@RISK: The Consensus Security Alert

@RISK: The Consensus Security Alert http://www.sans.org/newsletters/risk/display.php All Updates From Vol: 11 - Issue: 6 en-us (C) SANS Institute 2012 webmaster@sans.org SANS RSS Feed http://www.sans.org/images/rss_logo.gif http://www.sans.org/newsletters/risk/display.php SANSFIRE 2011 http://www.sans.org/info/74039 http://www.sans.org/info/74039 SANSFIRE 2011 (1) MEDIUM: RealNetworks RealPlayer Multiple Security Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#widely1 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#widely1 Category: Widely Deployed Software

Affected:

RealNetworks RealPlayer 11.0-11.1
RealNetworks RealPlayer SP 1.0-1.1.5
RealNetworks RealPlayer 14.0.0-14.0.7
RealNetworks RealPlayer 15.0.0-15.0.1.13

]]> (2) MEDIUM: Novell iPrint Server Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#widely2 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#widely2 Category: Widely Deployed Software

Affected:

Novell iPrint for Linux Open Enterprise Server prior to OES2 SP3 patch 7885

]]> 12.6.9 IBM AIX TCP Stack Denial of Service http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.9 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.9 CVEs: CVE: CVE-2012-0194

Platform: Aix

]]> 12.6.10 PHP "htmlspecialchars()" Function Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.10 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.10 CVEs: CVE: Not Available

Platform: Cross Platform

]]> 12.6.11 Condor Multiple Format String Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.11 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.11 CVEs: CVE: CVE-2011-4930

Platform: Cross Platform

]]> 12.6.12 Real Networks RealPlayer Multiple Remote Code Execution Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.12 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.12 CVEs: CVE: CVE-2012-0922,CVE-2012-0923,CVE-2012-0924,CVE-2012-0925,CVE-2012-0926,CVE-2012-0927,CVE-2012-0928

Platform: Cross Platform

]]> 12.6.13 Apache CXF UsernameToken Policy Validation Security Bypass http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.13 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.13 CVEs: CVE: CVE-2012-0803

Platform: Cross Platform

]]> 12.6.8 JBoss Web Remote Denial of Service http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.8 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.8 CVEs: CVE: CVE-2011-4610

Platform: Linux

]]> 12.6.1 Siemens SIMATIC HMI Multiple Unspecified Cross-Site Scripting Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.1 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.1 CVEs: CVE: CVE-2011-4511,CVE-2011-4510

Platform: Third Party Windows Apps

]]> 12.6.2 Skype Prior to 5.8.0.154 Unspecified Security Vulnerability http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.2 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.2 CVEs: CVE: Not Available

Platform: Third Party Windows Apps

]]> 12.6.3 Symantec pcAnywhere Session Closure Access Violation http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.3 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.3 CVEs: CVE: CVE-2012-0290

Platform: Third Party Windows Apps

]]> 12.6.4 Edraw Diagram Component ActiveX Control Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.4 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.4 CVEs: CVE: Not Available

Platform: Third Party Windows Apps

]]> 12.6.5 TYPSoft FTP Server Multiple Commands Remote Denial of Service Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.5 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.5 CVEs: CVE: Not Available

Platform: Third Party Windows Apps

]]> 12.6.6 XnView JPEG2000 Buffer Overflow http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.6 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.6 CVEs: CVE: Not Available

Platform: Third Party Windows Apps

]]> 12.6.7 Ing. Punzenberger COPA-DATA GmbH zenon Multiple Denial of Service Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.7 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.7 CVEs: CVE: CVE-2011-4534,CVE-2011-4533

Platform: Third Party Windows Apps

]]> 12.6.19 Apache HTTP Server "mod_proxy" Reverse Proxy Security Bypass http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.19 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.19 CVEs: CVE: CVE-2011-3639

Platform: Web Application

]]> 12.6.20 ManageEngine Applications Manager Multiple Cross-Site Scripting and SQL Injection Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.20 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.20 CVEs: CVE: Not Available

Platform: Web Application

]]> 12.6.21 TYPO3 Third Party Extensions Multiple Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.21 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.21 CVEs: CVE: Not Available

Platform: Web Application

]]> 12.6.22 DotNetNuke Cross-Site Scripting and Security Bypass Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.22 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.22 CVEs: CVE: Not Available

Platform: Web Application

]]> 12.6.23 EMC Documentum xPlore Information Disclosure http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.23 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.23 CVEs: CVE: CVE-2012-0396

Platform: Web Application

]]> 12.6.24 EPiServer CMS Cross Site Scripting and Security Bypass Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.24 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.24 CVEs: CVE: Not Available

Platform: Web Application

]]> 12.6.25 Vespa "getid3.php" Local File Include http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.25 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.25 CVEs: CVE: Not Available

Platform: Web Application

]]> 12.6.14 NexorONE "login.php" Multiple Cross Site Scripting Vulnerabilities http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.14 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.14 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 12.6.15 Simple Groupware "export" Parameter Cross Site Scripting http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.15 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.15 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 12.6.16 eFront "administrator.php" Cross-Site Scripting http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.16 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.16 CVEs: CVE: Not Available

Platform: Web Application - Cross Site Scripting

]]> 12.6.17 HDWiki URI SQL Injection http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.17 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.17 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]> 12.6.18 BASE "base_qry_main.php" SQL Injection http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.18 http://www.sans.org/newsletters/risk/display.php?v=11&i=6&rss=Y#12.6.18 CVEs: CVE: Not Available

Platform: Web Application - SQL Injection

]]>