| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
Joomla 2.5: two vulnerabilities
Synthesis of the vulnerability
An attacker can use two vulnerabilities of Joomla, in order to elevate his privileges or to change a user's password.
Impacted products: Joomla! Core.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/03/2012.
Identifiers: 20120303, 20120304, 20120305, BID-52534, BID-52535, CVE-2012-1562, CVE-2012-1563, CVE-2012-1598, VIGILANCE-VUL-11449.
Description of the vulnerability
Two vulnerabilities were announced in Joomla.
An attacker can elevate his privileges. [severity:3/4; 20120303, BID-52534, CVE-2012-1563]
The password reset feature does not use a challenge which is sufficiently random, so an attacker can change a user's password. [severity:3/4; 20120304, 20120305, BID-52535, CVE-2012-1562, CVE-2012-1598]
Full Vigil@nce bulletin... (Free trial) |
EMC NetWorker: denial of service of nsrexecd via hash
Synthesis of the vulnerability
An attacker can send malformed RPC data to nsrexecd, in order to stop it.
Impacted products: NetWorker.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 15/03/2012.
Identifiers: BID-52506, VIGILANCE-VUL-11447.
Description of the vulnerability
The EMC NetWorker server connects to nsrexecd daemons which are installed on clients. This daemon processes RPC queries, and opens a dynamic port which is superior to 8000 in most cases.
A hash is computed on data received on this dynamic port. However, if these data are malformed, the hash computation is done at an invalid memory address, so nsrexecd stops.
An attacker can therefore send malformed RPC data to nsrexecd, in order to stop it.
Full Vigil@nce bulletin... (Free trial) |
Altiris WISE Package Studio: SQL injection
Synthesis of the vulnerability
An attacker who is authenticated on Altiris WISE Package Studio can use a SQL injection, in order to alter the content of the database.
Impacted products: Wise Package Studio.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: user account.
Creation date: 14/03/2012.
Identifiers: BID-52392, CVE-2012-0293, SYM12-005, VIGILANCE-VUL-11446.
Description of the vulnerability
The Altiris WISE Package Studio product uses a database to store its information.
An attacker who is authenticated on Altiris WISE Package Studio can use a SQL injection, in order to alter the content of the database.
Full Vigil@nce bulletin... (Free trial) |
McAfee Email and Web Security, Email Gateway: seven vulnerabilities
Synthesis of the vulnerability
An attacker can use seven vulnerabilities of McAfee Email and Web Security, and McAfee Email Gateway, in order to obtain information or to access to a user account.
Impacted products: McAfee Email and Web Security, McAfee Email Gateway.
Severity: 3/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 14/03/2012.
Identifiers: BID-52487, CVE-2012-4580, CVE-2012-4581, CVE-2012-4582, CVE-2012-4583, CVE-2012-4584, CVE-2012-4585, CVE-2012-4586, NGS00153, NGS00154, NGS00155, NGS00156, NGS00157, NGS00158, NGS00159, SB10020, VIGILANCE-VUL-11445.
Description of the vulnerability
Seven vulnerabilities were announced in McAfee Email and Web Security, and McAfee Email Gateway.
An attacker can create a Cross Site Scripting via the Management Console/Dashboard. [severity:2/4; CVE-2012-4580, NGS00153]
Users which do not click on "logout", and which close their browser window, are displayed as logged out, whereas they still have a valid session cookie. [severity:2/4; CVE-2012-4581, NGS00154]
An authenticated attacker can reset the password of other users. [severity:3/4; CVE-2012-4582, NGS00155]
An attacker can use the Dashboard, in order to access to session tokens of users. [severity:3/4; CVE-2012-4583, NGS00156]
Password hashes can be retrieved from backups. [severity:2/4; CVE-2012-4584, NGS00157]
An authenticated attacker can download a file from the system. [severity:2/4; CVE-2012-4585, NGS00158]
An authenticated attacker can read a file with root privileges. [severity:2/4; CVE-2012-4586, NGS00159]
Full Vigil@nce bulletin... (Free trial) |
Cisco Catalyst: denial of service of FWSM via PIM
Synthesis of the vulnerability
When multicast routing is enabled, an attacker can send a malicious PIM message to Cisco Catalyst 6500 Series Firewall Services Module, in order to restart the system.
Impacted products: Cisco Catalyst.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 14/03/2012.
Identifiers: BID-52481, cisco-sa-20120314-fwsm, CSCtu97367, CVE-2012-0356, VIGILANCE-VUL-11444.
Description of the vulnerability
The PIM (Protocol Independent Multicast) protocol is used to configure multicast routes.
When multicast routing is enabled, an attacker can send a malicious PIM message to Cisco Catalyst 6500 Series Firewall Services Module, in order to restart the system.
Full Vigil@nce bulletin... (Free trial) |
Cisco ASA, IE: buffer overflow of the cscopf.ocx ActiveX
Synthesis of the vulnerability
An attacker can create an HTML page calling the Cisco ASA cscopf.ocx ActiveX, and then invite the victim to display this page, in order to execute code on his Windows workstation.
Impacted products: ASA, IE.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 14/03/2012.
Identifiers: 2695962, BID-52482, CERTA-2012-AVI-144, cisco-sa-20120314-asaclient, CSCtr00165, CVE-2012-0358, VIGILANCE-VUL-11443, VU#339177.
Description of the vulnerability
The Cisco Clientless VPN feature uses an ActiveX, which creates a VPN tunnel from a Windows computer (Internet Explorer) to the firewall. This ActiveX is provided by Cisco ASA.
However, this ActiveX (cscopf.ocx) does not check the size of data, so a buffer overflow occurs.
An attacker can therefore create an HTML page calling the cscopf.ocx ActiveX, and then invite the victim to display this page, in order to execute code on his Windows workstation.
It can be noted that this vulnerability is inside an ActiveX provided by ASA, but this vulnerability does not impact ASA.
Full Vigil@nce bulletin... (Free trial) |
Cisco ASA, Catalyst ASASM: four denials of service
Synthesis of the vulnerability
An attacker can create four denials of service in Cisco ASA 5500 and Cisco Catalyst 6500 Series ASA Services Module (ASASM).
Impacted products: ASA, Cisco Catalyst.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 14/03/2012.
Identifiers: 25200, BID-52481, BID-52484, BID-52488, BID-52489, CERTA-2012-AVI-149, CERTA-2012-AVI-150, cisco-sa-20120314-asa, CSCtq10441, CSCtr47517, CSCts39634, CSCtw35765, CVE-2012-0353, CVE-2012-0354, CVE-2012-0355, CVE-2012-0356, VIGILANCE-VUL-11442.
Description of the vulnerability
Four denials of service were announced in Cisco ASA 5500 and Cisco Catalyst 6500 Series ASA Services Module (ASASM).
An attacker can send a sequence of UDP packets, in order to create an error in the inspection engine, which restarts the firewall. [severity:3/4; BID-52484, CERTA-2012-AVI-150, CSCtq10441, CVE-2012-0353]
When the Threat Detection feature is enabled with the "shun" option, an attacker can send IP packets creating an error, which restarts the firewall. [severity:3/4; 25200, BID-52489, CSCtw35765, CVE-2012-0354]
An attacker can create an error during the NAT creation, in order to generate the syslog 305006 message, which restarts the firewall. [severity:3/4; BID-52488, CSCts39634, CVE-2012-0355]
When multicast routing is enabled, an attacker can send a PIM message, in order to restart the firewall (VIGILANCE-VUL-11444). [severity:3/4; BID-52481, CERTA-2012-AVI-149, CSCtr47517, CVE-2012-0356]
Full Vigil@nce bulletin... (Free trial) |
Windows, IE: vulnerabilities of ActiveX
Synthesis of the vulnerability
An attacker can create an HTML page calling vulnerable ActiveX, and then invite the victim to display this page, in order to execute code on his computer.
Impacted products: IE.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 14/03/2012.
Identifiers: 2647518, VIGILANCE-VUL-11441.
Description of the vulnerability
Several vulnerabilities were announced in ActiveX.
A web page can call the Biostat SamplePower ActiveX, in order to execute code on victim's computer. [severity:3/4]
A web page can call the Blueberry Software Flashback Component ActiveX, in order to execute code on victim's computer. [severity:3/4]
A web page can call the HP Photo Creative ActiveX, in order to execute code on victim's computer. [severity:3/4]
An attacker can therefore create an HTML page calling vulnerable ActiveX, and then invite the victim to display this page, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial) |
libpng: buffer overflow via png_inflate
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious PNG image with an application linked to libpng, in order to create an integer overflow, which stops the application, or leads to code execution.
Impacted products: Debian, Fedora, libpng, Mandriva Linux, openSUSE, RHEL, Slackware.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 14/03/2012.
Identifiers: 799000, BID-52453, CERTA-2012-AVI-164, CERTA-2012-AVI-170, CVE-2011-3045, DSA-2439-1, FEDORA-2012-3536, FEDORA-2012-3545, FEDORA-2012-3705, FEDORA-2012-3739, MDVSA-2012:033, openSUSE-SU-2012:0432-1, openSUSE-SU-2012:0466-1, RHSA-2012:0407-01, SSA:2012-206-01, VIGILANCE-VUL-11440.
Description of the vulnerability
The libpng library processes PNG images. It is used by several applications.
The png_inflate() function of the pngrutil.c file uncompresses a PNG image. When the storage area is shorter than the available size, the size of the copy is shortened. However, the computation of this size can overflow, and leads to the copy of a large memory area.
An attacker can therefore invite the victim to open a malicious PNG image with an application linked to libpng, in order to create an overflow, which stops the application, or leads to code execution.
Full Vigil@nce bulletin... (Free trial) |
Firefox, Thunderbird, SeaMonkey: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities of Firefox, Thunderbird and SeaMonkey can be used by an attacker to execute code on victim's computer.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, client access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 14/03/2012.
Identifiers: BID-52455, BID-52456, BID-52457, BID-52458, BID-52459, BID-52460, BID-52461, BID-52463, BID-52464, BID-52465, BID-52466, BID-52467, CERTA-2012-AVI-142, CVE-2012-0451, CVE-2012-0454, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464, DSA-2433-1, DSA-2437-1, FEDORA-2012-5028, MDVSA-2012:031, MDVSA-2012:032, MDVSA-2012:032-1, MFSA 2012-12, MFSA 2012-13, MFSA 2012-14, MFSA 2012-15, MFSA 2012-16, MFSA 2012-17, MFSA 2012-18, MFSA 2012-19, openSUSE-SU-2012:0417-1, openSUSE-SU-2012:0567-1, openSUSE-SU-2014:1100-1, RHSA-2012:0387-01, RHSA-2012:0388-01, SUSE-SU-2012:0424-1, SUSE-SU-2012:0425-1, VIGILANCE-VUL-11439.
Description of the vulnerability
Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.
An attacker can use a freed memory area in shlwapi.dll, which leads to code execution. [severity:4/4; BID-52455, CVE-2012-0454, MFSA 2012-12]
An attacker can invite the victim to drop a "javascript:" link in a frame, in order to execute a Cross Site Scripting. [severity:2/4; BID-52458, CVE-2012-0455, MFSA 2012-13]
An attacker can create a SVG animation, which leads to a denial of service or to code execution. [severity:4/4; BID-52459, BID-52461, CVE-2012-0456, CVE-2012-0457, MFSA 2012-14]
An attacker can use several CSP (Content Security Policy) headers, in order to create a Cross Site Scripting. [severity:2/4; BID-52463, CERTA-2012-AVI-142, CVE-2012-0451, MFSA 2012-15]
An attacker can invite the victim to use a "javascript:" uri as home page, in order to generate errors, which lead to code execution in the "about:sessionrestore" context. [severity:3/4; BID-52460, CVE-2012-0458, MFSA 2012-16]
An attacker can dynamically change a cssText, in order to corrupt the memory, and to execute code. [severity:4/4; BID-52457, CVE-2012-0459, MFSA 2012-17]
An attacker can set window.fullScreen, in order to change the victim's desktop, and to deceive him. [severity:2/4; BID-52456, CVE-2012-0460, MFSA 2012-18]
An attacker can generate several memory corruptions, leading to code executions. [severity:4/4; BID-52464, BID-52465, BID-52466, BID-52467, CVE-2012-0461, CVE-2012-0462, CVE-2012-0463, CVE-2012-0464, MFSA 2012-19]
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2846
|