Информационная безопасность
[RU] switch to English


Переполнение буфера в ActiveX ActSoft DVD-Tools (buffer overflow)
дополнено с 16 февраля 2007 г.
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:7251
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера стековой памяти в методе OpenDVD в библиотеке dvdtools.ocx.
CVE:CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.)
Файлы:Exploits ActSoft DVD-Tools (dvdtools.ocx) Buffer Overflow
 ActSoft DVD-Tools (dvdtools.ocx) Buffer Overflow Exploit

Исчерпание ресурсов через mod_perl в Apache (resource exhaustion)
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:7516
Тип:библиотека
Уровень опасности:
5/10
Описание:Переменная PATH_INFO используется для составления регулярных выражений без комментирования специальных символов.
Затронутые продукты:APACHE : mod_perl 1.30
 APACHE : mod_perl 2.0
CVE:CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.)

Многочисленные проблемы с реализаций реверенсного протокола ISO в NetBSD
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:7517
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнения буфера во многих функциях.
Затронутые продукты:NETBSD : NetBSD 3.1
 NETBSD : NetBSD 4.0
CVE:CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function.)

DoS против ESRI ArcSDE
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:7518
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:ESRI : ArcSDE 8.3
 ESRI : ArcSDE 9.0
 ESRI : ArcSDE 9.1
CVE:CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:7519
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:JOOMLA : D4JeZine 2.8 module for Jumla
 XOOPS : Lykos Reviews 1.00 module for Xoops
 XOOPS : MyAds 2.03 module for Xoops
 XOOPS : Articles 1.02 module for Xoops
 XOOPS : Friendfinder 3.3 module for Xoops
CVE:CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.)
 CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote attackers to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) smarty_dir, and (5) filename parameters. NOTE: this issue might be related to CVE-2006-7105.)
 CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.)
 CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341.)
 CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter.)
 CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.)
 CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action.)
 CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.)
 CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.)
 CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.)
 CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.)
Оригинальный текстdocumentRaeD Hasadya, Remot File Include In Aardvark Topsites PHP 5 (01.04.2007)
 documentRaeD Hasadya, Remot File Include In Shop-SCRIPT FREE (01.04.2007)
 documentRaeD Hasadya, Remot File Include In SLAED_CMS_2 (01.04.2007)
Файлы:PHP-Fusion 'Calendar_Panel' Module (m_month) SQL Injection Exploit
 Joomla Component D4JeZine <= 2.8 Remote BLIND SQL Injection Exploit
 Xoops All Version -Articles- Print.PHP (ID) Blind SQL Injection Exploit And PoC
 XOOPS Module Lykos Reviews 1.00 (index.php) BLIND SQL Injection Exploit
 XOOPS Module Library (viewcat.php) BLIND SQL Injection Exploit
 XOOPS Module Core (viewcat.php) Remote BLIND SQL Injection Exploit
 XOOPS Module Tutoriais (viewcat.php) Remote BLIND SQL Injection Exploit
 XOOPS Module Repository (viewcat.php) BLIND SQL Injection Exploit
 Xoops Module MyAds Bug Fix <= v2.04jp (index.php cid) BLIND SQL Injection Exploit
 Xoops module Articles <= 1.02 (index.php cat_id) SQL Injection Exploit
 Xoops Module Friendfinder <= 3.3 (view.php id) BLIND SQL Injection Exploit

Повышение привилегий через Norton Personal Firewall / Norton Internet Security
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:7520
Тип:локальная
Уровень опасности:
5/10
Описание:Некорректная обработка параметров перехваченных функций.
Затронутые продукты:SYMANTEC : Norton Personal Firewall 2006
 SYMANTEC : Norton Internet Security 2006
CVE:CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions.)
Оригинальный текстdocumentMatousec - Transparent security Research, [Full-disclosure] Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability (01.04.2007)
Файлы:Testing program for Multiple insufficient argument validation of hooked SSDT function (BTP00000P002NF)

Переполнение буфера в Brightstor ArcServe Backup (buffer overflow)
дополнено с 8 декабря 2006 г.
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:6903
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера в службе обнаружения, в службе управления носителями, подсистеме обмена сообщениями.
Затронутые продукты:CA : Brightstor ARCserve Backup 11.1
 CA : BrightStor ARCserve Backup 10.5
 CA : BrightStor ARCserve Backup 9.01
 CA : Brightstor ARCserve Backup 11.5
 CA : CA Server Protection Suite 2
CVE:CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.)
 CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.)
 CVE-2007-14478
 CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.)
 CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.)
 CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.)
 CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.)
 CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.)
 CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.)
 CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.)
 CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.)
 CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.)
 CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.)
 CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.)
Оригинальный текстdocumentCA, CA BrightStor ARCserve Backup Mediasvr.exe vulnerability (01.04.2007)
 documentM. Shirk, CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability (30.03.2007)
 documentWINNY THOMAS, ARCserve msgeng.exe buffer overflow exploit (win2k SP4) (17.03.2007)
 documentWINNY THOMAS, ARCserve msgeng.exe buffer overflow exploit (win2k SP4) (17.03.2007)
 documentCA, [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities (17.03.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Resource Exhaustion CA Mobile BackupService (01.02.2007)
 documentNGS Software Insight Security Research, Remote DOS BrightStor ARCserve Backup for Laptops & Desktops (01.02.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops (01.02.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup (01.02.2007)
 documentCA, [Full-disclosure] [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities (24.01.2007)
 documentCA, [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities (12.01.2007)
 documentadvisories_(at)_lssec.com, LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability (12.01.2007)
 documentZDI, ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability (12.01.2007)
 documentZDI, ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability (12.01.2007)
 documentZDI, ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability (12.01.2007)
 documentadvisories_(at)_lssec.com, LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability (09.12.2006)
 documentadvisories_(at)_lssec.com, LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability (09.12.2006)
 documentCA, [CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability (08.12.2006)
Файлы:Remote exploit for CA brightstor tapeeng (win2k SP4)
 CA brightstor msgeng.exe heap overflow exploit (win2k SP0)
 Remote exploit for the CA BrightStor Arcserve stack overflow as
 ARCserve msgeng.exe buffer overflow exploit (win2k SP4)
 Computer Associates (CA) Brightstor Backup Mediasvr.exe Remote Code Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород