Информационная безопасность
[RU] switch to English


Выполнение кода в HP Intelligent Management
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12533
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода в img.exe при обработке запроса TCP/8800
Оригинальный текстdocumentZDI, ZDI-12-164 : (0Day) HP Intelligent Management Center img.exe Integer Wrap Remote Code Execution Vulnerability (27.08.2012)

Выполнение кода в HP Operations Agent for NonStop Server
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12534
Тип:удаленная
Уровень опасности:
8/10
Описание:Выполнение кода при разборе пакета по портам TCP/7771 и TCP/8976.
Оригинальный текстdocumentZDI, ZDI-12-165 : (0Day) HP Operations Agent for NonStop Server HEALTH Packet Parsing Remote Code Execution Vulnerability (27.08.2012)

Несанкционированный доступ к HP LeftHand Virtual SAN Appliance
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12535
Тип:удаленная
Уровень опасности:
7/10
Описание:Обход аутентификации в службе TCP/13841
Оригинальный текстdocumentZDI, ZDI-12-166 : (0Day) HP LeftHand Virtual SAN Appliance Unauthenticated Access Remote Command Execution Vulnerability (27.08.2012)

DoS против HP Serviceguard
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12537
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP Serviceguard A.11.20
CVE:CVE-2012-3252 (Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02806 SSRT100789 rev.2 - HP Serviceguard, Remote Denial of Service (DoS) (27.08.2012)

Уязвимости безопасности в Nova
дополнено с 9 июля 2012 г.
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12461
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий, DoS.
CVE:CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.)
 CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.)
 CVE-2012-3361 (virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.)
 CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.)
Оригинальный текстdocumentUBUNTU, [USN-1545-1] Nova vulnerability (27.08.2012)
 documentUBUNTU, [USN-1497-1] Nova vulnerabilities (09.07.2012)

Повреждение памяти в ImageMagic
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12538
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждение памяти при обработке PNG
Затронутые продукты:IMAGEMAGIC : ImageMagick 6.7
CVE:CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.)
Оригинальный текстdocumentUBUNTU, [USN-1544-1] ImageMagick vulnerability (27.08.2012)

Уязвимости безопасности в GIMP
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12539
Тип:локальная
Уровень опасности:
4/10
Описание:Повреждения памяти при разборе KISS CEL и GIF.
Затронутые продукты:GNU : gimp 2.8
CVE:CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
 CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free.")
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:142 ] gimp (27.08.2012)

Повышение привилегий в PostgreSQL
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12540
Тип:локальная
Уровень опасности:
5/10
Описание:Различные повышения привилегий через расширение XML2.
Затронутые продукты:POSTGRES : PostgreSQL 8.4
 POSTGRES : PostgreSQL 9.1
CVE:CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.)
 CVE-2012-3488 (The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.)
Оригинальный текстdocumentUBUNTU, [USN-1542-1] PostgreSQL vulnerabilities (27.08.2012)

DoS условия в Xen
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12542
Тип:локальная
Уровень опасности:
5/10
Описание:Различные DoS условия.
Затронутые продукты:XEN : Xen 4.1
CVE:CVE-2012-3433 (Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.)
 CVE-2012-3432 (The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2531-1] xen security update (27.08.2012)

Межсайтовый скриптинг в Lsoft ListServ
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12543
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в веб-интерфейсе.
Затронутые продукты:LSOFT : ListServ 16
Оригинальный текстdocumentJose Carlos de Arriba, [FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS (27.08.2012)

DoS против HP Integrity Server
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12544
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP Integrity Server BL860c i2
 HP : HP Integrity Server BL870c i2
 HP : HP Integrity Server BL890c i2
 HP : HP Integrity Server rx2800 i2
CVE:CVE-2012-3247 (Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2, BL870c i2, BL890c i2, Potential Denial of Service (DoS) (27.08.2012)

Уязвимости безопасности в HP Fortify Software Security Center
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12545
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации.
Затронутые продукты:HP : Fortify Software Security Center 3.5
CVE:CVE-2012-3249 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.)
 CVE-2012-3249 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.)
 CVE-2012-3248 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.)
 CVE-2012-3248 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors.)
Оригинальный текстdocumentHP, Fortify Software Security Center (27.08.2012)
 documentHP, [security bulletin] HPSBMU02801 SSRT100879 rev.1 - HP Fortify Software Security Center, Remote Unauthenticated Disclosure of Information (27.08.2012)

Уязвимости безопасности в HP Service Manager
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12546
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, DoS.
Затронутые продукты:HP : HP Service Manager 7.11
 HP : HP Service Center 6.28
CVE:CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02800 SSRT100921 rev.1 - HP Service Manager and HP Service Center Server, Remote Denial of Service (DoS) (27.08.2012)

DoS против OpenLDAP
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12547
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при поиске с attrsOnly
Затронутые продукты:OPENLDAP : OpenLDAP 2.4
CVE:CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.)

Многочисленные уязвимости безопасности в Apple Quicktime
дополнено с 21 мая 2012 г.
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12382
Тип:библиотека
Уровень опасности:
8/10
Описание:Различные уязвимости при разборе TexML, H.264, MP4, MPEG, PNG, QTVR, JPEG2000, PICT и других аудио и видео форматов.
Затронутые продукты:APPLE : QuickTime 7.7
CVE:CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.)
 CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.)
 CVE-2012-0669 (Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.)
 CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.)
 CVE-2012-0667 (Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.)
 CVE-2012-0666 (Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.)
 CVE-2012-0665 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2012-0664 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.)
 CVE-2012-0663 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.)
 CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.)
 CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.)
 CVE-2012-0265 (Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file.)
 CVE-2011-3460 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.)
 CVE-2011-3459 (Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.)
 CVE-2011-3458 (QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.)
Оригинальный текстdocumentZDI, ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability (13.08.2012)
 documentZDI, ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability (13.08.2012)
 documentZDI, ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability (24.06.2012)
 documentZDI, ZDI-12-079 : Apple QuickTime H264 Picture Width Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-078 : Apple QuickTime SVQ3 Codec mb_skip_run Parsing Remote Code Execution (13.06.2012)
 documentZDI, ZDI-12-077 : Apple QuickTime QTVR QTVRStringAtom Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-076 : Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-075 : Apple Quicktime RLE Sample Decoding Remote Code Execution Vulnerability (13.06.2012)
 documentRodrigo Rubira Branco (BSDaemon), Apple Quicktime Memory Corruption (CVE-2012-0671) (21.05.2012)
 documentAPPLE, APPLE-SA-2012-05-15-1 QuickTime 7.7.2 (21.05.2012)

Многочисленные уязвимости безопасности в Cisco AnyConnect Secure Mobility Client
дополнено с 25 июня 2012 г.
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12440
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Выполнение кода, обход защиты.
Затронутые продукты:CISCO : AnyConnect Secure Mobility 3.0
CVE:CVE-2012-4655 (The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.)
 CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.)
 CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.)
 CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.)
 CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.)
Оригинальный текстdocumentZDI, ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability (26.08.2012)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client (25.06.2012)

Многочисленные уязвимости в Apple WebKit (iTunes, iPhone, Safari, Google Chrome)
дополнено с 9 марта 2012 г.
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12238
Тип:клиент
Уровень опасности:
8/10
Описание:Более 70 различных уязвимостей связанных с повреждением памяти, межсайтовый скриптинг, утечка информации.
Затронутые продукты:APPLE : iTunes 10.5
 GOOGLE : Chrome 15.0
 APPLE : iPhone OS 5.1
CVE:CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.)
 CVE-2012-0640 (WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.)
 CVE-2012-0639 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.)
 CVE-2012-0638 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.)
 CVE-2012-0637 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.)
 CVE-2012-0636 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.)
 CVE-2012-0635 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0634 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.)
 CVE-2012-0633 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0632 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0631 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0630 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0629 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0628 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0627 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0626 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0625 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0624 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0623 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0622 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0621 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0620 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0619 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0618 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0617 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0616 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0615 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0614 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0613 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0612 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0611 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0610 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0609 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0608 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0607 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0606 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0605 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0604 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0603 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0602 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0601 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0600 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0599 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0598 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0597 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0596 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0595 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0594 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0593 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0592 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0591 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2012-0590 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.)
 CVE-2012-0589 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.)
 CVE-2012-0588 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.)
 CVE-2012-0588 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.)
 CVE-2012-0587 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.)
 CVE-2012-0587 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.)
 CVE-2012-0586 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.)
 CVE-2012-0586 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.)
 CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.)
 CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.)
 CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.)
 CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.)
 CVE-2011-3881 (Google Chrome before 15.0.874.102 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.)
 CVE-2011-3881 (Google Chrome before 15.0.874.102 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.)
 CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font.")
 CVE-2011-2873 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2011-2872 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2011-2871 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2011-2870 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2011-2869 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2011-2868 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2011-2867 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2011-2866 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.)
 CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.)
 CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.)
 CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node.")
 CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing.")
 CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.)
 CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.)
 CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.)
 CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.)
Оригинальный текстdocumentZDI, ZDI-12-147 : WebKit ContentEditable swapInNode Use-After-Free Remote Code Execution Vulnerability (27.08.2012)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability (26.03.2012)
 documentAPPLE, APPLE-SA-2012-03-07-1 iTunes 10.6 (09.03.2012)

Выполнение кода в GE Proficy Real-Time Information Portal
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12526
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода при разборе трафика TCP/5159
Затронутые продукты:GE : Proficy Real-Time Information Portal 2.6
 GE : Proficy Real-Time Information Portal 3.0
 GE : Proficy Real-Time Information Portal 3.5
CVE:CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings.)
Оригинальный текстdocumentZDI, ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability (27.08.2012)

Переполнение буфера в Novell eDirectory
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12527
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в RelativeToFullDN при обработке LDAP-запроса.
Оригинальный текстdocumentZDI, ZDI-12-146 : Novell eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability (27.08.2012)

Выполнение кода в Symantec Endpoint Protection
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12528
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные уязвимости при обработке https-запрос по порту TCP/8443
CVE:CVE-2012-0289 (Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.)
Оригинальный текстdocumentZDI, ZDI-12-145 : Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability (27.08.2012)

Выполнение кода в IBM Lotus Notes
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12529
Тип:клиент
Уровень опасности:
7/10
Описание:Внедрение команд в URI.
CVE:CVE-2012-2174 (The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.)
Оригинальный текстdocumentZDI, ZDI-12-154 : IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability (27.08.2012)

Выполнение кода в HP iNode Management Center
дополнено с 27 августа 2012 г.
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12532
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода в iNodeMngChecker.exe при обработке запроса TCP/9090.
CVE:CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet.)
Оригинальный текстdocumentHP, [security bulletin] HPSB3C02809 SSRT100377 rev.1 - HP iNode Management Center, Remote Execution of Arbitrary Code (02.09.2012)
 documentHP, ZDI-12-163 : (0Day) HP iNode Management Center iNodeMngChecker.exe Remote Code Execution Vulnerability (27.08.2012)

Несанкционированный доступ через EMC ApplicationXtender
дополнено с 27 августа 2012 г.
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12536
Тип:удаленная
Уровень опасности:
7/10
Описание:Возможна загрузка файлов на удаленную систему.
Затронутые продукты:EMC : ApplicationXtender 6.5
CVE:CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors.)
Оригинальный текстdocumentZDI, ZDI-12-179 : EMC ApplicationXtender Desktop Viewer AEXView ActiveX AnnoSave Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, ZDI-12-182 : EMC AppXtender WxSuperCtrl650.ocx ActiveX Control Remote Code Execution Vulnerability (02.09.2012)
 documentEMC, ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability (27.08.2012)

Переполнение буфера в ActiveX InduSoft Thin Client
дополнено с 27 августа 2012 г.
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12530
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера через параметр InternationalOrder ISSymbol.ocx
CVE:CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.)
Оригинальный текстdocumentZDI, ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, CVE-2011-0340 (27.08.2012)

Утечка информации в Apple RemoteDesktop
дополнено с 27 августа 2012 г.
Опубликовано:19 сентября 2012 г.
Источник:
SecurityVulns ID:12541
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Игнорируется настройка шифрования для VNC-сервера.
Затронутые продукты:APPLE : Apple Remote Desktop 3.0
 APPLE : Apple Remote Desktop 3.5
CVE:CVE-2012-0681 (Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2012-09-17-1 Apple Remote Desktop 3.5.3 (19.09.2012)
 documentAPPLE, APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1 (27.08.2012)

Выполнение кода в HP Diagnostics Server
дополнено с 27 августа 2012 г.
Опубликовано:27 января 2013 г.
Источник:
SecurityVulns ID:12531
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода в magentservice.exe при разборе запрос TCP/23472
Затронутые продукты:HP : HP Diagnostics Server 9.21
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code (27.01.2013)
 documentZDI, ZDI-12-162 : (0Day) HP Diagnostics Server magentservice.exe Remote Code Execution Vulnerability (27.08.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород