Next Page >>
Attack Vector
Microsoft Windows Kernel is prone to a local privilege escalation due to
an integer overflow error within the IopfCompleteRequest function. This
vulnerability may allow attackers to execute arbitrary code in the
kernel context, thus allowing to escalate privileges to SYSTEM. However,
the attack vector needed for taking advantage of this weakness has not
been identified on a out-of-box Windows installation. Therefore, a
third-party application is, so far, the unique possible attack vector
to exploit this issue.
This advisory covers the attack vector found in a widely extended
Severity Rating:
Severity: Medium
Impact: Denial of Service
Attack Vector: Local
CVSS v2:
Base Score: 4.9
Temporal Score: 3.8
Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C)
Product. Plume CMS
Platform. Independent
Affected versions. 1.2.3 (verified), possibly others
Severity Rating. High
Impact. Manipulation of data
Attack Vector. Remote with authentication
Solution Status. Unpatched
CVE reference. Not yet allocated
Details.
Platform. Microsoft Windows
Affected versions. 2.2.14 verified and
possibly others.
Severity Rating. High
Impact. System access
Attack Vector. Remote
Solution Status. Upgrade to 2.2.15 (as advised by
Apache)
CVE reference. CVE-2010-0425
Details.
Vulnerabily: Internal IP Address Disclosure
Vendor: Cisco Systems, Inc. http://www.cisco.com
Product URL: http://www.cisco.com/en/US/products/ps7314/
Author: nitrus [ Alejandro Hernandez H. ]
Discovery Date: 24/Aug/2009
Attack Vector: Remote
CVSS v2 Base Score: 5 (Medium) [ AV:N/AC:L/Au:N/C:P/I:N/A:N ]
Class: I think, it's a Design problem on the error messages' handling
Security Advisory: MVSA-10-009 / CVE-2010-0155
Vendor: IBM
Products: Proventia Network Mail Security System
Vulnerabilities: CRLF Injection
Risk: Medium
Attack Vector: From Remote
Authentication: Required
Reference: http://www.ventuneac.net/security-advisories/MVSA-10-009
Vulnerabilities: Java Class Path Information Disclosure
Risk: Medium
Attack Vector: From Remote
Authentication: Not Required
References:
http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
Product. BackWPUp
Platform. WordPress
Affected versions. 2.1.4
Severity Rating. High
Impact. System access
Attack Vector. Remote without authentication
Solution Status. Upgrade to 2.1.5
CVE reference. Not yet assigned
Details.
========
---[ Severity Rating ]
Severity: Medium
Impact: Denial of Service
Attack Vector: Local
CVSS v2:
Base Score: 4.7
Temporal Score: 3.7
Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C)
Affected versions. 9.3.4 verified and
possibly others.
Severity Rating. Medium
Impact. Denial of service, potentially
code execution.
Attack Vector. Local system
Solution Status. Upgrade to 9.4 (as advised by
Adobe)
CVE reference. CVE-2010-3630
Details.
CVE: CVE-2011-4025
Vendor: EllisLab
Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3
Vulnerabilities: xss_clean filter bypass, leading to Cross-Site Scripting (XSS)
Risk: High
Attack Vector: From Remote
Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html
1. Description
verified and possibly others.
Other vendors which have OEM'd the
client.
Severity Rating. High
Impact. System access
Attack Vector. Local
Solution Status. Fixed in 10.8.9 (unverified)
CVE reference. Not currently assigned
Details.
SafeNet SoftRemote is an IPsec VPN client that sets up a secure
Vulnerability Id: CVE-2007-5116
Vulnerability Scope: global (not OpenPKG specific)
Attack Feasibility: run-time
Attack Vector: remote network
Attack Impact: arbitrary code execution
Description:
Will Drewry and Tavis Ormandy of the Google Security Team have
discovered a UTF-8 related heap overflow in the regular expression
---[ Severity Rating ]
Severity: Medium
Impact: Denial of Service
Attack Vector: Local
CVSS v2:
Base Score: 4.9
Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Product. Securimage / PHPCaptcha
Platform. PHP
Affected versions. 1.0.4 - 2.0.2
Severity Rating. Medium
Impact. Authentication bypass
Attack Vector. Remote without authentication
Solution Status. Vendor workaround
(remove securimage_play.php)
CVE reference. Not yet assigned
Details.
Vendor: Google
Service: Google Message Security SaaS (powered by Postini)
- Message Center II
Vulnerabilities: SQL Injection
Risk: High
Attack Vector: From Remote
Authentication: Required
Reference: http://www.ventuneac.net/security-advisories/MVSA-10-001
http://secureappdev.blogspot.com/2010/09/testing-google-message-security-saas.html
Vulnerabilities: Multiple Reflected XSS in XWork error pages
Risk: High
Attack Vector: From Remote
Authentication: Not Required
References:
- http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html
Product URL:
http://us.trendmicro.com/us/products/enterprise/data-loss-prevention/index.html
Author: nitrus [ Alejandro Hernandez H. ]
Discovery Date: 09/Sept/2009
Disclosure Date: 01/Jun/2010
Attack Vector: Local
Attack Channels: Some HTTP/HTTPS non-analyzed channels
Impact: Data Theft / Data Leakage / Data Loss
Risk: Medium
Platform. IIS with ASP.NET
Affected versions. v6.7 verified and
possibly others.
Severity Rating. High
Impact. Application "System" user access
Attack Vector. Remote without authentication
Solution Status. Vendor patch
CVE reference. Not yet assigned
Details.
The web application uses cookie parameters passed via HTTP
Attack Impact:
--------------
* Denial-of-service (reboot or hang-up) and possibly remote arbitrary
code execution
Attack Vector:
--------------
* Unauthenticated wireless device
Timeline:
---------
Security Advisory: MVSA-10-007 / CVE-2010-0152
Vendor: IBM
Products: Proventia Network Mail Security System
Vulnerabilities: Multiple Cross-Site Scripting (XSS)
Risk: High
Attack Vector: From Remote
Authentication: Not Required/Required
Reference: http://www.ventuneac.net/security-advisories/MVSA-10-007
Attack Impact:
--------------
* Denial-of-service and possibly remote arbitrary code execution
Attack Vector:
--------------
* Have access as a RADIUS client (knowing or guessing the RADIUS shared
secret) or from an unauthenticated wireless device if the access point
relays malformed EAP frames
---[ Severity Rating ]
Severity: Medium
Impact: Cross-Site Scripting, installation path disclosure
Attack Vector: Remote
CVSS v2:
Base Score: 4.3
Temporal Score: 3.4
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N/E:P/RL:O/RC:C)
Product. Collaborative Passwords Manager (cPassMan)
Platform. Independent (PHP)
Affected versions. 1.82 (verified), and possibly others
Severity Rating. Medium
Impact. Local file system access
Attack Vector. Remote without authentication
Solution Status. Upgrade to v2.0, v1.x branch no longer
updated
CVE reference. Not yet assigned
Details.
Product. Piwigo
Platform. Independent
Affected versions. 2.0.0 (verified), possibly others
Severity Rating. Medium
Impact. Manipulation of data
Attack Vector. Remote without authentication
Solution Status. Upgrade to 2.0.3
CVE reference. Not yet assigned
Details.
Platform. Microsoft Windows
Affected versions. 4.65.003, 4.51.001 verified and
possibly others.
Severity Rating. High
Impact. System access
Attack Vector. Local
Solution Status. Vendor patch
CVE reference. Not yet assigned
Details.
TheGreenBow is an IPsec VPN client that sets up a secure channel
Attack Impact:
--------------
* Denial-of-service (reboot or hang-up) and possibly remote arbitrary
code execution
Attack Vector:
--------------
* Unauthenticated wireless device for WPA/WPA2-PSK and EAP-based
authenticated wireless device for WPA/WPA2-EAP
Timeline:
Product. XOOPS
Platform. Independent
Affected versions. 2.3.3 (verified), possibly others
Severity Rating. Medium
Impact. Cookie/credential theft, impersonation, loss of confidentiality
Attack Vector. Remote
Solution Status. Vendor patch
CVE reference. Not yet assigned
Severity Rating. Medium - Low
Impact. Database access, cookie and credential
theft, impersonation, loss of
confidentiality, local file disclosure,
information disclosure.
Attack Vector. Remote with authentication
Solution Status. Vendor patch (upgrade to CuOM 8.6 as
advised by Cisco)
CVE reference. CVE-2011-0959 (CSCtn61716)
CVE-2011-0960 (CSCtn61716)
CVE-2011-0961 (CSCto12704)
Security Advisory: MVSA-10-008 / CVE-2010-0154
Vendor: IBM
Products: Proventia Network Mail Security System
Vulnerabilities: Insecure Direct Object Reference
Risk: Medium
Attack Vector: From Remote
Authentication: Required
Reference: http://www.ventuneac.net/security-advisories/MVSA-10-008
Next Page>>
|
