Информационная безопасность
[RU] switch to English


Многочисленные ошибки в PHP (multiple bugs)
дополнено с 27 февраля 2002 г.
Опубликовано:4 марта 2007 г.
Источник:
SecurityVulns ID:1818
Тип:локальная
Уровень опасности:
6/10
Описание:Переполнения буфера, целочисленные переполнения, DoS, межсайтовый скриптинг.
Затронутые продукты:PHP : PHP 3.10
 PHP : PHP 4.0
 PHP : PHP 4.2
 PHP : PHP 4.3
 PHP : PHP 4.4
CVE:CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.)
 CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment.")
Оригинальный текстdocumentPHP-SECURITY, MOPB-08-2007:PHP 4 phpinfo() XSS Vulnerability (Deja-vu) (04.03.2007)
 documentsilent needel, PHP XSS exploit in phpinfo() (05.06.2003)
 documentSverre H. Huseby, PHP Trans SID XSS (Was: New php release with security fixes) (02.06.2003)
 documentPHP, PHP 4.3.2 released (30.05.2003)
 documentX-FORCE, ISS Brief: Remote Compromise and Denial of Service Vulnerability in PHP (23.07.2002)
 documentCERT, Advisory CA-2002-21 Vulnerability in PHP (23.07.2002)
 documentMatthew Murphy, PHP Resource Exhaustion Denial of Service (23.07.2002)
 documentPHP, Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 (22.07.2002)
 documentsecurity_(at)_e-matters.de, Advisory 02/2002: PHP remote vulnerability (22.07.2002)
 documentsecurity_(at)_e-matters.de, Advisory 012002: PHP remote vulnerabilities (28.02.2002)
 documentCERT, Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload (28.02.2002)
 documentX-FORCE, Multiple PHP Vulnerabilities - Remote Compromise Exploit in Circulation (27.02.2002)
Файлы:Apache+php Proof of Concept Exploit
 x86/linux mod_php v4.0.2rc1-v4.0.5 remote exploit
 Apache PHP DoS
 PHP 4 - phpinfo() XSS Testcase

Переполнение буфера через WDDX в PHP (buffer overflow)
Опубликовано:4 марта 2007 г.
Источник:
SecurityVulns ID:7342
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе некорректного пакета WDDX.
Оригинальный текстdocumentPHP-SECURITY, MOPB-09-2007:PHP wddx_deserialize() String Append Buffer Overflow Vulnerability (04.03.2007)
Файлы:PHP - wddx_deserialize() Crash Exploit

Многочисленные локальные повышения привилегий в Zend (multiple bugs)
Опубликовано:4 марта 2007 г.
Источник:
SecurityVulns ID:7343
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на различные файлы и утилиты.
Затронутые продукты:ZEND : Zend Platform 2.2
CVE:CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.)
 CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.)
Оригинальный текстdocumentPHP-SECURITY, BONUS-06-2007:Zend Platform Insecure File Permission Local Root Vulnerability (04.03.2007)
 documentPHP-SECURITY, BONUS-07-2007:Zend Platform ini_modifier Local Root Vulnerability (04.03.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:4 марта 2007 г.
Источник:
SecurityVulns ID:7345
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:DOCEBO : Docebo CMS 3.0
 RPS : Rigter Portal System 6.2
 NEWSLETTERMAN : News-Letterman 1.1
 AJSQUARE : AJDating 1.0
 AJSQUARE : AJ Classifieds 1.0
 AJSQUARE : AJ Forum 1.0
 AJSQUARE : AJ Auction
 CONTELLIGENT : Contelligent 9.1
 AUDINS : Audiens 3.3
CVE:CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.)
 CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.)
 CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.)
 CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.)
 CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.)
 CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.)
 CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.)
 CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Файлы:RPS 6.2 SQL Injection Exploit
 News-Letterman 1.1 (eintrag.php) Remote File Include Exploit
 AJ Auction All Version (subcat.php) Remote BLIND SQL Injection Exploit
 AJDating 1.0 (view_profile.php) Remote BLIND SQL Injection Exploit
 ajclassifiedsex.html
 AJ Forum 1.0 (topic_title.php) Remote BLIND SQL Injection Exploit
 Docebo Multiple Cross-Site Scripting Vulnerabilities

DoS против Symantec MailSecurity
Опубликовано:4 марта 2007 г.
Источник:
SecurityVulns ID:7346
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при разборе заголовков письма.
Затронутые продукты:SYMANTEC : Symantec Mail Security for SMTP 5.0
CVE:CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.)

Переполнение буфера в ПО 3D моделирования Blender (buffer overflow)
дополнено с 21 декабря 2005 г.
Опубликовано:4 марта 2007 г.
Источник:
SecurityVulns ID:5558
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файлов .blend, .kml, .kmz.
Затронутые продукты:BLENDER : blender 2.40
 BLENDER : blender 2.42
CVE:CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.)
Оригинальный текстdocumentDamian Put, [Overflow.pl] Blender BlenLoader Integer Overflow (21.12.2005)

DoS через SIP против Asterisk PBX
дополнено с 4 марта 2007 г.
Опубликовано:22 марта 2007 г.
Источник:
SecurityVulns ID:7344
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ приложения на разборе некорректного SIP-пакета.
Затронутые продукты:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
CVE:CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.)
 CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.)
 CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.)
 CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.)
Оригинальный текстdocumentMatt Riddell (IT), Two new DoS Vulnerabilities in Asterisk Fixed (22.03.2007)
 documentRadu State, [Full-disclosure] Asterisk SDP DOS vulnerability (19.03.2007)
 documentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200703-01] Remote DOS in Asterisk SIP (09.03.2007)
 documentAnonymous Person, [Full-disclosure] asterisk remote pre-auth denial of service (04.03.2007)
Файлы:Exploits Asterisk SIP DoS vulnerability
 Exploits Asterisk INVITE SIP message DoS

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород