Информационная безопасность
[RU] switch to English


Ошибка форматной строки в silc
Опубликовано:4 сентября 2009 г.
Источник:
SecurityVulns ID:10204
Тип:библиотека
Уровень опасности:
5/10
Описание:Многочисленные ошибки форматной строки при разборе различных сообщений.
Затронутые продукты:SILC : silc 1.1
CVE:CVE-2009-3051 (Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1879-1] New silc-client/silc-toolkit packages fix arbitrary code execution (04.09.2009)

Выполнение кода в Adobe Acrobat / Reader
дополнено с 21 февраля 2009 г.
Опубликовано:4 сентября 2009 г.
Источник:
SecurityVulns ID:9687
Тип:клиент
Уровень опасности:
8/10
Описание:Уязвимость используется для скрытой установки кода в систему. рекомендуется отключить просмотр PDF-документов в браузере и выполнение Javascript внутри PDF. Переполнение буфера в JBIG2, переполнение буфера в функции getIcon() JavaScript.
Затронутые продукты:ADOBE : Reader 8.1
 ADOBE : Acrobat 8.1
 ADOBE : Reader 9.0
 ADOBE : Acrobat 9.0
 ADOBE : Acrobat 7.1
 ADOBE : Reader 7.1
 ADOBE : Reader 9.1
CVE:CVE-2009-1857 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.)
 CVE-2009-1856 (Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow.)
 CVE-2009-1855 (Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.)
 CVE-2009-0927 (Unspecified vulnerability in Adobe Reader and Adobe Acrobat 9.1 and 7.1.1 allows remote attackers to execute arbitrary code via unknown vectors related to a JavaScript method and input validation, a different vulnerability than CVE-2009-0658.)
 CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.)
 CVE-2009-0509 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption.)
 CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.)
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.)
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.)
Оригинальный текстdocumentIván Rodriguez Almuiña, Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Exploit and Report (CVE-2009-0927) (04.09.2009)
 documentZDI, ZDI-09-042: Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability (14.06.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability (14.06.2009)
 documentIDEFENSE, iDefense Security Advisory 06.11.09: Adobe Reader and Acrobat FlateDecode Integer Overflow Vulnerability (14.06.2009)
 documentVUPEN Security Research, VUPEN Security - Adobe Acrobat and Reader JBIG2 Filter Heap Overflow Vulnerability (14.06.2009)
 documentSECUNIA, Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow (11.06.2009)
 documentiViZ Security Advisories, [Full-disclosure] [IVIZ-09-001] Adobe Acrobat Reader Memory Corruption Vulnerability (26.03.2009)
 documentSECUNIA, Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow (25.03.2009)
 documentZDI, ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability (25.03.2009)
 documentIDEFENSE, iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability (25.03.2009)
 documentADOBE, Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat (21.02.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-051A -- Adobe Acrobat and Reader Vulnerability (21.02.2009)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:4 сентября 2009 г.
Источник:
SecurityVulns ID:10202
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JOOMLA : ALFcontact 1.8 for Joomla
 JOOMLA : ALFcontact 1.9 for Joomla
 DVBBS : DVBBS 2.0
Оригинальный текстdocumentinfo_(at)_securitylab.ir, DvBBS v2.0(PHP) boardrule.php Sql injection (04.09.2009)
 documentMustLive, Cross-Site Scripting vulnerabilities in ALFcontact for Joomla (04.09.2009)
 documentostoure.sazan_(at)_gmail.com, New Bug Found By Ostoure Sazan Sharif (04.09.2009)

DoS против Asterisk через IAX2
Опубликовано:4 сентября 2009 г.
Источник:
SecurityVulns ID:10203
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание ресурсов 15-битного номера звонка.
Затронутые продукты:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
CVE:CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.)
Оригинальный текстdocumentASTERISK, AST-2009-006: IAX2 Call Number Resource Exhaustion (04.09.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород