Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 13 июня 2012 г.
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12404
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, утечка информации, выполнение кода.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability.")
 CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability.")
 CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability.")
 CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability.")
 CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability.")
 CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability.")
 CVE-2012-1876 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.)
 CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability.")
 CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability.")
 CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability.")
 CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability.")
 CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.")
 CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037) (25.06.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875) (25.06.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876) (25.06.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability (17.06.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability (17.06.2012)
 documentZDI, ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability (17.06.2012)
Файлы:Microsoft Security Bulletin MS12-037 - Critical Cumulative Security Update for Internet Explorer (2699988)

Повышение привилегий в ядре FreeBSD
дополнено с 13 июня 2012 г.
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12411
Тип:локальная
Уровень опасности:
6/10
Описание:Повышение привилегий при возврате из системного вызова на некоторых платформах.
Затронутые продукты:FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 9.0
 FREEBSD : FreeBSD 8.3
CVE:CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the Intel x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability.")
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED] (25.06.2012)
 documentFREEBSD, CVE-2012-0217 (13.06.2012)

Переполнение буфера в Lattice Diamond Programmer
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12437
Тип:локальная
Уровень опасности:
4/10
Описание:Выполнение кода через файлы .xcf
Затронутые продукты:LATTICE : Diamond Programmer 1.4
CVE:CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow (25.06.2012)

DoS против snmpd
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12438
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при обращении к несуществующей записи в таблице расширений.
Затронутые продукты:NETSNMP : net-snmp 5.6
CVE:CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:099 ] net-snmp (25.06.2012)

Многочисленные уязвимости безопасности в HP Business Service Management
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12439
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, несанционированный доступ, DoS.
Затронутые продукты:HP : HP Business Service Management 9.12
CVE:CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02792 SSRT100820 rev.1 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS) (25.06.2012)

Повышение привилегий в Cisco Application Control Engine
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12441
Тип:локальная
Уровень опасности:
4/10
Описание:Администратор одного контекста может получить доступ к другому контексту.
Затронутые продукты:CISCO : ACE A4
 CISCO : ACE A5
CVE:CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco Application Control Engine Administrator IP Address Overlap Vulnerability (25.06.2012)

DoS против Cisco ASA
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12442
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможно удаленно перезагрузить устройство.
Затронутые продукты:CISCO : ASA 5500
CVE:CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability (25.06.2012)

Многочисленные уязвимости в антивирусе ClamAV
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12443
Тип:библиотека
Уровень опасности:
6/10
Описание:Уязвимости при разборе TAR и CHM
Затронутые продукты:CLAMAV : ClamAV 0.96
CVE:CVE-2012-1459 (The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro A)
 CVE-2012-1458 (The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.)
 CVE-2012-1457 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field t)

Многочисленные уязвимости безопасности в QNAP Turbo NAS
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12444
Тип:локальная
Уровень опасности:
4/10
Описание:Утечка информации, повышение привилегий, доступ к системе.
Затронутые продукты:QNAP : Turbo NAS
Оригинальный текстdocumentlists_(at)_senseofsecurity.com, QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory (25.06.2012)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12445
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:MYBB : Mybb 1.6
 SQUIZ : Squiz Matrix 4.6
 TRAQ : traq 2.3
 WEBATALL : [email protected] 2.6
 COMMENTICS : Commentics 2.0
 NEWSSCRIPTSPHP : News Script PHP 1.2
 WEBIFY : Webify 6.5
 SWOOPO : Gold Shop 8.4
 ERGON : Airlock 4.2
CVE:CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in [email protected] 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.)
 CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in [email protected] 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass (25.06.2012)
 documentVulnerability Lab, Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007 (25.06.2012)
 documentVulnerability Lab, [Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities (25.06.2012)
 documentVulnerability Lab, Webify Product Series - Multiple Web Vulnerabilities (25.06.2012)
 documentVulnerability Lab, News Script PHP v1.2 - Multiple Web Vulnerabilites (25.06.2012)
 documentpereira_(at)_secbiz.de, Commentics 2.0 <= Multiple Vulnerabilities (25.06.2012)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in [email protected] (25.06.2012)
 documentchin4b0y, Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy (25.06.2012)
 documentchin4b0y, traq-2.3.5_CSRF_XSS_SQL_INjeCTION_vulns (25.06.2012)

Утечка информации в Western Digital ShareSpace
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12446
Тип:удаленная
Уровень опасности:
4/10
Описание:Возможно получить доступ к файлу конфигурации через Web-интерфейс.
Затронутые продукты:WD : ShareSpace
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure (25.06.2012)

Многочисленные уязвимости безопасности в Cisco AnyConnect Secure Mobility Client
дополнено с 25 июня 2012 г.
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12440
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Выполнение кода, обход защиты.
Затронутые продукты:CISCO : AnyConnect Secure Mobility 3.0
CVE:CVE-2012-4655 (The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.)
 CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.)
 CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.)
 CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.)
 CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.)
Оригинальный текстdocumentZDI, ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability (26.08.2012)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client (25.06.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород