Информационная безопасность
[RU] switch to English


Двойное освобождение памяти в logsurfer
Опубликовано:30 января 2012 г.
Источник:
SecurityVulns ID:12160
Тип:удаленная
Уровень опасности:
5/10
Описание:Двойное освобождение памяти в prepare_exec()
Затронутые продукты:LOGSURFER : logsurfer 1.8
CVE:CVE-2011-3626 (Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.)
Оригинальный текстdocumentGENTOO, [ GLSA 201201-04 ] Logsurfer: Arbitrary code execution (30.01.2012)

Многочисленные уязвимости безопасности в Barracuda Spam/Virus WAF 600
Опубликовано:30 января 2012 г.
Источник:
SecurityVulns ID:12161
Тип:удаленная
Уровень опасности:
5/10
Описание:Различные уязвимости веб-интерфейса.
Затронутые продукты:BARRACUDANETWORK : Barracuda Web Application Firewall 600
Оригинальный текстdocumentVulnerability Lab, [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities (30.01.2012)

Переполнение буфера в telnetd MIT / FreeBSD / Cisco
дополнено с 28 декабря 2011 г.
Опубликовано:30 января 2012 г.
Источник:
SecurityVulns ID:12120
Тип:удаленная
Уровень опасности:
10/10
Описание:Переполнение буфера в MIT krb5 telnetd / BSD telnetd активно используется для несанкционированного доступа.
Затронутые продукты:FREEBSD : FreeBSD 7.3
 FREEBSD : FreeBSD 8.1
 FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 8.2
 MIT : krb5-appl 1.0
 FREEBSD : FreeBSD 9.0
 HEIMDAL : Heimdal 1.5
 CISCO : AsyncOS 7.5
 CISCO : AsyncOS 7.7
CVE:CVE-2011-4862 (Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, and Heimdal 1.5.1 and earlier allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability (30.01.2012)
 documentMIT, MITKRB5-SA-2011-008 buffer overflow in telnetd [CVE-2011-4862] (02.01.2012)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-11:08.telnetd (02.01.2012)

Многочисленные уязвимости безопасности в продуктах Oracle / Sun / People Soft / MySQL
дополнено с 30 января 2012 г.
Опубликовано:10 марта 2012 г.
Источник:
SecurityVulns ID:12162
Тип:удаленная
Уровень опасности:
9/10
Описание:Около 80 уязвимостей в различных продуктах устранено в ежеквартальном обновлении.
Затронутые продукты:ORACLE : Oracle E-Business Suite 11.5
 ORACLE : MySQL 5.0
 ORACLE : Oracle 10g
 ORACLE : MySQL 5.1
 ORACLE : Oracle Application Server 10g
 ORACLE : Oracle 11g
 ORACLE : WebLogic Server 10.0
 ORACLE : WebLogic Server 9.2
 ORACLE : PeopleSoft Enterprise CRM 8.9
 ORACLE : WebLogic Server 10.3
 ORACLE : Oracle E-Business Suite 12.1
 ORACLE : PeopleSoft Enterprise HCM 9.0
 ORACLE : PeopleSoft Enterprise HCM 8.9
 ORACLE : PeopleSoft Enterprise HCM 9.1
 ORACLE : Oracle Transportation Management 5.5
 ORACLE : Oracle Transportation Management 6.0
 ORACLE : Oracle Transportation Management 6.1
 ORACLE : Oracle Outside In Technology 8.3
 ORACLE : Oracle E-Business Suite
 ORACLE : Oracle Transportation Management 6.2
 ORACLE : PeopleSoft Enterprise PeopleTools 8.52
 ORACLE : JDEdwards 8.98
 ORACLE : VirtualBox 4.1
 ORACLE : Virtual Desktop Infrastructure 3.2
 ORACLE : MySQL 5.5
CVE:CVE-2012-0496 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2012-0495 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.)
 CVE-2012-0494 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.)
 CVE-2012-0493 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.)
 CVE-2012-0492 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.)
 CVE-2012-0491 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.)
 CVE-2012-0490 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.)
 CVE-2012-0489 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.)
 CVE-2012-0488 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.)
 CVE-2012-0487 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.)
 CVE-2012-0486 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.)
 CVE-2012-0485 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.)
 CVE-2012-0484 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.)
 CVE-2012-0120 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.)
 CVE-2012-0119 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.)
 CVE-2012-0118 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.)
 CVE-2012-0117 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.)
 CVE-2012-0116 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2012-0115 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.)
 CVE-2012-0114 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.)
 CVE-2012-0113 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.)
 CVE-2012-0112 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.)
 CVE-2012-0111 (Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.)
 CVE-2012-0110 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.)
 CVE-2012-0109 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.)
 CVE-2012-0105 (Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.)
 CVE-2012-0104 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container.)
 CVE-2012-0103 (Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel.)
 CVE-2012-0102 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.)
 CVE-2012-0101 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.)
 CVE-2012-0100 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.)
 CVE-2012-0099 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.)
 CVE-2012-0098 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.)
 CVE-2012-0097 (Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.)
 CVE-2012-0096 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.)
 CVE-2012-0094 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.)
 CVE-2012-0091 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance.)
 CVE-2012-0089 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance.)
 CVE-2012-0088 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Benefits Administration.)
 CVE-2012-0087 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.)
 CVE-2012-0085 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server.)
 CVE-2012-0084 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server.)
 CVE-2012-0083 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search.)
 CVE-2012-0082 (Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity and availability via unknown vectors.)
 CVE-2012-0081 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration.)
 CVE-2012-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management.)
 CVE-2012-0079 (Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration.)
 CVE-2012-0078 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services (Menu, LOV).)
 CVE-2012-0077 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console.)
 CVE-2012-0076 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance.)
 CVE-2012-0075 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.)
 CVE-2012-0074 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales.)
 CVE-2012-0073 (Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2012-0072 (Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors.)
 CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.)
 CVE-2011-4517 (The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a malformed JPEG2000 file.)
 CVE-2011-4516 (Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a JPEG2000 file.)
 CVE-2011-3574 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server.)
 CVE-2011-3573 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server.)
 CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session.)
 CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.)
 CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security.)
 CVE-2011-3568 (Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security.)
 CVE-2011-3566 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container.)
 CVE-2011-3565 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server.)
 CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.)
 CVE-2011-3531 (Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security.)
 CVE-2011-3524 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509.)
 CVE-2011-3514 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET).)
 CVE-2011-3509 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3524.)
 CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.)
 CVE-2011-2326 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a differnet vulnerability than CVE-2011-2325, CVE-2011-3509, and CVE-2011-3524.)
 CVE-2011-2325 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2326, CVE-2011-3509, and CVE-2011-3524.)
 CVE-2011-2324 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC (JDENET).)
 CVE-2011-2321 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDNET).)
 CVE-2011-2317 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET).)
 CVE-2011-2271 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload.)
 CVE-2011-2262 (Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.)
Оригинальный текстdocumentZDI, TPTI-12-01 : Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability (10.03.2012)
 documentZDI, ZDI-12-039 : Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution (10.03.2012)
 documentZDI, ZDI-12-038 : Oracle Java JavaFX Arbitrary Argument Remote Code Execution Vulnerability (10.03.2012)
 documentZDI, ZDI-12-037 : Oracle Java Web Start JNLP Double Quote Remote Code Execution Vulnerability (10.03.2012)
 documentZDI, ZDI-12-032 : Oracle Java Runtime Environment readMabCurveData Integer Overflow Remote Code Execution Vulnerability (10.03.2012)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write (09.03.2012)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2012-02] Oracle JD Edwards Security Kernel Remote Password Disclosure (09.03.2012)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2012-03] Oracle JD Edwards SawKernel Arbitrary File Read (09.03.2012)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure (09.03.2012)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2012-05] Oracle JD Edwards JDENET Multiple Information Disclosure (09.03.2012)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2012-06] Oracle JD Edwards JDENET Large Packets Denial of Service (09.03.2012)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2012-07] Oracle JD Edwards SawKernel SET_INI Configuration Modification (09.03.2012)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2012-08] Oracle JD Edwards Security Kernel Information Disclosure (09.03.2012)
 documentZDI, ZDI-12-017 : Oracle Outside In OOXML Relationship Tag Parsing Remote Code Execution Vulnerability (30.01.2012)
Файлы:Oracle Critical Patch Update Advisory - January 2012

Многочисленные уязвимости безопасности в Symantec PCAnywhere
дополнено с 30 января 2012 г.
Опубликовано:1 мая 2012 г.
Источник:
SecurityVulns ID:12163
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода, повышение привилегий.
Затронутые продукты:SYMANTEC : pcAnywhere 12.5
 SYMANTEC : IT Management Suite 7.0
 SYMANTEC : IT Management Suite 7.1
CVE:CVE-2011-3478 (The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.)
Оригинальный текстdocument[email protected], NGS00117 Technical Advisory: Symantec pcAnywhere insecure file permissions local privilege escalation (01.05.2012)
 document[email protected], NGS00118 Technical Advisory: Symantec pcAnywhere Remote Code Execution as SYSTEM (01.05.2012)
 document[email protected], ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability (30.01.2012)
 document[email protected], NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation (30.01.2012)
 document[email protected], NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM (30.01.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород