Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:3 апреля 2007 г.
Источник:
SecurityVulns ID:7522
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:2BGAL : 2BGal 3.1
 DIRECTADMIN : DirectAdmin 1.29
 MAPTOOLS : MapLab 2.2
 LAM : LDAP Account Manager 1.2
 HOLA : holaCMS 1.4
 MYBB : MyBulletinBoard 1.2
CVE:CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.)
 CVE-2007-1852 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used.)
 CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter.)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).)
 CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.)
Оригинальный текстdocumentSecurityAudit_(at)_majorsecurity.de, [MajorSecurity Advisory #37]HolaCMS - Cross Site Scripting Issue (03.04.2007)
 documentmufti.rizal_(at)_gmail.com, Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability (03.04.2007)
 documentKanedaaa Bohater, DirectAdmin persistant XSS [takeover an Administrator`s account] (03.04.2007)
 documentBorN To K!LL BorN To K!LL, 2BGal 3.1.1 <= (admin/index.php) Remote File Include Vulnerability (03.04.2007)
Файлы:MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit

Несанкционированный доступ к HP OpenView Network Node Manager (unauthorized access)
Опубликовано:3 апреля 2007 г.
Источник:
SecurityVulns ID:7523
Тип:удаленная
Уровень опасности:
6/10
Затронутые продукты:HP : OpenView Network Node Manager 7.50
 HP : OpenView Network Node Manager 7.51
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02198 SSRT061177 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Access (03.04.2007)

Переполнение буфера в ImageMagic (buffer overflow)
Опубликовано:3 апреля 2007 г.
Источник:
SecurityVulns ID:7525
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера при обработке изображений DCM и XWD.
Затронутые продукты:IMAGEMAGIC : ImageMagick 6.3
CVE:CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 03.31.07: Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities (03.04.2007)

Многочисленные уязвимости в HP Mercury Quality Center (multiple bugs)
дополнено с 3 апреля 2007 г.
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7524
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера в ActiveX-элементе, внедрение SQL.
Затронутые продукты:HP : Mercury Quality Center 9.0
CVE:CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.)
 CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution (13.04.2007)
 documentIsma Khan, [Full-disclosure] HP Mercury Quality Center Any SQL execution (03.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability (03.04.2007)
Файлы:POC exploit for Mercury Quality Center Spider90.ocx ProgColor Overflow
 HP Mercury Quality Center runQuery exploit

Многочисленные уязвимости в Tivoli Provisioning Manager for OS Deployment (multiple bugs)
дополнено с 3 апреля 2007 г.
Опубликовано:4 мая 2007 г.
Источник:
SecurityVulns ID:7526
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости при обработке запросов POST HTTP.
Затронутые продукты:IBM : Tivoli Provisioning Manager for OS Deployment 5.1
CVE:CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.)
Оригинальный текстdocumentZDI, TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities (04.05.2007)
 documentIDEFENSE, iDefense Security Advisory 03.31.07: IBM Tivoli Provisioning Manager for OS Deployment Multiple Vulnerabilities (03.04.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород