Next Page >>
protection
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities
EMC Identifier: ESA-2012-018, DPA-14718
CVE Identifier: CVE-2012-0406
CVE Identifier: CVE-2012-0407
Severity Rating: CVSS v2 Base Score: See below for CVSS Base Scores for individual issues.
. Internet Explorer 7 on Windows XP sp2
. Internet Explorer 7 on Windows XP sp3
. Internet Explorer 7 on Windows Vista sp1
. Internet Explorer 7 on Windows Vista sp2
. Internet Explorer 7 on Windows Server 2003 sp2 if
Protected Mode is OFF and not using Enhanced Security Configuration
. Internet Explorer 7 on Windows Server 2008 i
if Protected Mode is OFF and
not using Enhanced Security Configuration
. Internet Explorer 8 on Windows XP sp2
. Internet Explorer 8 on Windows XP sp3
Mathcad Security Vulnerability Briefing - CVE-2007-4600
Synopsis of Vulnerability
==========================
The ‘Protect Worksheet’ functionality, used to protect sections Mathcad sheets from alterations, in versions 12 through 14 is easily bypassed allowing access to the protected data due to the implementation of the file format used to save the files.
Background on Mathcad
======================
Mathcad (http://www.ptc.com/appserver/mkt/products/home.jsp?k=3901) is used to perform, document and share calculation and design work. The unique Mathcad visual format and scratchpad interface integrate standard mathematical notation, text and graphs in a single worksheet - making Mathcad ideal for knowledge capture, calculation reuse, and engineering collaboration.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability
EMC Identifier: ESA-2011-010
CVE Identifier: CVE-2011-1420
Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA Desktop Management Suite 11.2
CA Desktop Management Suite 11.1
CA Protection Suites r2
CA Protection Suites 3.0
CA Protection Suites 3.1
Affected Platforms:
ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-249
August 9, 2011
-- CVSS:
6.4, (AV:N/AC:L/Au:N/C:P/I:P/A:N)
-- Affected Vendors:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability.
EMC Identifier: ESA-2011-021
CVE Identifier: CVE-2011-1742
Severity Rating: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
IV - CONCLUSION
The goal of the project is interesting, but how it was
made, can't conduct to its success. For example,
SQL Injections with quotes are protected by doing the
same thing as magic_quotes_gpc, this didn't resolve its
problems.
Before doing something which depends on what the user
has sent, we must analyze all data before using them.
Affected products :
The vulnerabilities have been fixed in Norman's compression library (NCL) 5.99.07,
relased on Norman's Internet update servers as an automatic update 03 June 2009.
This solves the vulnerability for all updated Norman's products except for
Norman Network Protection
- Norman Virus Control single user and corporate versions
- Norman Internet Control
- Norman Virus Control E-mail plugins
- Norman Endpoint Protection
| special header with the victim's IP. |
| The attacker is logged in as the victim's |
| account. |
+--------------------------------------------+
As you can see, even if the victim is protected against
XSS, it's always possible to get adminitrator rights with
this type of attack, we juste use the "meta" and "img" tags.
SUMMARY
=======
SafeNet Inc.'s Sentinel Protection Server and Sentinel Keys Server
products include web servers which are vulnerable to directory
traversal attacks. A remote attacker could exploit these
vulnerabilities to read arbitrary files with the permissions of the web
server, typically SYSTEM.
AFFECTED SOFTWARE
Summary: Introduction
Blind SQL Injection
Insecure SQL Password Usage
Admin Session Hijacking
Deep Recursion Protection Bypass
Code Execution
Miscellanious
Risk level: Medium / High
CVE: ----------
Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows SP3 and prior*
CA ARCserve Backup r11.1 Windows*
CA ARCserve Backup r11.1 Netware*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
------------------------------
1. Cross-Site Request Forgery.
------------------------------
Taking in account that in plugin WordPress Database Backup there is no
protection against CSRF, then with help of this CSRF vulnerability it's
possible to attack admin. It can be done for forcing of backup, in order to
get the backup of site's DB via earlier mentioned Information Leakage
vulnerability, or for the purpose of creating of large number of backup
files, to occupy free space at the server. Or in order to receive backup on
email. These CSRF-attacks are possible if plugin WP-DB-Backup is activated.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Technical details:
* No Cross-Site-Request-Forgery (XSRF) protection (CVE-2009-3580)
The forms in SQL-Ledger are not protected against XSRF. They include the username
in the hidden field »login«, though, which has to be specified correctly. An
attacker is thus required to know the login name – it can be guessed, brute-forced
or retrieved using a Cross-Site-Scripting attack, though.
An example attack would be to send the following link to the user which unknowningly
Symantec Veritas Traffic Director
Symantec Veritas NetBackup
Symantec Veritas Storage Foundation
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8265.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
thanks for the feedback.
From: "Naujoks, Hans-Dietmar" <Hans-Dietmar.Naujoks@tuev-sued.de>
> I think Microsoft does not consider metadata attached to a document as
> part of the document and so they decided not to include it in the
> content protected by the certificate.
Considering that the MetaData not protected by the signature contains
among others:
1.) Author
2.) Dates of creation and last change
thanks for the feedback.
From: "Naujoks, Hans-Dietmar" <Hans-Dietmar.Naujoks@tuev-sued.de>
> I think Microsoft does not consider metadata attached to a document as
> part of the document and so they decided not to include it in the
> content protected by the certificate.
Considering that the MetaData not protected by the signature contains
among others:
1.) Author
2.) Dates of creation and last change
> thanks for the feedback.
>
> From: "Naujoks, Hans-Dietmar" <Hans-Dietmar.Naujoks@tuev-sued.de>
>> I think Microsoft does not consider metadata attached to a document as
>> part of the document and so they decided not to include it in the
>> content protected by the certificate.
>
> Considering that the MetaData not protected by the signature contains
> among others:
> 1.) Author
> 2.) Dates of creation and last change
-- Affected Products:
Ipswitch IMail
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 10000.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
and products are affected, however there is no plan to patch, the
patch will come or will not come - sometime in the future.
You are encouraged to read the time line and draw your own conclusions.
Desktop Protection
* avast! 4 Professional (impact low, reason real-time protection)
* avast! 4 Home Edition (impact low, reason real-time protection)
* avast! Pro Family pack (impact low, reason real-time protection)
* avast! WHS Edition (impact low, reason real-time protection)
Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows*
CA ARCserve Backup r11.1 Windows*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows*
CA ARCserve Backup r11.1 Windows*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
r11.5)
CA ARCserve Backup r11.1 (formerly BrightStor ARCserve Backup
r11.1)
CA ARCserve Backup r11.0 (formerly BrightStor ARCserve Backup
r11.0)
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
Product Coverage
================
- Solutions based on F-Secure Protection Service for Consumers version 9
- Solutions based on F-Secure Protection Service for Business -
Workstation security version 9
- Solutions based on F-Secure Protection Service for Business -
Email and Server Security version 9
- Solutions based on F-Secure Protection Service for Business -
-- Affected Products:
IBM Informix
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5937.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Affected Products:
RealNetworks Helix Server
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 6378.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
-- Affected Products:
Apple Quicktime
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8443.
For further product information on the TippingPoint IPS, visit:
http://www.tippingpoint.com
Next Page>>
|
