 |
EMC Documentum xPlore Information Disclosure Vulnerability
updated: 5-Feb-12
EMC Documentum xPlore contains an information disclosure vulnerability that may allow unauthorized users, under certain circumstances, to see certain information on protected objects in an xPlore search result. They will not, however, be allowed to view the objects themselves, or any associated content.
EMC Documentum xPlore 1.2 and prior are affected. Install the hotfix from vendor.
HP Operations Manager & Others Remote Code Execution
updated: 5-Feb-12
A potential security vulnerability has been identified with HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, and Performance Manager. The vulnerability can be remotely exploited to execute arbitrary code.
Install the fix from HP.
HP Data Protector Media Operations, Remote Execution of Arbitrary Code
updated: 5-Feb-12
A potential security vulnerability has been identified with HP Data Protector Media Operations. This vulnerability could be remotely exploited to allow execution of arbitrary code.
HP Data Protector Media Operations version 6.11 and earlier, running on Windows platform (2003, XP, 2008). Install the fix from HP.
OS X Lion v10.7.3 and Security Update 2012-001
updated: 5-Feb-12
Multiple vulnerabilities were reported on MAC OS X. Install the fix from Apple.
Reference
http://support.apple.com/kb/HT1222
Multiple Vulnerabilities in Bugzilla
updated: 5-Feb-12
Account impersonation and cross site request forgery vulnerabilities were found on Bugzilla.
When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user account.
A CSRF vulnerability in the implementation of the JSON-RPC API could be used to make changes to bugs or execute some admin tasks without the victim's knowledge.
Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14 are affected. Upgrade to the latest version.
802.1X password exploit on many HTC Android devices
updated: 5-Feb-12
There is an issue in certain HTC builds of Android that can expose the user's 802.1X password to any program with the "android.permission.ACCESS_WIFI_STATE" permission. When paired with the "android.permission.INTERNET" permission, an app could easily send user names and passwords to a remote server for collection. In addition, if the SSID is an identifiable SSID ("Sample University" or "Enterprise XYZ"), this issue exposes enterprise-privileged credentials in a manner that allows targeted exploitation.
HP-UX Running System Administration Manager Local Increase in Privilege
updated: 5-Feb-12
A potential security vulnerability has been identified with HP-UX running SAM. This vulnerability could be locally exploited to create an increase in privilege.
HP-UX 11.11 running EMS prior to A.04.20.11.06, HP-UX 11.23 running EMS prior to A.04.20.23.07 and HP-UX 11.31 running EMS prior to A.04.20.31.08 are affected. Install the fix from HP.
IBM SPSS mraboutb.dll ActiveX Control SetLicenseInfoEx Method Remote Code Execution
updated: 5-Feb-12
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.
Install the fix from IBM.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-12-019
http://www-01.ibm.com/support/docview.wss?uid=swg21577956
|
|
