 |
|
|
|
| Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl) | | Опубликовано: |  | 20 апреля 2009 г. | | Источник: |  | BUGTRAQ | | SecurityVulns ID: |  | 9858 | | Тип: |  | удаленная | | Опасность: |  | 5/10 | | Описание: |  | Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д. |
| Затронутые продукты: |  | LCMS : LittleCMS 1.18 | | | | CLANTIGER : ClanTiger 1.1 | | | | MLECSPHP : Multi-lingual E-Commerce System 0.2 | | | | SUNGARD : Banner Student System 7.4 | | | | WYSGUI : WysGui CMS 1.2 | | | | CREASITO : creasito e-commerce content manager 1.3 | | CVE: |  | CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles.") | | | | CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.) | | | | CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.) | | | | CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.) |
|
|
|
|
|
|
|
|
