Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11704
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:ICINGA : Icinga 1.3
 NAGIOS : nagios 3.2
 ARSC : A Really Simple Chat 3.3
 ICINGA : Icinga 1.4
 POSTREV : Post Revolution 0.8
 RAILS : rails 2.3
 SERENDIPITY : serendipity_event_freetag 3.21
CVE:CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php.)
 CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element.)
 CVE-2011-1952 (common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence.)
 CVE-2011-1921 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.)
 CVE-2011-1783 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.)
 CVE-2011-1752 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.)
 CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.)
 CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2251-1] subversion security update (02.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2247-1] rails security update (02.06.2011)
 documentJavier Bassi, Post Revolution 0.8.0c Multiple Remote Vulnerabilities (02.06.2011)
 documentsschurtz_(at)_t-online.de, Cross-Site Scripting vulnerability in Icinga (02.06.2011)
 documentsschurtz_(at)_t-online.de, Cross-Site Scripting vulnerability in Nagios (02.06.2011)
 documentHigh-Tech Bridge Security Research, HTB22999: Multiple SQL Injections in A Really Simple Chat (ARSC) (02.06.2011)
 documentHigh-Tech Bridge Security Research, HTB22997: XSS in A Really Simple Chat (ARSC) (02.06.2011)

Межсайтовый скриптинг в CodeMeter
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11706
Тип:удаленная
Уровень опасности:
4/10
Описание:Межсайтовый скриптинг в интерфейсе Web-администрирования.
Оригинальный текстdocumentrobkraus_(at)_solutionary.com, CodeMeter WebAdmin Cross-site Scripting (XSS) Vulnerability (02.06.2011)

DoS против Jabber-сервера Citadel / Jabberd / ejabberd
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11705
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе данных XML.
Затронутые продукты:EJABBERD : ejabberd 2.1
 CITADEL : citadel 7.83
 JABBERD : jabberd 1.6
CVE:CVE-2011-1756 (modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
 CVE-2011-1754 (jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
 CVE-2011-1753 (expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2248-1] ejabberd security update (02.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2249-1] jabberd14 security update (02.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2250-1] citadel security update (02.06.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 30 мая 2011 г.
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11698
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:APACHE : Archiva 1.3
 APACHE : Archiva 1.4
 MAHARA : mahara 1.3
CVE:CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.)
 CVE-2011-1405 (Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.)
 CVE-2011-1404 (Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses.)
 CVE-2011-1403 (Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.)
 CVE-2011-1402 (Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.)
 CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.)
Оригинальный текстdocumentWalikarRiyazAD_(at)_microland.com, [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities (02.06.2011)
 documentWalikarRiyazAD_(at)_microland.com, [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities (02.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2246-1] mahara security update (30.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability (30.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability (30.05.2011)

Многочисленные уязвимости безопасности в Wireshark
дополнено с 16 мая 2011 г.
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11678
Тип:удаленная
Уровень опасности:
4/10
Описание:Многочисленные уязвимости при разборе файлов .pcap
CVE:CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.)
 CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.)
 CVE-2011-1590 (The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:105 ] wireshark (02.06.2011)
 documentMANDRIVA, [ MDVSA-2011:083 ] wireshark (16.05.2011)

Утечка информации в Gnome GDM
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11709
Тип:локальная
Уровень опасности:
5/10
Описание:При определенных условиях можно получить доступ к файлам через браузер.
CVE:CVE-2011-1709 (GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.)
Оригинальный текстdocumentUBUNTU, [USN-1142-1] GDM vulnerability (02.06.2011)

Уязвимости безопасности в IP-телефонах Cisco Unified IP Phones 7900
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11711
Тип:клиент
Уровень опасности:
5/10
Описание:Повышение привилегий, не проверяется сигнатура на загружаемых образах ПО.
Затронутые продукты:CISCO : Cisco 7900
CVE:CVE-2011-1637 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.)
 CVE-2011-1603 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815.)
 CVE-2011-1602 (The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series (02.06.2011)

Учетная запись по-умолчанию в Cisco Network Registrar
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11712
Тип:удаленная
Уровень опасности:
4/10
Описание:Пароль по-умолчанию для учетной записи администратора.
Затронутые продукты:CISCO : Cisco Network Registrar 7.1
CVE:CVE-2011-2024 (Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Default Credentials Vulnerability in Cisco Network Registrar (02.06.2011)

Учетная запись по-умолчанию в Cisco Media Experience Engine 5600
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11713
Тип:удаленная
Уровень опасности:
5/10
Описание:Стандартный пароль для учетной записи root.
Затронутые продукты:CISCO : Cisco 5600
CVE:CVE-2011-1623 (Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Default Credentials for root Account on the Cisco Media Experience Engine 5600 (02.06.2011)

Многочисленные уязвимости в ядре Linux
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11708
Описание:DoS условия в epoll(), повышение привилегий через tkill(), переполнение буфера в коде bluetooth.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.)
 CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.)
 CVE-2011-1182 (kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.)
 CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.)
 CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.)
 CVE-2011-1019 (The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability.)
Оригинальный текстdocumentUBUNTU, [USN-1141-1] Linux kernel vulnerabilities (02.06.2011)

Уязвимости безопасности в Cisco AnyConnect Secure Mobility Client
дополнено с 2 июня 2011 г.
Опубликовано:3 июня 2011 г.
Источник:
SecurityVulns ID:11710
Тип:клиент
Уровень опасности:
5/10
Описание:Локальное повышение привилегий, не проверяется подпись при загрузке компонентов приложения.
Затронутые продукты:CISCO : AnyConnect Secure Mobility Client 2.3
 CISCO : AnyConnect Secure Mobility Client 2.5
 CISCO : AnyConnect Secure Mobility Client 3.0
CVE:CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.)
 CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.)
 CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability (03.06.2011)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client (02.06.2011)

Переполнение буфера в IBM Tivoli Endpoint
дополнено с 2 июня 2011 г.
Опубликовано:7 июня 2011 г.
Источник:
SecurityVulns ID:11707
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера в lcfd.exe при разборе трафика TCP/9495.
CVE:CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.)
Оригинальный текстdocumentJeremy Brown, IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit (07.06.2011)
 documentZDI, ZDI-11-169: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability (02.06.2011)
Файлы:IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород