CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 2CVE-2011-2522 – SWAT Samba Web Administration Tool - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2011-2522
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. Varias vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la herramienta Samba Web Administration (SWAT) en Samba v3.x antes de v3.5.10 permite a atacantes remotos secuestrar la autenticación de los administradores para las peticiones que (1) apagan los demonios, (2) inician los demonios, (3) agregan recursos compartidos, (4) quitan recursos compartidos, (5) agregan impresoras, (6) eliminan impresoras (7), agregan cuentas de usuario, o (8) quitan cuentas de usuario, como lo demuestran ciertos parámetros de inicio, parada, y reinicio del programa de estado. • https://www.exploit-db.com/exploits/17577 http://jvn.jp/en/jp/JVN29529126/index.html http://marc.info/?l=bugtraq&m=133527864025056&w=2 http://osvdb.org/74071 http://samba.org/samba/history/samba-3.5.10.html http://secunia.com/advisories/45393 http://secunia.com/advisories/45488 http://secunia.com/advisories/45496 http://securityreason.com/securityalert/8317 http://securitytracker.com/id?1025852 http://ubuntu.com/usn/usn-1182-1 http://www.debian.org/secu • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2011-2690 – libpng: buffer overwrite in png_rgb_to_gray
https://notcve.org/view.php?id=CVE-2011-2690
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. Desbordamiento de búfer en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antes de v1.5.4, cuando son utilizados por una aplicación que llama a la función png_rgb_to_gray pero no a la función png_set_expand función, permite a atacantes remotos sobreescribir la memoria con una cantidad arbitraria de datos, y posiblemente tener otro impacto no especificado, a través de una imagen PNG creada. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html http://secunia.com/advisories/45046 http://secunia.com/advisories/45405 http://secunia.com/advisories/45415 http://secunia.com/advisories/45460 http://secunia.com/advisories/45461 http://secunia.com/advisories/45492 http://secunia.com/advisories/49660 http://security.gentoo.org/glsa/glsa-201206-15.xml http://support.apple.com&#x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 1CVE-2011-2692 – libpng: Invalid read when handling empty sCAL chunks
https://notcve.org/view.php?id=CVE-2011-2692
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. La función png_handle_sCAL de pngrutil.c en libpng v1.0.x antes de la v1.0.55, en v1.2.x antes de la v1.2.45, en v1.4.x antes de la v1.4.8, y en v1.5.x antes de la v1.5.4, no controla correctamente fragmentos inválidos SCAL, que permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener un impacto no especificado a través de una imagen PNG creada que provoca la lectura de la memoria sin inicializar. • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html http://secunia.com/advisories/45046 http://secunia.com/advisories/45405 http://secunia.com/advisories/45415 http://secunia.com/advisories/45445 http://secun • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2011-2501 – libpng: regression of CVE-2004-0421 in 1.2.23+
https://notcve.org/view.php?id=CVE-2011-2501
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. La función png_format_buffer en pngerror.c en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antesde v1.5.4, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de una imagen PNG creada que desencadena una lectura out-of-bounds durante la copia de los datos del mensaje de error. NOTA: esta vulnerabilidad existe debido a una regresión CVE-2004-0421. • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html http://secunia.com/advisories/45046 http://secunia.com/advisories/45289 http://secunia.com/advisories/45405 http://secunia.com/advisories/45415 http://secunia.com/advisories/45460 http://secunia.com/advisories/45486 http://s • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2011-2192 – curl: Improper delegation of client credentials during GSS negotiation
https://notcve.org/view.php?id=CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. La función Curl_input_negotiate en http_negotiate.c en libcurl v7.10.6 a v7.21.6, tal y como se utiliza en curl y otras aplicaciones, siempre lleva a cabo delegación de credenciales durante la autenticación GSSAPI, lo que permite a hacerse pasar por clientes legitimos a servidores remotos a través de peticiones GSSAPI. • http://curl.haxx.se/curl-gssapi-delegation.patch http://curl.haxx.se/docs/adv_20110623.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html http://secunia.com/advisories/45047 http://secunia.com/advisories/45067 http://secunia.com/advisories/45088 http://secunia.com/advisories/45144 http://secunia.com/ • CWE-255: Credentials Management Errors •