CVSS: 10.0EPSS: 96%CPEs: 21EXPL: 6CVE-2011-4862 – FreeBSD - Telnet Service Encryption Key ID Buffer Overflow
https://notcve.org/view.php?id=CVE-2011-4862
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Desbordamiento de búfer basado en pila en libtelnet/encrypt.c en telnetd en FreeBSD v7.3 hasta v9.0, MIT Kerberos Version v5 Applications (también conocido como krb5-appl) v1.0.2 y anteriores, y Heimdal v1.5.1 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una clave de cifrado larga, como fue explotado en Diciembre 2011. Detect telnet services vulnerable to the encrypt option Key ID overflow (BSD-derived telnetd). • https://www.exploit-db.com/exploits/18369 https://www.exploit-db.com/exploits/18368 https://www.exploit-db.com/exploits/18280 https://github.com/hdbreaker/GO-CVE-2011-4862 https://github.com/kpawar2410/CVE-2011-4862 http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2e11b8db9958a315935592 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html http://lists.fedoraproject.org/p • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 96%CPEs: 16EXPL: 8CVE-2011-3192 – Apache - Denial of Service
https://notcve.org/view.php?id=CVE-2011-3192
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. El filtro byterange en el Servidor Apache HTTP v1.3.x, v2.0.x hasta v2.0.64, y v2.2.x hasta v2.2.19 permite a tacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) a través de una cabecera Range que expresa múltiple rangos de solapamiento, como se explotó en Agosto 2011, una vulnerabilidad diferente que CVE-2007-0086. • https://www.exploit-db.com/exploits/18221 https://www.exploit-db.com/exploits/17696 https://github.com/limkokholefork/CVE-2011-3192 https://github.com/futurezayka/CVE-2011-3192 http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html http://blogs.oracle.com/security/entry/security_alert_for_cve_2011 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html http://lists.opensuse. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1526 – krb5-appl: ftpd incorrect group privilege dropping (MITKRB5-SA-2011-005)
https://notcve.org/view.php?id=CVE-2011-1526
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. ftpd.c en el demonio GSS-API FTP en MIT Kerberos Version 5 Applications (también conocido como krb5-appl) v1.0.1 y anteriores no comprueban el valor de retorno krb5_setegid, lo que permite que usuarios autenticados de forma remota evitar las restricciones de acceso de grupo, y crear, sobreescribir, borrar, o leer ficheros, a través de comandos FTP estándar, relacionado con test autoconfigurados olvidados en un script configurado. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the krb5_setegid() function call. On systems where the set real, set effective, or set saved group ID system calls might fail, a remote FTP user could use this flaw to gain unauthorized read or write access to files that were owned by the root group. • http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062681.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062699.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/201 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 97%CPEs: 28EXPL: 5CVE-2011-0611 – Adobe Flash Player Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0611
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. Adobe Flash Player anterior a la versión 10.2.154.27 en Windows, Mac OS X, Linux y Solaris y 10.2.156.12 y versiones anteriores en Android; Adobe AIR anterior a versión 2.6.19140; y Authplay.dll (también se conoce como AuthPlayLib.bundle) en Adobe Reader versión 9.x anterior a 9.4.4 y versión 10.x hasta 10.0.1 en Windows, Adobe Reader versión 9.x anterior a 9.4.4 y versión 10.x anterior a 10.0.3 en Mac OS X y Adobe Acrobat versión 9.x anterior a 9.4.4 y versión 10.x anterior a 10.0.3 en Windows y Mac OS X permiten a los atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (bloqueo de aplicación) por medio del contenido Flash creado; como lo demuestra un documento de Microsoft Office con un archivo.swf insertado que tiene una inconsistencia de tamaño en un "group of included constants", objeto de type confusion, ActionScript que agrega funciones personalizadas a los prototipos y date objects; y como explotados en la naturaleza en abril de 2011. Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content. • https://www.exploit-db.com/exploits/17473 https://www.exploit-db.com/exploits/17175 http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html http://lists.opensuse.org/open • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 96%CPEs: 26EXPL: 1CVE-2011-0609 – Adobe Flash Player Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2011-0609
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011. Vulnerabilidad sin especificar en Adobe Flash Player 10.2.154.13 y versiones anteriores en Windows, Mac OS X, Linux y Solaris, y 10.1.106.16 y anteriores en Android, y Authplay.dll (AuthPlayLib.bundle) de Adobe Reader y Acrobat 9.x hasta 9.4.2 y 10.x hasta 10.0.1 en Windows y Mac OS X. Permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de contenido Flash modificado, como se ha demostrado con un fichero .swf embebido en una hoja de cálculo Excel. Se ha explotado en Internet en Marzo del 2011. Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). • https://www.exploit-db.com/exploits/17027 http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43751 http://secunia.com/advisories/43757 http://secunia.com/advisories/43772 http://secunia.com/advisories/43856 http://securityreason.com/securityalert/8152 http://www.ado •