Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:20 апреля 2009 г.
Источник:
SecurityVulns ID:9858
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:LCMS : LittleCMS 1.18
 CLANTIGER : ClanTiger 1.1
 MLECSPHP : Multi-lingual E-Commerce System 0.2
 SUNGARD : Banner Student System 7.4
 WYSGUI : WysGui CMS 1.2
 CREASITO : creasito e-commerce content manager 1.3
CVE:CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles.")
 CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.)
 CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
 CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.)
Оригинальный текстdocumentSalvatore "drosophila" Fresta, Creasito e-commerce content manager Authentication Bypass (20.04.2009)
 documenty3nh4ck3r_(at)_gmail.com, Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI--> (20.04.2009)
 documenty3nh4ck3r_(at)_gmail.com, WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit--> (20.04.2009)
 documentreportback_(at)_readthepost.com, Sungard Banner System XSS (20.04.2009)
 documentSalvatore "drosophila" Fresta, Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities (20.04.2009)
 documenty3nh4ck3r_(at)_gmail.com, CLAN TIGER CMS 1.1.1 (AUTH BYPASS) SQL-INJECTION (20.04.2009)
 documentGENTOO, [ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities (20.04.2009)
Файлы:Exploits WysGui CMS 1.2 BETA(cookie) BSQL

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород