| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 07 Jan 2012 18:25:49 +0100 From: Peter Osterberg <j@....nu> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: OP5 Monitor - Multiple Vulnerabilities Link to full advisory: http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf Vendor's official statement: http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ Remote root command execution (non-authenticated) ================================================= CVSS: 10 CVE: CVE-2012-0261 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0261 OSVDB: http://osvdb.org/show/osvdb/78064 Secunia: http://secunia.com/advisories/47417/ Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 Remote root command execution (non-authenticated) ================================================= CVSS: 10 CVE: CVE-2012-0262 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0262 OSVDB: http://osvdb.org/show/osvdb/78065 Secunia: http://secunia.com/advisories/47417/ Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 Credentials leaked in detailed error message (authenticated) ============================================================ CVSS: 1.4 CVE: CVE-2012-0263 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0263 Versions: 5.3.5, 5.4.0, 5.4.2 Poor session management in the web application (non-authenticated) ================================================================== CVSS: 4.7 CVE: CVE-2012-0264 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0264 Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists