Today and Yesterday's NIST CVE Issuance's For Vulnerabilities In MediaWiki, Cerberus FTP Server, The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices, Lookout, AVG AntiVirus fo Android, Fail2Ban, i-GEN opLYNX and Microsoft IE | BOT24

Today and Yesterday's NIST CVE Issuance's For Vulnerabilities In MediaWiki, Cerberus FTP Server, The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices, Lookout, AVG AntiVirus fo Android, Fail2Ban, i-GEN opLYNX and Microsoft IE

Click on the underlined CVE for additional vuln specific info


CVE-2012-6453
Summary: Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.
Published: 12/31/2012
CVSS Severity: 4.3 (MEDIUM)
CVE-2012-6339
Summary: Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Manager component, and might allow (2) remote authenticated administrators to inject arbitrary web script or HTML via a Messages field to the servermanager program.
Published: 12/31/2012
CVSS Severity: 4.3 (MEDIUM)
CVE-2012-6337
Summary: The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
Published: 12/31/2012
CVSS Severity: 3.3 (LOW)
CVE-2012-6336
Summary: The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Published: 12/31/2012
CVSS Severity: 3.3 (LOW)
CVE-2012-6335
Summary: The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Published: 12/31/2012
CVSS Severity: 3.3 (LOW)
CVE-2012-6334
Summary: The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
Published: 12/31/2012
CVSS Severity: 2.9 (LOW)
CVE-2012-5642
Summary: server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.
Published: 12/31/2012
CVSS Severity: 7.5 (HIGH)
CVE-2012-4688
Summary: The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support.
Published: 12/31/2012
CVSS Severity: 7.5 (HIGH)
CVE-2012-4792
Summary: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Published: 12/30/2012
CVSS Severity: 6.8 (MEDIUM)


Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment