Информационная безопасность
[RU] switch to English


Повышение привилегий в NoMachine NX Server (privilege escalation)
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7150
Тип:локальная
Уровень опасности:
5/10
Описание:nxconfigure.sh не проверяет вызывающего пользвоателя, позволяя модифицировать параметры файла конфигурации.
Затронутые продукты:NOMACHINE : NX Server 2.1
CVE:CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7151
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:EASYMOBLOG : EasyMoblog 0.5
 UPLOADSERVICE : Upload Service 1.0
 flip : flip 1.0
 FORUMLIVRE : Forum Livre 1.0
 JOOMLA : RS Gallery2 component 1.11 for Joomla!
 VISOHOTLINK : VisoHotlink 1.01
 POSTNUKE : PostNuke 0.764
 DOCMAN : DocMan 1.3
 JOOMLA : Letterman 1.2 component for Joomla!
 INDEXU : INDEXU 5.3
 FRESHREADER : FreshReader 1.0
 PWP : Portail Web php 2.5
 DOTNETNUKE : IFrame module 03.02 for DotNetNuke
 MUDDYDOGPAWS : FileDownload snippet 2.5 for MODx
 DRUPAL : Textimage module 4.7 for Drupal
 DRUPAL : Captcha module 4.7 for Drupal
CVE:CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.)
 CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.)
 CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.)
 CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.)
 CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.)
 CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values.")
 CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.)
 CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.)
 CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php.)
 CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.)
 CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp.)
 CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.)
 CVE-2007-0489 (PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.)
 CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.)
 CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug.")
 CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.)
 CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions.)
 CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.)
 CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the )
 CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.)
 CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047.)
 CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code.)
Оригинальный текстdocumenttal argoni, [Full-disclosure] Remote Sql Injection in EasyMoblog 0.5.1 (02.02.2007)
 documenttal argoni, [Full-disclosure] Xss Vulnerability in EasyMoblog 0.5.1 (02.02.2007)
 documenttal argoni, [Full-disclosure] Remote Sql Injection in EasyMoblog 0.5.1 # 2 (02.02.2007)
 documentlaurent gaffié, php web portail [remote file include & local file include] (02.02.2007)

Многочисленные уязвимости в ядре Linux (multiple bugs)
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7152
Тип:локальная
Уровень опасности:
5/10
Описание:Многочисленные DoS условия при обработке системных вызовов.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.)
 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.)
 CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.)

Многочисленные уязвимости в Symantec Web Security (multiple bugs)
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7153
Тип:удаленная
Уровень опасности:
5/10
Описание:Высокая загрузка процессора при загрузке большого файла. Межсайтовый скриптинг.
Затронутые продукты:SYMANTEC : Symantec Web Security 3.0
CVE:CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.)
 CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.)

Многочисленные переполнения буфера в Mini Web Server (buffer overflow)
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7154
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:MINIWEBCVR : Mini Web server 0.04
CVE:CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.)

Многочисленные уязвимости в продуктах Hitachi (multiple bugs)
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7155
Тип:удаленная
Уровень опасности:
6/10
CVE:CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data.)
 CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.)
 CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data.)
 CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port.)

Многочисленные уязвимости в rMake и rPath Linux
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7156
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:RMAKE : RMake 1.0
CVE:CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.)
 CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.)

Многочисленные уязвимости в BEA WebLogic / AquaLogic (multiple bugs)
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7157
Тип:удаленная
Уровень опасности:
6/10
Затронутые продукты:BEA : Weblogic 7.0
 BEA : Weblogic 8.1
 BEA : Weblogic 9.0
 BEA : AquaLogic Enterprise Security 2.0
 BEA : AquaLogic Enterprise Security 2.1
 BEA : AquaLogic Enterprise Security 2.2
 BEA : JRockit 1.4
 ORACLE : WebLogic Portal 9.2
 BEA : WebLogic 9.1
 BEA : WebLogic 9.2
CVE:CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.)
 CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.)
 CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.)
 CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.)
 CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow.)
 CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.)
 CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.)
 CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.)
 CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.)
 CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.)
 CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).)
 CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.)
 CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.)
 CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.)

Несанкционированный доступ через Intel Enterprise Southbridge 2 Baseboard Management Controller (unauthorized access)
Опубликовано:2 февраля 2007 г.
Источник:
SecurityVulns ID:7158
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно подключиться к управляющему модулю материнской платы без аутентификации и выполнить команды IPMI.
Затронутые продукты:INTEL : 5000XAL
 INTEL : S5000PAL
 INTEL : S5000PSL
 INTEL : S5000XVN
 INTEL : S5000VCL
 INTEL : S5000VSA
 INTEL : SC5400RA
CVE:CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service.)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород