JVN Info.

Id
44252  
Name
JVNDB-2009-005259  
Title
Drupal 用の Insert Node モジュールにおけるクロスサイトスクリプティングの脆弱性  
Summary
Drupal 用の Insert Node モジュールには、クロスサイトスクリプティングの脆弱性が存在します。  
Nvdinfo
CVE-2009-4518  
Cvssv2
4.3  
Jvnurl
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005259.html  
Published Date
2009-10-28  
Registered Date
2012-09-25  
Last Updated Date
2012-09-25  

Actions

Related Nessuslogs

Id Log ID Jvninfo Id Plugin ID CVE CVSS Risk Host Protocol Port Name Synopsis Description Solution See Also Plugin Output Actions
51149 H28_MUN_DWEB_Q4_172_16_240_seg.csv 44252 59447 CVE-2012-2450 9 High 172.16.240.115 tcp 0 VMSA-2012-0009 : ESXi and ESX patches address critical security issues (uncredentialed check) The remote VMware ESX/ESXi host is affected by multiple security vulnerabilities. The remote VMware ESX/ESXi host is affected by the following security vulnerabilities : - ESX NFS traffic parsing vulnerability: Due to a flaw in the handling of NFS traffic, it is possible to overwrite memory. This vulnerability may allow a user with access to the network to execute code on the ESXi/ESX host without authentication. The issue is not present in cases where there is no NFS traffic. (CVE-2012-2448) - VMware floppy device out-of-bounds memory write: Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host. As a workaround, remove the virtual floppy drive from the list of virtual IO devices. The VMware hardening guides recommend removing unused virtual IO devices in general. Additionally, do not allow untrusted root users in your virtual machines. Root or Administrator level permissions are required to exploit this issue. (CVE-2012-2449) - VMware SCSI device unchecked memory write: Due to a flaw in the SCSI device registration it is possible to perform an unchecked write into memory. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host. As a workaround, remove the virtual SCSI controller from the list of virtual IO devices. The VMware hardening guides recommend removing unused virtual IO devices in general. Additionally, do not allow untrusted root users access to your virtual machines. Root or Administrator level permissions are required to exploit this issue. (CVE-2012-2450) Apply the missing patches. http://www.vmware.com/security/advisories/VMSA-2012-0009.html http://lists.vmware.com/pipermail/security-announce/2012/000175.html ESX version : ESX 4.0 ESX release : VMware ESX 4.0.0 build-208167 Installed build : 208167 Fixed build : 702116
51185 H28_MUN_DWEB_Q4_172_16_240_seg.csv 44252 89035 CVE-2012-2450 9 High 172.16.240.115 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0009) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - Multiple privilege escalation vulnerabilities exist due to improper handling of RPC commands. A local attacker (guest user) can exploit these to manipulate data and function pointers, resulting in a denial of service condition or the execution of arbitrary code on the host OS. (CVE-2012-1516, CVE-2012-1517) - A remote code execution vulnerability exists due to improper sanitization of user-supplied input when parsing NFS traffic. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2012-2448) - Multiple privilege escalation vulnerabilities exist due to an error that occurs in virtual floppy devices and SCSI devices. A local attacker (guest user) can exploit these to cause an out-of-bounds write error, resulting in a denial of service condition or the execution of arbitrary code on the host OS. (CVE-2012-2449, CVE-2012-2450) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0. http://www.vmware.com/security/advisories/VMSA-2012-0009.html ESX version : ESX 4.0 Installed build : 208167 Fixed build : 702116
56729 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 44252 59447 CVE-2012-2450 9 High 172.16.240.115 tcp 0 VMSA-2012-0009 : ESXi and ESX patches address critical security issues (uncredentialed check) The remote VMware ESX/ESXi host is affected by multiple security vulnerabilities. The remote VMware ESX/ESXi host is affected by the following security vulnerabilities : - ESX NFS traffic parsing vulnerability: Due to a flaw in the handling of NFS traffic, it is possible to overwrite memory. This vulnerability may allow a user with access to the network to execute code on the ESXi/ESX host without authentication. The issue is not present in cases where there is no NFS traffic. (CVE-2012-2448) - VMware floppy device out-of-bounds memory write: Due to a flaw in the virtual floppy configuration it is possible to perform an out-of-bounds memory write. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host. As a workaround, remove the virtual floppy drive from the list of virtual IO devices. The VMware hardening guides recommend removing unused virtual IO devices in general. Additionally, do not allow untrusted root users in your virtual machines. Root or Administrator level permissions are required to exploit this issue. (CVE-2012-2449) - VMware SCSI device unchecked memory write: Due to a flaw in the SCSI device registration it is possible to perform an unchecked write into memory. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host. As a workaround, remove the virtual SCSI controller from the list of virtual IO devices. The VMware hardening guides recommend removing unused virtual IO devices in general. Additionally, do not allow untrusted root users access to your virtual machines. Root or Administrator level permissions are required to exploit this issue. (CVE-2012-2450) Apply the missing patches. http://www.vmware.com/security/advisories/VMSA-2012-0009.html http://lists.vmware.com/pipermail/security-announce/2012/000175.html ESX version : ESX 4.0 ESX release : VMware ESX 4.0.0 build-208167 Installed build : 208167 Fixed build : 702116
56766 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 44252 89035 CVE-2012-2450 9 High 172.16.240.115 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0009) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - Multiple privilege escalation vulnerabilities exist due to improper handling of RPC commands. A local attacker (guest user) can exploit these to manipulate data and function pointers, resulting in a denial of service condition or the execution of arbitrary code on the host OS. (CVE-2012-1516, CVE-2012-1517) - A remote code execution vulnerability exists due to improper sanitization of user-supplied input when parsing NFS traffic. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code. (CVE-2012-2448) - Multiple privilege escalation vulnerabilities exist due to an error that occurs in virtual floppy devices and SCSI devices. A local attacker (guest user) can exploit these to cause an out-of-bounds write error, resulting in a denial of service condition or the execution of arbitrary code on the host OS. (CVE-2012-2449, CVE-2012-2450) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0. http://www.vmware.com/security/advisories/VMSA-2012-0009.html ESX version : ESX 4.0 Installed build : 208167 Fixed build : 702116