CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2751 – Parodia 6.8 SQL Injection
https://notcve.org/view.php?id=CVE-2012-2751
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. ModSecurity anterior a v2.6.6, cuando se utiliza con PHP, no maneja correctamente las comillas simples al principio de un valor de un parámetro en el campo Content-Disposition de una solicitud con un multipart/form-data Content-Type, permite control remoto atacantes para eludir las reglas de filtrado y llevar a cabo otros ataques como secuencias de comandos en sitios cruzados (XSS). NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2009-5031. Parodia versions 6.8 and below suffer from multiple remote SQL injection vulnerabilities. • http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/CHANGES?r1=1920&r2=1919&pathrev=1920 http:/&# •
CVSS: 7.5EPSS: 4%CPEs: 14EXPL: 0CVE-2012-1149 – libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations
https://notcve.org/view.php?id=CVE-2012-1149
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. Un desbordamiento de entero en el módulo de vclmi.dll en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente en versiones anteriores, y LibreOffice antes de v3.5.3, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de un objeto de imagen especificamente modificado para este fin incrustado en el documento, tal y como lo demuestra una imagen JPEG en un archivo .DOC, que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html http://rhn.redhat.com/errata/RHSA-2012-0705.html http://secunia.com/advisories/46992 http://secunia.com/advisories/47244 http://secunia.com/advisories/49140 http://secunia.com/advisories/49373 http://secunia.com/advisories/49392 http://secunia.com/advisories/50692 h • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2012-1988 – puppet: Filebucket arbitrary code execution
https://notcve.org/view.php?id=CVE-2012-1988
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. Puppet v2.6.x anterior a v2.6.15 y v2.7.x anterior a v2.7.13, y Puppet Enterprise (PE) Users v1.0, v1.1, v1.2.x, v2.0.x, y v2.5.x anterior a v2.5.1 permite a usuarios remotos autenticados con el agente de claves SSL y permisos de creación de archivos en el puppet maestro ejecutar comandos arbitrarios mediante la creación de un archivo cuyo nombre de ruta completo contiene metacaracteres de shell, para realizar una solicitud "filebucket". telnet.rb en v2.7.x anterior a v2.7.13 y Puppet Enterprise (PE) v1.2.x, v2.0.x y v2.5.x anterior a v2.5.1 permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlace simbólico en el log de registro NET::Telnet (/tmp/out.log). • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html http://projects.puppetlabs.com/issues/13518 http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 http://puppetlabs.com/security/cve/cve-2012-1988 http://secunia.com/advisories/48743 http://secunia.com/advisories/48748 http://secunia.com/adv • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0CVE-2012-0876 – expat: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-0876
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegación de servicio (por consumo de CPU) a atacantes dependientes de contexto a través de un archivo XML con muchos identificadores con el mismo valor. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. • http://bugs.python.org/issue13703#msg151870 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html http://rhn.redhat.com/errata/RHSA-2012-0731.html http://rhn.redhat.com/errata/RHSA-2016-0062.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://secunia.com/advisories/49504 http://secunia.com/advisories/51024 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 8.8EPSS: 76%CPEs: 17EXPL: 0CVE-2012-0247 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0247
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección a través de desplazamientos (offsets) modificados y contar valores en la etiqueta ResolutionUnit en el EXIF IFD0 de una imagen . • http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.debian.org/security/2012/dsa-2427 http://www& • CWE-20: Improper Input Validation •