PHP v5.4.3 remote exploit PoC in the wild
FYI...
PHP v5.4.3 - PoC remote exploit in the wild
- https://isc.sans.edu/diary.html?storyid=13255
Last Updated: 2012-05-19 - "There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port. Since there is no patch available for this vulnerability yet, you might want to do the following:
• Block any file upload function in your php applications to avoid risks of exploit code execution.
• Use your IPS to filter known shellcodes like the ones included in metasploit.
• Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336* registered at the beginning of the month.
• Use your HIPS to block any possible buffer overflow in your system."
* http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2336
> Last: http://www.php.net/archive/2012.php#id2012-05-08-1
PHP 5.4 (5.4.3) Code Execution (Win32)
> http://www.exploit-db.com/exploits/18861/
___
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-2376 - 10.0 (HIGH)
:fear::fear::spider:
IrfanView plugins updated - v4.34 released
FYI...
IrfanView plugins updated - v4.34 released
- https://secunia.com/advisories/49204/
Release Date: 2012-05-31
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is confirmed in version 4.33. Other versions may also be affected.
Solution: Apply ECW PlugIn patch version 4.34*
___
- http://www.irfanview.com/plugins.htm
PlugIns updated -after- the version 4.33:
FPX/FlashPix PlugIn (4.34): Installer or ZIP - FPX-Library loading bug fixed:
http://www.irfanview.net/plugins/irf...plugin_fpx.exe
* ECW PlugIn (Third party, 3.1.0.350 - 4.34): Installer or ZIP - Some loading bugs fixed:
http://www.irfanview.net/plugins/irf...plugin_ecw.exe
XCF PlugIn (1.08): Installer or ZIP - Some loading bugs fixed:
http://www.irfanview.net/plugins/irf...plugin_xcf.exe
- https://secunia.com/advisories/49319/
Release Date: 2012-06-01
Criticality level: Moderately critical
Impact: System access
Where: From remote...
Solution: Apply Formats PlugIn patch version 4.34...
- http://www.irfanview.com/plugins.htm
FORMATS PlugIn (4.34): TTF loading bug fixed...
- http://www.irfanview.net/plugins/irf...in_formats.exe
:fear:
Thunderbird v13.0 released
FYI...
Thunderbird v13.0 released
- https://www.mozilla.org/en-US/thunde...0/releasenotes
June 5, 2012 ... See Known Issues
Security Advisories
- https://www.mozilla.org/security/kno...#thunderbird13
Fixed in Thunderbird 13
MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards
Bugs fixed
- https://www.mozilla.org/en-US/thunde...s/buglist.html
Download
- https://www.mozilla.org/thunderbird/all.html
___
- http://www.securitytracker.com/id/1027122
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0441 - 5.0
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1937 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1938 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1939 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1940 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1941 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1942 - 7.2 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1943 - 6.9
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1944 - 4.3
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1945 - 2.9
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1946 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1947 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-3105 - 9.3 (HIGH)
Jun 6 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 13.0
- https://secunia.com/advisories/49368/
Release Date: 2012-06-06
Criticality level: Highly critical
Impact: Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, System access
Where: From remote
Solution: Upgrade to... Thunderbird version 13.0.
:fear:
Java for OS X 2012-004 / Mac OS X 10.6 Update 9
FYI...
Java for OS X 2012-004 / Mac OS X 10.6 Update 9
- http://support.apple.com/kb/HT5319
June 12, 2012 - "Description: Multiple vulnerabilities exist in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_33. Further information is available via the Java website at
http://www.oracle.com/technetwork/ja...es-136954.html ..."
- https://secunia.com/advisories/49542/
Release Date: 2012-06-13
Criticality level: Highly critical
Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, DoS, System access
Where: From remote...
... more information: https://secunia.com/SA49472/
Original Advisory: http://support.apple.com/kb/HT5319
> http://forums.spybot.info/showpost.p...69&postcount=4
:fear:
Plesk Panel remote vuln - Fix
FYI...
Plesk Panel remote vuln - Fix
- http://kb.parallels.com/en/113321
Last Review: Jul, 12 2012 - "... it may not be plausible at this time to perform a full upgrade to the latest release of Parallels Plesk Panel 11 which is not affected, thus there was a set of Micro-Updates released for each major version affected which will resolve the security issue without the necessity of a system upgrade..."
- http://www.symantec.com/security_res...atconlearn.jsp
"... Parallels has released a fix for its Plesk Panel application to correct a previously unknown vulnerability which allows the administrator password to be recovered by an attacker. The code to exploit the vulnerability is currently being sold on the internet and potentially allows passwords to be compromised. Customers are advised to apply the fix as soon as possible..."
___
- http://www.securitytracker.com/id/1027243
Jul 12 2012
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1557 - 7.5 (HIGH)
Impact: Disclosure of system information, Disclosure of user information, User access via network
Version(s): prior to 10.4.x*
Solution: The vendor has issued a fix.
The fix also includes a Mass Password Reset Script that must be executed to remove existing sessions and prevent a recurrence.
The vendor's advisory is available at:
- http://kb.parallels.com/en/113321
- https://secunia.com/advisories/48262
___
Plesk Panel 10.x for Windows...
* http://download1.parallels.com/Plesk...ase-notes.html
15-Jul-2012 - "... Fixed critical Plesk security issues found during internal security audit. All customers are highly recommended to update..."
Plesk Panel 10.x for Linux...
- http://download1.parallels.com/Plesk...ase-notes.html
15-Jul-2012 - "... Fixed critical Plesk security issues found during internal security audit. All customers are highly recommended to update..."
- http://kb.parallels.com/en/113321
Last Review: Jul, 16 2012
:fear::fear: :spider:
Thunderbird v14.0 released
FYI...
Thunderbird v14.0 released
- https://www.mozilla.org/en-US/thunde...0/releasenotes
July 17, 2012 ... See Known Issues
Security Advisories
- https://www.mozilla.org/security/kno...#thunderbird14
Fixed in Thunderbird 14
MFSA 2012-56 Code execution through javascript: URLs
MFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)
Bugs fixed
- https://www.mozilla.org/en-US/thunde...s/buglist.html
Download
- https://www.mozilla.org/thunderbird/all.html
___
- https://secunia.com/advisories/49993/
Release Date: 2012-07-18
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, System access
Where: From remote...
Solution: Upgrade to version 14...
- http://www.securitytracker.com/id/1027257
CVE Reference: CVE-2012-1948, CVE-2012-1949, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1967
Jul 17 2012
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Version(s): prior to 14 ...
:fear::fear:
Oracle Critical Patch Update Advisory - July 2012
FYI...
- http://www.oracle.com/technetwork/to...12-392727.html
2012-July-17 - "... This Critical Patch Update contains 87 new security fixes..."
* http://www.oracle.com/technetwork/to...92727.html#PIN
July 2012 Risk Matrices
- http://www.oracle.com/technetwork/to...se-392736.html
___
- https://www.us-cert.gov/current/#ora...patch_update20
July 18, 2012 - "... 87 vulnerabilities across multiple products. This update contains the following security fixes:
• 4 for Oracle Database Server
• 1 for Oracle Application Express Listener
• 2 for Oracle Secure Backup
• 22 for Oracle Fusion Middleware
• 1 for Oracle Hyperion
• 1 for Oracle Enterprise Manager Grid Control
• 4 for Oracle E-Business Suite
• 5 for Oracle Supply Chain Products
• 9 for Oracle PeopleSoft Products
• 7 for Oracle Siebel CRM
• 1 for Oracle Industry Applications
• 24 for Oracle Sun Products
• 6 for Oracle MySQL ..."
___
- http://h-online.com/-1644934
18 July 2012
:fear::fear:
Symantec updates/multiple vulns - 2012-07-23
FYI...
Symantec Two Products Insecure Library Loading vuln ...
- https://secunia.com/advisories/50033/
Release Date: 2012-07-23
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0305
... vulnerability is reported in the following products and versions:
* Symantec Backup Exec System Recovery 2010 prior to SP5
* Symantec System Recovery 2011 prior to SP2
Solution: Update to a fixed version.
Original Advisory: SYM12-012:
http://www.symantec.com/security_res...id=20120720_01
- http://support.microsoft.com/kb/932716#appliesto
Last Review: October 9, 2011 - Revision: 6.0
___
Symantec Web Gateway multiple vulns
- https://secunia.com/advisories/50031/
Release Date: 2012-07-23
Criticality level: Moderately critical
Impact: Security Bypass, Manipulation of data, System access
Where: From local network
CVE Reference(s): CVE-2012-2574, CVE-2012-2953, CVE-2012-2957, CVE-2012-2961, CVE-2012-2976, CVE-2012-2977
Solution: Apply Database Update 5.0.0.438.
Original Advisory: SYM12-011:
http://www.symantec.com/security_res...id=20120720_00
:fear::fear: