Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12674
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SIMPLEMACHINES : Simple Machines Forum 2.0
 VIEWVC : viewvc 1.1
 TASKFREAK : TaskFreak 0.6
 WORDPRESS : Wordpress 3.4
 WORDPRESS : Wordpress Download Monitor 3.3
 LAYTON : Layton Helpbox 4.4
 INVENTORY : Inventory 1.0
 WORDPRESS : GRAND Flash Album Gallery 1.9
 WORDPRESS : GRAND Flash Album Gallery 2.0
 VAM : VaM Shop 1.69
 CLIPBUCKET : ClipBucket 2.6
 CMSMINI : CMSMini 0.2
 NOVOSOLUTIONS : Knowledge Base EE 4.62
CVE:CVE-2012-4977 (Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network.)
 CVE-2012-4976 (selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.)
 CVE-2012-4975 (editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.)
 CVE-2012-4974 (Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie.)
 CVE-2012-4973
 CVE-2012-4972 (Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp.)
 CVE-2012-4971 (Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp.)
 CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.)
 CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.)
 CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak.")
 CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.)
 CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.)
Оригинальный текстdocumentVulnerability Lab, ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities (29.10.2012)
 documentVulnerability Lab, Knowledge Base EE v4.62.0 - SQL Injection Vulnerability (29.10.2012)
 documentRoberto Paleari, Multiple vulnerabilities in Ezylog photovoltaic management server (29.10.2012)
 documentJoseph Sheridan, Wordpress Download Monitor - Download Page Cross-Site Scripting (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in TaskFreak (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in CMSMini (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in ClipBucket (29.10.2012)
 documentsec.team_(at)_cyberservices.com, VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities (29.10.2012)
 documentIrIsT.Ir_(at)_gmail.com, Smf 2.0.2 Cross-Site Scripting Vulnerability (29.10.2012)
 documentJanek Vind, [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin (29.10.2012)
 documentIrIsT.Ir_(at)_gmail.com, Wordpress 3.4 Cross-Site Scripting Vulnerability (29.10.2012)
 documentThomas Richards, Inventory 1.0 Multiple SQL Vulnerabilities (29.10.2012)
 documentThomas Richards, Inventory 1.0 Multiple XSS Vulnerabilities (29.10.2012)
 documentJoseph Sheridan, [SECURITY] [DSA 2563-1] viewvc security update (29.10.2012)
 documentJoseph Sheridan, Layton Helpbox 4.4.0 Multiple Security Issues (29.10.2012)

Уязвимости безопасности в Sybase ASE
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12675
Тип:библиотека
Уровень опасности:
6/10
Описание:Code execution, privilege escalation.
Затронутые продукты:SYBASE : Sybase ASE 15.0
 SYBASE : Sybase ASE 15.5
 SYBASE : Sybase ASE 15.7
Оригинальный текстdocumentSHATTER, Team SHATTER Security Advisory: Elevated roles through DBCC (29.10.2012)
 documentSHATTER, Team SHATTER Security Advisory: Java Operating System command execution (29.10.2012)

Повышение привилегий в IBM DB2
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12676
Тип:библиотека
Уровень опасности:
5/10
Описание:Повышение привилегий через хранимые процедуры GET_WRAP_CFG_C и GET_WRAP_CFG_C2.
Затронутые продукты:IBM : DB2 LUW 9.1
 IBM : DB2 LUW 9.5
 IBM : DB2 LUW 9.7
 IBM : DB2 LUW 10.1
Оригинальный текстdocumentSHATTER, Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2 (29.10.2012)

Переполнение буфера в IBM Informix Dynamic Server
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12677
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера в SET COLLATION.
Затронутые продукты:IBM : Informix Dynamic Server 11.50
Оригинальный текстdocumentEwerson Guimarгes (Crash) - Dclabs, [DCA-2011-0013] - IBM Informix Dynamic Server 11.50 SET COLLATION Stack OverFlow (29.10.2012)

Утечка информации в Beaker
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12678
Тип:библиотека
Уровень опасности:
5/10
Описание:Утечка информации при использовании AES в режиме ECB.
Затронутые продукты:PYTHON : Beaker 1.6
CVE:CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2541-1] beaker security update (29.10.2012)

Уязвимости безопасности в RSA BSAFE
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12679
Тип:удаленная
Уровень опасности:
5/10
Описание:BEAST-атаки, переполнение буфера.
Затронутые продукты:RSA : BSAFE Micro Edition Suite 4.0
 RSA : BSAFE SSL-C 2.8
CVE:CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.)
 CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
Оригинальный текстdocumentEMC, ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks (29.10.2012)
 documentEMC, ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities (29.10.2012)

Уязвимости безопасности в Sitecom Home Storage Center
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12680
Тип:удаленная
Уровень опасности:
4/10
Описание:Инъекция SQL, XSS.
Затронутые продукты:SITECOM : Sitecom MD-253
 SITECOM : Sitecom MD-254
Оригинальный текстdocumentmattijs_(at)_alcyon.nl, Security Advisory AA-007: Arbitrary File Upload Vulnerability in Sitecom Home Storage Center (29.10.2012)
 documentmattijs_(at)_alcyon.nl, Security Advisory AA-007: Command Injection Vulnerability in Sitecom Home Storage Center (29.10.2012)

DoS против Cisco Unified Presence / Jabber Extensible Communications Platform
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12682
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе заголовков потока.
Затронутые продукты:CISCO : Cisco Unified Presence 8.6
 CISCO : Jabber Extensible Communications Platform 5.2
CVE:CVE-2012-3935 (Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.)
Файлы:Cisco Unified Presence and Jabber Extensible Communications Platform Stream Header Denial of Service Vulnerability

DoS против Cisco ASA-CX Context-Aware Security appliance / Cisco Prime Security Manager
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12683
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание файловых ресурсов.
Затронутые продукты:CISCO : Cisco ASA-CX Context-Aware Security 9.0
 CISCO : Cisco Prime Security Manager 9.0
CVE:CVE-2012-4629 (The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603.)
Файлы:Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 12 октября 2012 г.
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12639
Тип:удаленная
Уровень опасности:
9/10
Описание:Утечка информации, многочисленные повреждения памяти, межсайтовый скриптинг и т.п.
Затронутые продукты:MOZILLA : Firefox 14
 MOZILLA : SeaMonkey 2.12
 MOZILLA : Firefox 15
 MOZILLA : Firefox 16
 MOZILLA : SeaMonkey 2.11
 MOZILLA : SeaMonkey 2.13
 MOZILLA : Thunderbird 15
 MOZILLA : Thunderbird 16
CVE:CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.)
 CVE-2012-4196 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.)
 CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.)
 CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.)
 CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.)
 CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.)
 CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.)
 CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-4187 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors.)
 CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-4185 (Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4184 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.)
 CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4181 (Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-4180 (Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-4179 (Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2012-3994 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.)
 CVE-2012-3993 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.)
 CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.)
 CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.)
 CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site.)
 CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.)
 CVE-2012-3989 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.)
 CVE-2012-3988 (Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.)
 CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.)
 CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.)
 CVE-2012-3985 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.)
 CVE-2012-3984 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling.)
 CVE-2012-3983 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-3977 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4930. Reason: This candidate is a duplicate of CVE-2012-4930. Notes: All CVE users should reference CVE-2012-4930 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Файлы:Mozilla Foundation Security Advisory 2012-73
 Mozilla Foundation Security Advisory 2012-74
 Mozilla Foundation Security Advisory 2012-75
 Mozilla Foundation Security Advisory 2012-76
 Mozilla Foundation Security Advisory 2012-77
 Mozilla Foundation Security Advisory 2012-78
 Mozilla Foundation Security Advisory 2012-79
 Mozilla Foundation Security Advisory 2012-80
 Mozilla Foundation Security Advisory 2012-81
 Mozilla Foundation Security Advisory 2012-82
 Mozilla Foundation Security Advisory 2012-83
 Mozilla Foundation Security Advisory 2012-84
 Mozilla Foundation Security Advisory 2012-85
 Mozilla Foundation Security Advisory 2012-86
 Mozilla Foundation Security Advisory 2012-87
 Mozilla Foundation Security Advisory 2012-88
 Mozilla Foundation Security Advisory 2012-89
 Mozilla Foundation Security Advisory 2012-90

Уязвимости безопасности в OpenStack
дополнено с 29 октября 2012 г.
Опубликовано:10 декабря 2012 г.
Источник:
SecurityVulns ID:12681
Тип:удаленная
Уровень опасности:
5/10
Описание:Проблемы с авторизацией доступа.
CVE:CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.)
 CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.)
 CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.)
 CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.)
 CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.)
Оригинальный текстdocumentUBUNTU, [USN-1641-1] OpenStack Keystone vulnerabilities (10.12.2012)
 documentUBUNTU, [USN-1565-1] OpenStack Horizon vulnerability (29.10.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород