VARIoT IoT vulnerabilities database

Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. Advantech Studio (AStudio) is an automated software tool that contains all the basic components for data acquisition and control. Advantech Studio has a directory traversal vulnerability. Advantech Studio and Indusoft Web Studio are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Versions Advantech Studio/Indusoft Web Studio 7.0 and prior are vulnerable. The tool supports real-time dynamic graphic images, uses a browser to view trends, alarms, reports, imports or exports reports and real-time data in XML format, etc

Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM3530 with firmware before 53.190.9, Color LaserJet CM60xx with firmware before 52.210.9, Color LaserJet CP3525 with firmware before 06.140.3 18, Color LaserJet CP4xxx with firmware before 07.120.6, Color LaserJet CP6015 with firmware before 04.160.3, LaserJet P3015 with firmware before 07.140.3, and LaserJet P4xxx with firmware before 04.170.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. There are security holes in HP laser printers and color laser printers from multiple Hewlett-Packard companies. Allows an attacker to exploit a vulnerability for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Multiple HP printers are prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03556108 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03556108 Version: 1 HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-12-03 Last Updated: 2012-12-03 Potential Security Impact: Cross-site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet and Color LaserJet printers. References: CVE-2012-3272 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. To obtain the firmware, go to http://www.hp.com and follow these steps. Click on Support and Drivers Use the Drivers & Software tab and enter the impacted product number and search for that product Select the product Select the operating system Select and download the Firmware version listed, or a later version, if available Product Number Firmware Version HP Color LaserJet CM3530 Update to version 53.190.9 21 Aug 2012 or later HP Color LaserJet CM6030 Update to version 52.210.9 21 Aug 2012 or later HP Color LaserJet CM6040 Update to version 52.210.9 21 Aug 2012 or later HP Color LaserJet CP3525 Update to version 06.140.3 18 18 Jul 2012 or later HP Color LaserJet CP4025 Update to version 07.120.6 21 Aug 2012 or later HP Color LaserJet CP4525 Update to version 07.120.6 21 Aug 2012 or later HP Color LaserJet CP6015 Update to version 04.160.3 18 Jul 2012 or later HP LaserJet P3015 Update to version 07.140.3 18 Jul 2012 or later HP LaserJet P4014 Update to version 04.170.3 18 Jul 2012 or later HP LaserJet P4015 Update to version 04.170.3 18 Jul 2012 or later HP LaserJet P4515 Update to version 04.170.3 18 Jul 2012 or later HISTORY Version:1 (rev.1) - 3 December 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlC89IUACgkQ4B86/C0qfVkLXQCg96zP/umFE7UxvpCjaVZCejRs gM8AoPyEVtyJEIoWEQqsugnrkljoki3u =FDjD -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Certain unspecified input is not properly sanitised before being returned to the user. Please see the vendor's advisory for the list of affected devices. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dominic Sim, KPMG. ORIGINAL ADVISORY: HPSBPI02828 SSRT100778: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03556108 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. There is a vulnerability in freeSSHd.exe in freeSSHd 1.2.6. freeSSHd is a free SSH server on the Windows platform. There are vulnerabilities in freeSSHd 2.1.3, and other versions may be affected

FreeFTPd is a free FTP+SSL/SFTP server based on WeOnlyDo FTP/SFTP. An authentication bypass vulnerability exists in FreeFTPD. A remote attacker exploited the vulnerability to bypass the authentication mechanism and gain unauthorized access. There are vulnerabilities in the FreeFTPD 1.0.11 release, and other versions may be affected. FreeFTPD is prone to an authentication-bypass vulnerability

BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error. It highlights game, media publishing and collaboration features. An attacker can exploit a vulnerability by enticing a trusted user to view a specially crafted website, resulting in the disclosure of potentially sensitive information. NOTE: Very limited information is currently available regarding this issue. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory (NDSA20121030) Date: 30th October 2012 Author: Tim Brown <mailto:timb@nth-dimension.org.uk> URL: <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/> Product: RIM BlackBerry PlayBook OS 1.0.8.6067 <http://www.rim.com/products/blackberry_tablets.shtml> Vendor: RIM <http://www.rim.com/> Risk: Low Summary The web browser which comes as part of the RIM BlackBerry PlayBook OS can be tricked into disclosing the contents of local files through the planting of a malicious HTML file through the standard download mechanism. It should be noted that in order to exploit this issue, user interaction is required as the user will need to confirm the download of the malicious HTML file. After discussions with the vendor, CVE-2012-5828 was assigned to this vulnerability. Solutions Nth Dimension recommends that the vendor supplied patches should be applied. Technical Details It was identified that the PlayBook web browser could be forced to download rather than render HTML files and that whilst the browser does prompt the user to confirm the location of the download, this download process defaults to an attacker chosen location. Furthermore, once downloaded, it is possible to use the "Location" header to load the file from the attacker's chose location using the "file://" URL handler in such a manner that the downloaded HTML then has trusted access to the PlayBook filing system. It is possible to craft a HTML download which when opened will lead to arbitrary JavaScript being executed in the local context. The "file://" URL handler is trusted to execute across domains. History On 12th February 2012, Nth Dimension supplied a PoC exploit for this issue to representatives of RIM. BBSIRT responded on the 20th to confirm that they had recieved the report and were investigating. RIM further notified Nth Dimension to confirm that all reported vulnerabilities were handled based on CVSS and that only critical vulnerabilities were deemed candidates for out-of-band patching. Less critical issues would however be addressed in future product updates. Nth Dimension responded on 7th March 2012 to confirm that they agreed with this approach and that in their opinion the issue was not critical and did not warrant an expedited response. Nth Dimension asked to be kept in the loop regarding the release of a patch for this issue in due course. On 19th September 2012, Nth Dimension asked for an update, in particular to establish whether a CVE had been assigned by RIM for this issue. On 1st November 2012, RIM responded to say that the "The changes for the issues are in the latest 2.1 builds for PlayBook. The build is currently available for WiFi only PlayBooks and we’re working with our carrier partners for testing and availability for build for the in-market cellular-enabled PlayBooks". On 6th November 2012, RIM confirm that CVE-2012-5828 has been assigned. They also confirm they believe testing of cellular PlayBooks will be completed by the end of the month. Nth Dimension repond, proposing 1st Deceber 2012 as the embargo date. Current As of 1st Novmeber 2012, the state of the vulnerability is believed to be as follows. RIM have begun shipping a patch which it is believed successfully resolves the reported issue. Thanks Nth Dimension would like to thank all the security folk at RIM, in particular the BlackBerry Incident Response team for the way they worked to resolve the issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQuU6xAAoJEPJhpTVyySo7xcoQAM7KB/2KYIq/IElrO15jr/hH 8Pytj9Q+k0VTmousVUWs5EP+uurZ28dGH8QNdsBv/kmp9M6gPQbex38pVVp+UJxh DcVoGhVJLsrzATQH+1LH/zVVkV4idERSQvGMjbikHWMdObfr6H37iN/UwK1+O27T tFQkIbM/rRNZk/OUz+B25D+2C53tdjTsCStkbnmYXKBlMYf0h3M28sFR3bcB5mBg MFNO7Vr/t16NdFRN+MPgfiRZTATH2gCqklMoe8rmQbu+Fumf1+7T5jlnXORUIiUb tTKvDjw9o0dL513b58JuIsheiyx0IlvGo4RyfXfWRAZaZiTPSnbzPwl83Bj1JpW+ PJ4Z+4yKcwQcRIfvCDH6vc8o4uMTM7g9SMuLxZBoZN3mFUAOLwy9wJde+w8bmpFA Z6KWtmzcAlt1QoRhNPS8s+udMc1HSXKpyNjTdaqEmhjVNReDeIp+mrOnlYENa4k+ 86LyOMlil00B+dCnt76/s3T/Q+briWgLgY7KrZlVIIoRzliTn3Oy0Rd7SIRJgoV6 bK5/W8q1uFEEF1kdy1Q3/08CFxIkWKgB6QCfa0iY5q+nNl5V6SjqAaxsesB/zcnS aD6OjWz+j9ZFs1nounIWZrGygLRVt3C/liLfR7JiAGux518mRz87uOedd+0TtBUh O7FtQ/d4H990AomSBivi =DyJj -----END PGP SIGNATURE-----

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. (1) brightmail/export of .. An attacker can exploit these issues to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks. Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. By (1) adding .. to the localBackupFileSelection parameter in the APPLIANCE restoreSource operation and sending it to brightmail/admin/restore/download.do, remote attackers use The vulnerability reads arbitrary files

The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format. When this issue occurs, the device will always reboot when attempting to receive the invalid email. Masashi Shimizu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When receiving an invalid email, the device will always reboot, therefore emails cannot be received. KYOCERA is a Japanese electronic equipment manufacturer. Multiple Kyocera mobile devices are prone to a denial-of-service vulnerability. Attackers may leverage this issue to crash the affected mobile devices, denying service to legitimate users

JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability that could allow a remote attacker to cause a denial of service (DoS) condition.A remote attacker could cause a denial of service (DoS) condition.

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2012:1512-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1512.html Issue date: 2012-11-29 CVE Names: CVE-2012-5134 ===================================================================== 1. Summary: Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. (CVE-2012-5134) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.6.src.rpm i386: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.i386.rpm x86_64: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.6.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.15.el5_8.6.src.rpm i386: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.i386.rpm ia64: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-2.6.26-2.1.15.el5_8.6.ia64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.ia64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.ia64.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.ia64.rpm ppc: libxml2-2.6.26-2.1.15.el5_8.6.ppc.rpm libxml2-2.6.26-2.1.15.el5_8.6.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.ppc.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.ppc64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.ppc.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.ppc64.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.ppc.rpm s390x: libxml2-2.6.26-2.1.15.el5_8.6.s390.rpm libxml2-2.6.26-2.1.15.el5_8.6.s390x.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.s390.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.s390x.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.s390.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.s390x.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.s390x.rpm x86_64: libxml2-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-debuginfo-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.i386.rpm libxml2-devel-2.6.26-2.1.15.el5_8.6.x86_64.rpm libxml2-python-2.6.26-2.1.15.el5_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-python-2.7.6-8.el6_3.4.i686.rpm x86_64: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-2.7.6-8.el6_3.4.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-static-2.7.6-8.el6_3.4.i686.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm x86_64: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-2.7.6-8.el6_3.4.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-python-2.7.6-8.el6_3.4.i686.rpm ppc64: libxml2-2.7.6-8.el6_3.4.ppc.rpm libxml2-2.7.6-8.el6_3.4.ppc64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.ppc.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.ppc64.rpm libxml2-devel-2.7.6-8.el6_3.4.ppc.rpm libxml2-devel-2.7.6-8.el6_3.4.ppc64.rpm libxml2-python-2.7.6-8.el6_3.4.ppc64.rpm s390x: libxml2-2.7.6-8.el6_3.4.s390.rpm libxml2-2.7.6-8.el6_3.4.s390x.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.s390.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.s390x.rpm libxml2-devel-2.7.6-8.el6_3.4.s390.rpm libxml2-devel-2.7.6-8.el6_3.4.s390x.rpm libxml2-python-2.7.6-8.el6_3.4.s390x.rpm x86_64: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-2.7.6-8.el6_3.4.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-static-2.7.6-8.el6_3.4.i686.rpm ppc64: libxml2-debuginfo-2.7.6-8.el6_3.4.ppc64.rpm libxml2-static-2.7.6-8.el6_3.4.ppc64.rpm s390x: libxml2-debuginfo-2.7.6-8.el6_3.4.s390x.rpm libxml2-static-2.7.6-8.el6_3.4.s390x.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-python-2.7.6-8.el6_3.4.i686.rpm x86_64: libxml2-2.7.6-8.el6_3.4.i686.rpm libxml2-2.7.6-8.el6_3.4.x86_64.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-devel-2.7.6-8.el6_3.4.i686.rpm libxml2-devel-2.7.6-8.el6_3.4.x86_64.rpm libxml2-python-2.7.6-8.el6_3.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxml2-2.7.6-8.el6_3.4.src.rpm i386: libxml2-debuginfo-2.7.6-8.el6_3.4.i686.rpm libxml2-static-2.7.6-8.el6_3.4.i686.rpm x86_64: libxml2-debuginfo-2.7.6-8.el6_3.4.x86_64.rpm libxml2-static-2.7.6-8.el6_3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQt66YXlSAg2UNWIIRAuFIAJ9txGFdpvgJfC/sBrUnpgHgntZmRwCeOyyH uM4okdoImE0phDpHIiSGSqg= =iW2h -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz: Rebuilt. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libxml2-2.6.32-i486-3_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libxml2-2.6.32-i486-4_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libxml2-2.7.3-i486-5_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libxml2-2.7.3-x86_64-5_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libxml2-2.7.6-i486-3_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libxml2-2.7.6-x86_64-3_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libxml2-2.7.8-i486-5_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libxml2-2.7.8-x86_64-5_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.8.0-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.8.0-x86_64-2_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.8.0-i486-2.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.8.0-x86_64-2.txz MD5 signatures: +-------------+ Slackware 12.1 package: 4b8f8073e5ab0e468368aac52031e133 libxml2-2.6.32-i486-3_slack12.1.tgz Slackware 12.2 package: a38284d735b51156b6a0c2aad4a0b0b6 libxml2-2.6.32-i486-4_slack12.2.tgz Slackware 13.0 package: de8fa68b968b05115f06fd1a6c8c874d libxml2-2.7.3-i486-5_slack13.0.txz Slackware x86_64 13.0 package: ff17bc7c4513ad04192ecc351f390d2e libxml2-2.7.3-x86_64-5_slack13.0.txz Slackware 13.1 package: 82340fb2bd9eb47336c072dc0f801589 libxml2-2.7.6-i486-3_slack13.1.txz Slackware x86_64 13.1 package: 1e37ae374658bedbaa62aee52d960e6d libxml2-2.7.6-x86_64-3_slack13.1.txz Slackware 13.37 package: a2c3792fbf110ad3d05fd347deff3958 libxml2-2.7.8-i486-5_slack13.37.txz Slackware x86_64 13.37 package: 817ab99eff08314862f48c33703f572f libxml2-2.7.8-x86_64-5_slack13.37.txz Slackware 14.0 package: b407f6c6e488375e9d7775c1b8eb7231 libxml2-2.8.0-i486-2_slack14.0.txz Slackware x86_64 14.0 package: b11a66b5e80391dac16d92c59a7aa111 libxml2-2.8.0-x86_64-2_slack14.0.txz Slackware -current package: dba82933cc4a5298b14ca4f085e930ce l/libxml2-2.8.0-i486-2.txz Slackware x86_64 -current package: 061c5ad8691d874a9c2a9079c312a725 l/libxml2-2.8.0-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libxml2-2.8.0-i486-2_slack14.0.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1656-1 December 06, 2012 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: libxml2 2.8.0+dfsg1-5ubuntu2.1 Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.3 Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.5 Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.7 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.11 After a standard system update you need to reboot your computer to make all the necessary changes. Background ========== libxml2 is the XML C parser and toolkit developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.9.1-r1 >= 2.9.1-r1 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1" References ========== [ 1 ] CVE-2012-2871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2871 [ 2 ] CVE-2012-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134 [ 3 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 4 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 5 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 6 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201311-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze6. For the unstable distribution (sid), this problem has been fixed in version 2.8.0+dfsg1-7. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51437 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51437/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51437 RELEASE DATE: 2012-11-27 DISCUSS ADVISORY: http://secunia.com/advisories/51437/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51437/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51437 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in SVG filters. 2) An out-of-bounds read error exists in Skia. 3) An error exists within the libxml2 library. For more information see vulnerability #2: SA48000 4) A use-after-free error exists within printing. 5) A bad cast error exists within input element handling. The vulnerabilities are reported in versions prior to 23.0.1271.91. SOLUTION: Update to version 23.0.1271.91. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.dk/2012/11/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-20-1 Apple TV 6.0 Apple TV 6.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134 Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes Apple TV Available for: Apple TV 2nd generation and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt Apple TV Available for: Apple TV 2nd generation and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse Apple TV Available for: Apple TV 2nd generation and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser Apple TV Available for: Apple TV 2nd generation and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM" Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla) Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire Apple TV Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Serna of the Google Security Team CVE-2013-1001 : Ryan Humenick CVE-2013-1002 : Sergey Glazunov CVE-2013-1003 : Google Chrome Security Team (Inferno) CVE-2013-1004 : Google Chrome Security Team (Martin Barbella) CVE-2013-1005 : Google Chrome Security Team (Martin Barbella) CVE-2013-1006 : Google Chrome Security Team (Martin Barbella) CVE-2013-1007 : Google Chrome Security Team (Inferno) CVE-2013-1008 : Sergey Glazunov CVE-2013-1010 : miaubiz CVE-2013-1011 CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. This community string is the printer management function. SNMP Even if is set to disabled, it is still enabled.SNMP By accessing with, the setting information of the product may be obtained or changed. Samsung printers is a printer developed by Samsung. A remote unauthenticated attacker can access the device with administrator privileges, change device configuration, access sensitive information (device and network information, authentication credentials, information passed to the printer), and more. Note: The issue affects devices only when SNMP is enabled. Attackers can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks. Solution Samsung has stated that models released after October 31, 2012 are not affected by this vulnerability. Samsung has also indicated that they will be releasing a patch tool later this year to address vulnerable devices. Restrict Access As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Samsung / Dell Printers Hard-Coded SNMP Community String Security Issue SECUNIA ADVISORY ID: SA51435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51435 RELEASE DATE: 2012-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/51435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in some Samsung and Dell printers, which can be exploited by malicious people to compromise a vulnerable device. The security issue is reported in the following devices: * Dell 2145cn Multifunction Printer * Dell 2335dn Multifunction Printer * Samsung ML-2580 Series Monochrome Laser Printer * Samsung ML-4050 Series Monochrome Laser Printer SOLUTION: Reportedly, patches will be issued. No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Neil Smith. ORIGINAL ADVISORY: US-CERT VU#281284: http://www.kb.cert.org/vuls/id/281284 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. The MikroTik RouterOS software turns a standard PC into a network router. There is a vulnerability in the Winbox server in MikroTik RouterOS 5.15 and earlier. MikroTik RouterOS is a routing operating system based on Linux kernel developed by Latvian MikroTik Company

Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Apple Mac OS X is prone to an unspecified security vulnerability. The impact of this issue is currently unknown. We will update this BID when more information emerges. Note: This issue was previously discussed in BID 56684 (Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities) but has been given its own record to better document it. Google Chrome is a web browser developed by Google (Google). An attacker could exploit these vulnerabilities to execute arbitrary code in the browser context, cause a denial of service, bypass the same-origin policy, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51437 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51437/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51437 RELEASE DATE: 2012-11-27 DISCUSS ADVISORY: http://secunia.com/advisories/51437/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51437/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51437 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in SVG filters. 2) An out-of-bounds read error exists in Skia. 3) An error exists within the libxml2 library. For more information see vulnerability #2: SA48000 4) A use-after-free error exists within printing. 5) A bad cast error exists within input element handling. The vulnerabilities are reported in versions prior to 23.0.1271.91. SOLUTION: Update to version 23.0.1271.91. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) miaubiz 2) Atte Kettunen, OUSPG 3) Juri Aedla, Google Chrome Security Team 4) Fermin Serna, Google Security Team 5) Inferno, Google Chrome Security Team. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.dk/2012/11/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple remote command execution vulnerabilities exist in the Cisco WAG120N. Remote attackers exploit these vulnerabilities to perform arbitrary commands or root access to help fully control the affected device. The Cisco WAG120N is a wireless routing device. The Cisco WAG120N /setup.cgi?next_file=Setup_DDNS.htm script failed to properly filter user-submitted input, and all fields were not properly filtered, allowing attackers to inject something like \"qwe.com;cat /etc/passwd> /www/Routercfg. Cfg;\" string to the Hostname field, you can execute arbitrary commands with root privileges. This may facilitate a complete compromise of an affected device

These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. plural Sinapsi Product login.php Contains a hard-coded account information, which could allow an administrator to gain access.A third party may gain administrator access through the following items: (1) Plaintext password (2) Password hash in the script. Sinapsi eSolar Light is a monitoring system used in solar applications. Based on Sinapsi eSolar Light Photovoltaic System Monitor (also known as Schneider Electric Ezylog photovoltaic SCADA Management Server), there is a vulnerability in the login.php script in Sinapsi eSolar, Sinapsi eSolar DUO firmware version 2.0.2870_2.2.12, which originated from the establishment of more Hard-coded accounts. Sinapsi eSolar is a monitoring and data acquisition (SCADA) product. hardcoded accounts. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Sinapsi eSolar Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51364 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51364/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51364 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51364/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51364/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51364 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and some vulnerabilities have been reported in eSolar Light, eSolar, and eSolar DUO, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system. 1) The security issue is caused due to the application using a hard-coded credentials, which may allow full administrative access to the system. 2) Input passed via the "inverterselect" parameter to dettagliinverter.php and the "lingua" parameter to changelanguagesession.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via the "ping" parameter to ping.php is not properly verified before being used to execute commands and can be exploited to execute arbitrary shell commands. 4) The application does not restrict access to certain pages, which can be exploited to gain administrative access. The security issue and the vulnerabilities are reported in versions prior to 2.0.2870_2.2.12. SOLUTION: Update to version 2.0.2870_2.2.12. PROVIDED AND/OR DISCOVERED BY: Roberto Paleari and Ivan Speziale. ORIGINAL ADVISORY: Roberto Paleari and Ivan Speziale: http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system. plural Sinapsi Product ping.php Contains a command execution vulnerability.By a third party, ip_dominio Arbitrary commands could be executed via shell metacharacters in the parameters. Sinapsi eSolar Light is a monitoring system used in solar applications. There is a vulnerability in the ping.php script in the version of Sinapsi eSolar Light Photovoltaic System Monitor (also known as Schneider Electric Ezylog photovoltaic SCADA Management Server), Sinapsi eSolar, and Sinapsi eSolar DUO firmware prior to 2.0.2870_2.2.12. Sinapsi eSolar is a monitoring and data acquisition (SCADA) product. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Sinapsi eSolar Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51364 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51364/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51364 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51364/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51364/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51364 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and some vulnerabilities have been reported in eSolar Light, eSolar, and eSolar DUO, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system. 1) The security issue is caused due to the application using a hard-coded credentials, which may allow full administrative access to the system. 2) Input passed via the "inverterselect" parameter to dettagliinverter.php and the "lingua" parameter to changelanguagesession.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4) The application does not restrict access to certain pages, which can be exploited to gain administrative access. The security issue and the vulnerabilities are reported in versions prior to 2.0.2870_2.2.12. SOLUTION: Update to version 2.0.2870_2.2.12. PROVIDED AND/OR DISCOVERED BY: Roberto Paleari and Ivan Speziale. ORIGINAL ADVISORY: Roberto Paleari and Ivan Speziale: http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges. plural Sinapsi Product management Web Because the page does not require authentication, there is a vulnerability that can gain access to the administrator.A third party may gain administrator access through a direct request. Sinapsi eSolar is a monitoring and data acquisition (SCADA) product. Sinapsi eSolar Light is a monitoring system used in solar applications. There is a vulnerability in the management page in the version of Sinapsi eSolar Light Photovoltaic System Monitor (also known as Schneider Electric Ezylog photovoltaic SCADA Management Server), Sinapsi eSolar, and Sinapsi eSolar DUO firmware prior to 2.0.2870_2.2.12. The vulnerability stems from the fact that the program does not require authentication. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Sinapsi eSolar Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51364 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51364/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51364 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51364/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51364/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51364 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and some vulnerabilities have been reported in eSolar Light, eSolar, and eSolar DUO, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system. 1) The security issue is caused due to the application using a hard-coded credentials, which may allow full administrative access to the system. 2) Input passed via the "inverterselect" parameter to dettagliinverter.php and the "lingua" parameter to changelanguagesession.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via the "ping" parameter to ping.php is not properly verified before being used to execute commands and can be exploited to execute arbitrary shell commands. The security issue and the vulnerabilities are reported in versions prior to 2.0.2870_2.2.12. SOLUTION: Update to version 2.0.2870_2.2.12. PROVIDED AND/OR DISCOVERED BY: Roberto Paleari and Ivan Speziale. ORIGINAL ADVISORY: Roberto Paleari and Ivan Speziale: http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality. plural Sinapsi The product includes SQL An injection vulnerability exists.By any third party, any SQL The command may be executed. (1) dettagliinverter.php of primo In action inverterselect Parameters (2) changelanguagesession.php of lingua Parameters. Sinapsi eSolar is a monitoring and data acquisition (SCADA) product. Sinapsi eSolar Light is a monitoring system used in solar applications. Sinapsi eSolar Light Photovoltaic System Monitor (also known as Schneider Electric Ezylog photovoltaic SCADA Management Server), Sinapsi eSolar, Sinapsi eSolar DUO firmware 2.0.2870_2.2.12 prior to the existence of multiple SQL injection vulnerabilities. The remote attacker exploits the vulnerability to execute any SQL command via the (1) primo operation with the &lsquo;inverterselect&rsquo; parameter passed to the dettagliinverter.php script or (2)&lsquo;lingua&rsquo; parameter passed to the changelanguagesession.php script. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Sinapsi eSolar Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51364 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51364/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51364 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51364/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51364/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51364 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and some vulnerabilities have been reported in eSolar Light, eSolar, and eSolar DUO, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system. 1) The security issue is caused due to the application using a hard-coded credentials, which may allow full administrative access to the system. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via the "ping" parameter to ping.php is not properly verified before being used to execute commands and can be exploited to execute arbitrary shell commands. 4) The application does not restrict access to certain pages, which can be exploited to gain administrative access. The security issue and the vulnerabilities are reported in versions prior to 2.0.2870_2.2.12. SOLUTION: Update to version 2.0.2870_2.2.12. PROVIDED AND/OR DISCOVERED BY: Roberto Paleari and Ivan Speziale. ORIGINAL ADVISORY: Roberto Paleari and Ivan Speziale: http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html US-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2012-4563. The problem is CVE-2012-4563 This is due to an incomplete fix.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: JBoss Operations Network 3.1.2 update Advisory ID: RHSA-2013:0187-01 Product: JBoss Operations Network Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0187.html Issue date: 2013-01-23 CVE Names: CVE-2012-5920 ===================================================================== 1. Summary: JBoss Operations Network 3.1.2, which fixes one security issue and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: JBoss Operations Network (JBoss ON) is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 3.1.2 release serves as a replacement for JBoss ON 3.1.1, and includes several bug fixes. Refer to the JBoss ON 3.1.2 Release Notes for information on the most significant of these changes. (CVE-2012-5920) Warning: Before applying the update, back up your existing JBoss ON installation (including its databases, applications, configuration files, the JBoss ON server's file system directory, and so on). All users of JBoss Operations Network 3.1.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Operations Network 3.1.2. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing JBoss ON installation (including its databases, applications, configuration files, the JBoss ON server's file system directory, and so on). Refer to the JBoss Operations Network 3.1.2 Release Notes for installation information. 4. Bugs fixed (http://bugzilla.redhat.com/): 871690 - CVE-2012-5920 GWT: unknown XSS flaw 5. References: https://www.redhat.com/security/data/cve/CVE-2012-5920.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=em&version=3.1.2 https://developers.google.com/web-toolkit/release-notes#Release_Notes_Current https://access.redhat.com/knowledge/docs/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRAFsuXlSAg2UNWIIRAoIpAJ41lcJfSCnjLt/MuybQPPRyssfrJQCfcUU5 QcJou7EXNnVFLk5ejl/pb58= =bfcd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.". Autonomy KeyView IDOL The library contains multiple vulnerabilities in the file parsing process. Autonomy KeyView IDOL Is 1000 A library that decodes these file formats and is used in many applications. Autonomy KeyView IDOL The library contains multiple vulnerabilities such as memory corruption and arbitrary code execution.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. ( DoS ) An attacker could be attacked or execute arbitrary code with application privileges. Failed attempts may result in a denial-of-service condition. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Autonomy KeyView File Processing Vulnerabilities SECUNIA ADVISORY ID: SA51362 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51362 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51362/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51362/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51362 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to errors when processing unspecified file formats and can be exploited to corrupt memory. No further information is currently available. The vulnerabilities are reported in versions prior to 10.16. SOLUTION: Update to version 10.16. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC ORIGINAL ADVISORY: US-CERT VU#849841: http://www.kb.cert.org/vuls/id/849841 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. The TP-LINK TL-WR841N router is a wireless router device. The TP-LINK TL-WR841N router failed to properly verify the user-supplied input. Remotely authenticated attackers could exploit this vulnerability to inject malicious script code using the username or pwd parameters to obtain sensitive information or hijack user sessions. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in TP-LINK TL-WR841N routers using firmware 3.13.9 and earlier. The vulnerability is caused by the userRpm/NoipDdnsRpm.htm script not adequately filtering the 'username' or 'pwd' parameters