The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability 12750

WordPress: information disclosure via Advanced XML Reader

Synthesis of the vulnerability

An attacker can use an external XML entity in Advanced XML Reader of WordPress, in order to obtain sensitive information.
Impacted products: WordPress Plugins ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 03/05/2013.
Identifiers: BID-59618, VIGILANCE-VUL-12750.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature thus must be disabled to process XML data coming from an untrusted source.

However, the Advanced XML Reader plugin allows external entities.

An attacker can therefore transmit malicious XML data to Advanced XML Reader, in order to force it to include a file, which can then be returned to the attacker.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-1952

Xen: denial of service via VT-d MSI

Synthesis of the vulnerability

An attacker, who is located in a guest system, can remap interruptions of a device, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 02/05/2013.
Identifiers: BID-59617, CERTA-2013-AVI-290, CTX137657, CVE-2013-1952, DSA-2666-1, FEDORA-2013-7426, FEDORA-2013-7432, openSUSE-SU-2013:1392-1, openSUSE-SU-2013:1404-1, SUSE-SU-2013:1075-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-12749, XSA-49.

Description of the vulnerability

A system using an Intel VT-d processor, can use the PCI Passthrough feature, so a device supporting Bus Mastering is accessible for guest systems.

However, in this configuration, the origin of interruption remapping queries is not checked.

An attacker, who is located in a guest system, can therefore remap interruptions of a device, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-1234

Cisco IOS XR: denial of service via SNMP

Synthesis of the vulnerability

An attacker can send malformed SNMP packets to Cisco IOS XR, in order to trigger a denial of service.
Impacted products: Cisco ASR, IOS XR Cisco.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 02/05/2013.
Identifiers: BID-59636, CSCue69472, CVE-2013-1234, VIGILANCE-VUL-12748.

Description of the vulnerability

An attacker can send malformed SNMP packets to Cisco IOS XR, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-1918

Xen: denial of service via non-preemption

Synthesis of the vulnerability

An attacker, who is located in a guest system, can use some complex operations, in order to trigger a denial of service of Xen.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 02/05/2013.
Identifiers: BID-59615, CERTA-2013-AVI-290, CTX137657, CVE-2013-1918, DSA-2666-1, FEDORA-2013-7426, FEDORA-2013-7432, openSUSE-SU-2013:1392-1, openSUSE-SU-2013:1404-1, SUSE-SU-2013:1075-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-12747, XSA-45.

Description of the vulnerability

Xen implements several complex operations in the following files:
  xen/common/compat/domain.c
  xen/common/domain.c
  xen/common/domctl.c
  xen/arch/x86/domain.c
  xen/arch/x86/hvm/hvm.c
  xen/arch/x86/hvm/vlapic.c
  xen/arch/x86/mm.c
  xen/arch/x86/traps.c
  xen/arch/x86/x86_64/compat/mm.c

However, these operations are not preemptible, so they cannot be interrupted during their processing.

An attacker, who is located in a guest system, can therefore use some complex operations, in order to trigger a denial of service of Xen.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-1156 CVE-2013-1157 CVE-2013-1158

Cisco Prime Central for Hosted Collaboration Solution: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Cisco Prime Central for Hosted Collaboration Solution.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 02/05/2013.
Identifiers: BID-59632, BID-59635, BID-59696, BID-59697, BID-59702, CSCud51034, CSCud51068, CSCud54397, CSCud56706, CSCud56743, CVE-2013-1156, CVE-2013-1157, CVE-2013-1158, CVE-2013-1159, CVE-2013-1160, VIGILANCE-VUL-12746.

Description of the vulnerability

Several vulnerabilities were announced in Cisco Prime Central for Hosted Collaboration Solution.

An attacker can traverse a directory, in order to read a file. [severity:2/4; BID-59702, CSCud51034, CVE-2013-1156]

An attacker can trigger a Cross Site Scripting of ITM Java Servlet Container, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59632, CSCud51068, CVE-2013-1157]

An attacker can trigger a Cross Site Scripting in ITM Help Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59635, CSCud54397, CVE-2013-1158]

An attacker can trigger a Cross Site Scripting in NCI Web Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59697, CSCud56706, CVE-2013-1159]

An attacker can trigger a Cross Site Scripting in OpenView Web Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59696, CSCud56743, CVE-2013-1160]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-1196

Cisco Prime, Secure ACS: privilege escalation

Synthesis of the vulnerability

An attacker can format special commands for Cisco Prime and Secure ACS, in order to escalate his privileges.
Impacted products: Prime Collaboration Assurance, Prime Collaboration Manager, Cisco Prime LMS, Prime Network Control Systems, Secure ACS.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 02/05/2013.
Identifiers: CSCug13866, CSCug29384, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, CSCug29426, CVE-2013-1196, VIGILANCE-VUL-12745.

Description of the vulnerability

An attacker can format special commands for Cisco Prime and Secure ACS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-1961

libtiff: buffer overflow of tiff2pdf t2p_write_pdf_page

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Impacted products: Debian, Fedora, LibTIFF, openSUSE, Solaris, RHEL, Slackware.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 02/05/2013.
Identifiers: 952131, BID-59607, CERTFR-2014-AVI-112, CVE-2013-1961, DLA-610-1, DLA-610-2, DSA-2698-1, FEDORA-2013-7361, FEDORA-2013-7369, MDVSA-2013:208, openSUSE-SU-2013:0812-1, openSUSE-SU-2013:0812-2, openSUSE-SU-2013:0922-1, openSUSE-SU-2013:0944-1, RHSA-2014:0222-01, RHSA-2014:0223-01, SSA:2013-290-01, VIGILANCE-VUL-12744.

Description of the vulnerability

The tiff2pdf tool of the libtiff suite is used to convert a TIFF image to a PDF document.

The t2p_write_pdf_page() function of the tiff2pdf.c file generates a PDF Page object. The PDF MediaBox field defines the page area containing data. Its values are generated using the sprintf() function which writes in a 16 bytes array. However, if the TIFF image uses large sizes, a buffer overflow occurs.

An attacker can therefore invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-1960

libtiff: buffer overflow of tiff2pdf t2_process_jpeg_strip

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Impacted products: Debian, Fedora, LibTIFF, openSUSE, Solaris, RHEL, Slackware.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 02/05/2013.
Identifiers: 952158, BID-59609, CERTFR-2014-AVI-112, CVE-2013-1960, DSA-2698-1, FEDORA-2013-7361, FEDORA-2013-7369, MDVSA-2013:208, openSUSE-SU-2013:0812-1, openSUSE-SU-2013:0812-2, openSUSE-SU-2013:0922-1, openSUSE-SU-2013:0944-1, RHSA-2014:0222-01, RHSA-2014:0223-01, SSA:2013-290-01, VIGILANCE-VUL-12743.

Description of the vulnerability

The tiff2pdf tool of the libtiff suite is used to convert a TIFF image to a PDF document.

The t2_process_jpeg_strip() function of the tiff2pdf.c file processes the strip encoding of image data. However, if the TIFF image uses invalid values, a buffer overflow occurs.

An attacker can therefore invite the victim to open a malicious TIFF image with tiff2pdf, in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2008-4796

Snoopy: execution of a Shell command

Synthesis of the vulnerability

An attacker can use a special https uri, in applications including Snoopy, in order to execute a Shell command.
Impacted products: Debian, Fedora, Nagios Open Source, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 02/05/2013.
Identifiers: CERTFR-2016-AVI-256, CVE-2008-4796, DSA-1691-1, DSA-1871-1, DSA-1871-2, FEDORA-2008-9257, FEDORA-2008-9304, FEDORA-2008-9502, FEDORA-2008-9508, FEDORA-2008-9903, VIGILANCE-VUL-12742.

Description of the vulnerability

The Snoopy class implements a web client in PHP. It is used by several products (Moodle, Nagios, WordPress, etc.).

The _httpsrequest() function of Snoopy calls the exec() function, which runs a Curl command line, to download the document. However, the url to download is directly inserted in the command line, with no filtering.

An attacker can therefore use a special https uri, in applications including Snoopy, in order to execute a Shell command.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-2029

Nagios: file corruption via nagios.upgrade_to_v3.sh

Synthesis of the vulnerability

When the administrator runs the nagios.upgrade_to_v3.sh script, a local attacker can create a symbolic link, in order to corrupt a file with root privileges.
Impacted products: Fedora, Nagios Open Source, RHEL.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 02/05/2013.
Identifiers: 958015, BID-59596, CVE-2013-2029, FEDORA-2013-10950, RHSA-2013:1526-01, VIGILANCE-VUL-12741.

Description of the vulnerability

The nagios.upgrade_to_v3.sh script is installed by some Linux distributions, in order to migrate Nagios to a recent version.

However, this script uses a predictable filename (/tmp/nagioscfg.$$.tmp) to store the configuration.

When the administrator runs the nagios.upgrade_to_v3.sh script, a local attacker can therefore create a symbolic link, in order to corrupt a file with root privileges.
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2892