has been assigned CVE-2011-2323.)
 CVE-2011-3537 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.)
 CVE-2011-3536 (Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to DTrace Software Library (libdtrace).)
 CVE-2011-3535 (Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Server (rquotad).)
 CVE-2011-3534 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).)
 CVE-2011-3533 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality and integrity, related to Job Profile Manager (JPM).)
 CVE-2011-3532 (Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0.2, 6.0.0.3, and 6.0.0.4 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal.)
 CVE-2011-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality via unknown vectors related to eDevelopment.)
 CVE-2011-3529 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager.)
 CVE-2011-3528 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eProfile.)
 CVE-2011-3527 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Candidate Gateway.)
 CVE-2011-3526 (Unspecified vulnerability in the Siebel Core - UIF Server component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to User Interface.)
 CVE-2011-3525 (Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user.)
 CVE-2011-3523 (Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console.)
 CVE-2011-3522 (Unspecified vulnerability in SysFW 8.0 on certain SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade based servers allows local users to affect confidentiality, related to Integrated Lights Out Manager CLI.)
 CVE-2011-3520 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49, 8.50, and 8.51 allows remote authenticated users to affect integrity via unknown vectors related to Personalization.)
 CVE-2011-3519 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services.)
 CVE-2011-3518 (Unspecified vulnerability in the Siebel Core - UIF Client component in Oracle Siebel CRM 8.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Interface.)
 CVE-2011-3517 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 8.0 allows remote attackers to affect availability via unknown vectors related to Authentication.)
 CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-3515
 CVE-2011-3513 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages.)
 CVE-2011-3512 (Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2011-3511 (Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote authenticated users to affect integrity and availability via unknown vectors related to Privileged Account.)
 CVE-2011-3510 (Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.3.0 and 11.1.1.5.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Platform Security.)
 CVE-2011-3508 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.)
 CVE-2011-3507 (Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server.)
 CVE-2011-3506 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.)
 CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.)
 CVE-2011-2327 (Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows local users to affect confidentiality via unknown vectors related to Delegated Administrator.)
 CVE-2011-2323 (Unspecified vulnerability in the Health Sciences - Oracle Thesaurus Management System component in Oracle Industry Applications 4.6.1 and 4.6.2 allows remote attackers to affect integrity, related to TMS Help.)
 CVE-2011-2322 (Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA.)
 CVE-2011-2320 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Services.)
 CVE-2011-2319 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality, related to JMS.)
 CVE-2011-2318 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security.)
 CVE-2011-2315 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49, 8.50, and 8.51 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security.)
 CVE-2011-2314 (Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors related to JavaServer Pages.)
 CVE-2011-2313 (Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS.)
 CVE-2011-2312 (Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, related to ZFS.)
 CVE-2011-2311 (Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS.)
 CVE-2011-2310 (Unspecified vulnerability in the Oracle Waveset component in Oracle Sun Products Suite 8.1.0 and 8.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Administration.)
 CVE-2011-2309 (Unspecified vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component in Oracle Industry Applications 4.6 and 4.6.2 allows remote attackers to affect integrity, related to RDC Help.)
 CVE-2011-2308 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Online Help.)
 CVE-2011-2306 (Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated.")
 CVE-2011-2304 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality, related to Network Services Library (libnsl).)
 CVE-2011-2303 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload.)
 CVE-2011-2302 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Single Sign On.)
 CVE-2011-2301 (Unspecified vulnerability in the Oracle Text component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to CTXSYS.DRVDISP.)
 CVE-2011-2292 (Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.)
 CVE-2011-2286 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.)
 CVE-2011-2255 (Unspecified vulnerability in the Oracle WebLogic Portal component in Oracle Fusion Middleware 9.2.3.0, 10.0.1.0, 10.2.1.0, and 10.3.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2011-2237 (Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console.)
Оригинальный текстdocumentrgod, Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability (24.10.2011)
 documentSHATTER, TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN function) (24.10.2011)
 documentSHATTER, TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites (24.10.2011)
 documentSHATTER, TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatypes (24.10.2011)
Файлы:Oracle Critical Patch Update Advisory - October 2011

Повышение привилегий в FTP-сервере из MIT krb5
дополнено с 11 июля 2011 г.
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11777
Тип:удаленная
Уровень опасности:
5/10
Описание:Не сбрасываются привилегии группы, с которой был запущен демон. DoS-условия в различных бэк-ендах.
Затронутые продукты:MIT : krb5-appl 1.0
CVE:CVE-2011-1529 (The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.)
 CVE-2011-1528 (The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function.)
 CVE-2011-1527 (The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.)
 CVE-2011-1526 (ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.)
Оригинальный текстdocumentMIT, MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529] (24.10.2011)
 documentMIT, MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526] (11.07.2011)

Многочисленные уязвимости безопасности в Apple OS X
дополнено с 16 октября 2011 г.
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11973
Тип:удаленная
Уровень опасности:
8/10
Описание:Многочисленные уязвимости в различных компонентах системы.
Затронутые продукты:APPLE : MacOS X 10.7
CVE:CVE-2011-3437 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.)
 CVE-2011-3436 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.)
 CVE-2011-3435 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.)
 CVE-2011-3246 (CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.)
 CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.)
 CVE-2011-3227 (libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.)
 CVE-2011-3226 (Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account.)
 CVE-2011-3225 (The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account.)
 CVE-2011-3224 (The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.)
 CVE-2011-3223 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.)
 CVE-2011-3222 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2011-3221 (QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.)
 CVE-2011-3220 (QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.)
 CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2011-3218 (The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.)
 CVE-2011-3217 (MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.)
 CVE-2011-3216 (The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.)
 CVE-2011-3215 (The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state.)
 CVE-2011-3214 (IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.)
 CVE-2011-3213 (The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.)
 CVE-2011-3212 (CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.)
 CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.)
 CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.)
 CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.)
 CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.)
 CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.)
 CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.)
 CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.)
 CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.)
 CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.)
 CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.)
 CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.)
 CVE-2011-1755 (jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
 CVE-2011-1521 (The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.)
 CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.)
 CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.)
 CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.)
 CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function.)
 CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.)
 CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.)
 CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.)
 CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.)
 CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.)
 CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.)
 CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.)
 CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.)
 CVE-2011-0420 (The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.)
 CVE-2011-0419 (Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.)
 CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.)
 CVE-2011-0260 (The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window.)
 CVE-2011-0259 (CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.)
 CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file.)
 CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file.)
 CVE-2011-0250 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file.)
 CVE-2011-0249 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file.)
 CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue.")
 CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.)
 CVE-2011-0229 (Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.)
 CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.)
 CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.)
 CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.)
 CVE-2011-0185 (Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.)
 CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Software Foundation Tomcat 7.0 before 7.0.6, 5.5 before 5.5.32, and 6.0 before 6.0.30 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.)
 CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.)
 CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.)
 CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.)
 CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.)
 CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.)
 CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.)
 CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer.")
 CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.)
 CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.)
 CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.)
 CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.)
 CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.)
Оригинальный текстdocumentZDI, ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability (24.10.2011)
 document[email protected], NGS00062 Technical Advisory: Apple OSX / iPhone ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow (16.10.2011)
 documentAPPLE, APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006 (16.10.2011)

Обращение к неинициализированной памяти в Asterisk
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11987
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при обработке запроса SIP.
Затронутые продукты:ASTERISK : Asterisk 1.8
 ASTERISK : Asterisk 10.0
CVE:CVE-2011-4063 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.)
Оригинальный текстdocumentASTERISK, AST-2011-012: Remote crash vulnerability in SIP channel driver (24.10.2011)

Многочисленные уязвимости безопасности в tor
дополнено с 19 января 2011 г.
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11359
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера динамической памяти, DoS, утечка ключевой информации.
Затронутые продукты:TOR : tor 0.2
CVE:CVE-2011-1924 (Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.)
 CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.)
 CVE-2011-0492 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.)
 CVE-2011-0491 (The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors.")
 CVE-2011-0490 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.)
 CVE-2011-0427 (Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.)
 CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2148-1] Security update for tor (19.01.2011)

Многочисленные уязвимости безопасности в HP Data Protector Notebook Extension
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11989
Тип:клиент
Уровень опасности:
6/10
Затронутые продукты:HP : HP Data Protector Notebook Extension 6.20
 HP : HP Data Protector for Personal Computers 7.0
CVE:CVE-2011-3162 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296.)
 CVE-2011-3161 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.)
 CVE-2011-3160 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1228.)
 CVE-2011-3159 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227.)
 CVE-2011-3158 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226.)
 CVE-2011-3157 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225.)
 CVE-2011-3156 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1222.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code (24.10.2011)

Утечка информации в HP MFP Digital Sending Software
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11990
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:HP : HP MFP Digital Sending Software 4.91
CVE:CVE-2011-3163 (HP MFP Digital Sending Software 4.9x through 4.91.21 allows local users to obtain sensitive workflow-metadata information via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure (24.10.2011)

Выполнение кода в Cisco CiscoWorks Common Services
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11991
Тип:локальная
Уровень опасности:
5/10
Описание:Возможно выполнение кода с правами локальной системы.
Затронутые продукты:CISCO : CiscoWorks Common Services 4.0
CVE:CVE-2011-3310 (The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability (24.10.2011)

Уязвимости безопасности в Cisco Show and Share
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11992
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход аутентификации, выполнение кода.
Затронутые продукты:CISCO : Cisco Show and Share 5.2
CVE:CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857.)
 CVE-2011-2584 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities (24.10.2011)

DoS против Daemon Tools
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11994
Тип:локальная
Уровень опасности:
4/10
Описание:Отказ при обработке IOCTL
Затронутые продукты:DAEMONTOOLS : DAEMON Tools 4.40
CVE:CVE-2011-3987 (dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard before 4.41.0315, and Pro Advanced before 4.41.0315 allows local users to cause a denial of service (system crash) via an invalid DeviceIoControl request to \\.\dtsoftbusctl.)
Оригинальный текстdocumenttanda_(at)_fourteenforty.jp, DAEMON Tools IOCTL local denial-of-service vulnerability (24.10.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:24 октября 2011 г.
Источник:
SecurityVulns ID:11995
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SITEATSCHOOL : [email protected] 2.4
 OPENENGINE : openEngine 2.0
 TINE20 : Tine 2.0
 OCSINVENTORYNG : OCS Inventory NG 2.0
 YETANOTHERCMS : Yet Another CMS 1.0
 DOLPHIN : Dolphin 7.0
 WORDPRESS : BackWPUp 2.1
 BUGFREE : BugFree 2.1
 WORDPRESS : Pretty Link 1.4
 LEDGERSMB : LedgerSMB 1.3
 ZOHO : ADSelfService Plus 4.5
 JOOMLA : JCE 2.0
 KAIBB : KaiBB 2.0
 CONTAO : Contao 2.10
 ACTIVEDEV : Active CMS 1.2
 SIMPLEPRESS : Simple:Press Forum 4.4
CVE:CVE-2011-4024 (Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1364 (Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.)
 CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.)
Оригинальный текстdocumentMustLive, Code Execution and FPD vulnerabilities in Simple:Press Forum for WordPress (24.10.2011)
 documentBHG Security Center, Joomla Component (com_sgicatalog) <= SQL Injection Vulnerability (24.10.2011)
 documentsschurtz_(at)_t-online.de, Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability (24.10.2011)
 documentsschurtz_(at)_t-online.de, Contao 2.10.1 Cross-site scripting vulnerability (24.10.2011)
 documentsschurtz_(at)_t-online.de, openEngine 2.0 'key' Blind SQL Injection vulnerability (24.10.2011)
 documentsschurtz_(at)_t-online.de, KaiBB 2.0.1 XSS and SQL Injection vulnerabilities (24.10.2011)
 documentadmin_(at)_bugreport.ir, msgid:[email protected][email protected]&[email protected]&folder=\\3APA3A\Bugtraq&subject=Related%20POC%20for%20JCE%20Joomla%20Extension%20<%3D2 (24.10.2011)
 documentroberto.paleari_(at)_emaze.net, ZOHO ManageEngine ADSelfService Plus Administrative Access (24.10.2011)
 documentAdi Sharabani, Google App Enging SDK Code Execution Vulnerability (CVE 2011-1364) (24.10.2011)
 documentChris Travers, LedgerSMB 1.3.0 released, includes anti-XSRF framework (24.10.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in BugFree (24.10.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Pretty Link WordPress Plugin (24.10.2011)
 documentDrew Calcott, Security-Assessment.com Advisory: Destination Search Admin Console Access Control Bypass (24.10.2011)
 documentlists_(at)_senseofsecurity.com, WordPress Plugin BackWPUp 2.1.4 - Security Advisory - SOS-11-012 (24.10.2011)
 documentnoreply_(at)_ptsecurity.ru, [PT-2011-14] SQL injection vulnerability in BoonEx Dolphin (24.10.2011)
 documentsschurtz_(at)_t-online.de, [email protected] 2.4.10 SQL Injection & XSS vulnerabilities (24.10.2011)
 documentn0b0d13s_(at)_gmail.com, Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection (24.10.2011)
 documentsschurtz_(at)_t-online.de, Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities (24.10.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Tine 2.0 (24.10.2011)
 documentNicolas DEROUET, OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024) (24.10.2011)
 documentsschurtz_(at)_t-online.de, Metasploit 4.1.0 Web UI stored XSS vulnerability (24.10.2011)
 documentmd.r00t.defacer_(at)_gmail.com, inCommand Technologies, Inc. Cross-site Scripting Vulnerability (24.10.2011)

Обход аутентфикации в Toshiba eStudio
дополнено с 24 октября 2011 г.
Опубликовано:6 ноября 2011 г.
Источник:
SecurityVulns ID:11993
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможен прямой доступ без аутентификации по URL.
Оригинальный текстdocumentpercx_(at)_foofus.net, foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage (06.11.2011)
 documentpercx_(at)_foofus.net, foofus.net Security Advisory - Toshiba eStudio Multifunction Printer Authentication Bypass (24.10.2011)

Многочисленные уязвимости в Oracle Java
дополнено с 24 октября 2011 г.
Опубликовано:11 ноября 2011 г.
Источник:
SecurityVulns ID:11988
Тип:библиотека
Уровень опасности:
9/10
Описание:Ежеквартальное обновление закрывает 20 различных уязвимостей.
Затронутые продукты:ORACLE : JRE 1.4
 ORACLE : JRE 5
 ORACLE : JRE 6
 ORACLE : JDK 6
 ORACLE : JDK 7
 ORACLE : JRE 7
 ORACLE : JDK 5
 ORACLE : JavaFX 2.0
 ORACLE : JRockit 28.1
CVE:CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.)
 CVE-2011-3560 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.)
 CVE-2011-3558 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.)
 CVE-2011-3557 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.)
 CVE-2011-3556 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.)
 CVE-2011-3555 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.)
 CVE-2011-3554 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2011-3553 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.)
 CVE-2011-3552 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.)
 CVE-2011-3551 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-3550 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.)
 CVE-2011-3549 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.)
 CVE-2011-3548 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.)
 CVE-2011-3547 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.)
 CVE-2011-3546 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.)
 CVE-2011-3545 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.)
 CVE-2011-3544 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.)
 CVE-2011-3521 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.)
 CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 (11.11.2011)
 documentZDI, ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability (31.10.2011)
 documentRoee Hay, DNS Poisoning via Port Exhaustion (24.10.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород