Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в протоколе и реализации стеков Bluetooth
Опубликовано:5 января 2007 г.
Источник:
SecurityVulns ID:6999
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнения буфера, слабые алгоритмы аутентификации, слабые алгоритмы генерации псевдо-случайных чисел, обратный путь в директории и т.п.
Затронутые продукты:WIDCOMM : BTStackServer 1.3
 WIDCOMM : BTStackServer 1.4
 WIDCOMM : BTW 4.0
Файлы:BTCrack v1.0 - Pin and Link key cracker
 HIDattack - Attack Bluetooth VNC style
 Bluetooth Hacking revisited

Переполнение буфера в Crystal Reports (buffer overflow)
Опубликовано:5 января 2007 г.
Источник:
SecurityVulns ID:7002
Тип:клиент
Уровень опасности:
5/10
Описание:переполнение буфера при разборе файлов .RPT.
Затронутые продукты:BUSYNESSOBJECTS : Crystal Reports 11.0
Оригинальный текстdocumentadvisories_(at)_lssec.com, LS-20061102 - Business Objects Crystal Reports XI Professional Stack Overflow Vulnerability (05.01.2007)

Небезопасная реализация клиента Perforce (insecure design)
Опубликовано:5 января 2007 г.
Источник:
SecurityVulns ID:7003
Тип:клиент
Уровень опасности:
5/10
Описание:Клиент выполняет любые команды сервера.
CVE:CVE-2007-0100 (The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.)
Оригинальный текстdocumentBen Bucksch, Perforce client: security hole by design (05.01.2007)

Кратковременные условия во многих браузерах (race conditions)
дополнено с 18 августа 2006 г.
Опубликовано:5 января 2007 г.
Источник:
SecurityVulns ID:6519
Тип:клиент
Уровень опасности:
6/10
Описание:Существуют различные условия, связанные с межпотоковой синхронизацией, которые приводят к повреждению памяти, когда несколько событий происходят одновременно.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 NETSCAPE : Netscape 8.1
 MOZILLA : Firefox 1.5
 KMELEON : K-Meleon 1.0
 MICROSOFT : Windows Vista
CVE:CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger null pointer dereferences or memory corruption.)
Оригинальный текстdocumentMichal Zalewski, Concurrency strikes MSIE (potentially exploitable msxml3 flaws) (05.01.2007)
 documentJuha-Matti Laurio, Flock Concurrency-related Memory Corruption Vulnerability (21.08.2006)
 documentJuha-Matti Laurio, Netscape Concurrency-related Memory Corruption Vulnerability (21.08.2006)
 documentJuha-Matti Laurio, K-Meleon Concurrency-related Vulnerability (21.08.2006)
 documentMichal Zalewski, Re: Concurrency-related vulnerabilities in browsers - expect problems (18.08.2006)
 documentMichal Zalewski, Concurrency-related vulnerabilities in browsers - expect problems (18.08.2006)

Переполнение буфера в Power Archiver (buffer overflow)
Опубликовано:5 января 2007 г.
Источник:
SecurityVulns ID:7000
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файлов .ISO.
Затронутые продукты:POWERARCHIVER : PowerArchiver 9.64
CVE:CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.)
Оригинальный текстdocumentTAN Chew Keong, [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability (05.01.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:5 января 2007 г.
Источник:
SecurityVulns ID:7001
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:DRUPAL : Drupal 4.6
 DRUPAL : Drupal 4.7
 CMSMADESIMPLE : CMS Made Simple 1.0
 APPLE : iLife 06
 Spine : Spine 1.2
 OVBB : OvBB 0.14
 JAMWIKI : JAMWiki 0.4
 SERENEBACH : Serene Bach 2.05
 SERENEBACH : Serene Bach 2.08
 SERENEBACH : Serene Bach sb 1.13
 SERENEBACH : Serene Bach sb 1.18
 IG : ig Calendar 1.0
 IG : ig Shop 1.0
 ARATIX : Aratix 0.2
 DIGIAPPZ : Digirez 3.4
CVE:CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.)
 CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.)
 CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.)
 CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.)
 CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.)
 CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.)
 CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.)
Оригинальный текстdocumentnuffsaid, Aratix <= 0.2.2b11 (inc/init.inc.php) Remote File Include Vulnerability (05.01.2007)
 documentMichael Brooks, iG Shop 1.0 Multiple Remote Vulnerabilities (05.01.2007)
 documentMichael Brooks, SQL Injection in ig-Calendar (05.01.2007)
 documentSECUNIA, [SA23634] JAMWiki User Permission Security Issue (05.01.2007)
 documentSECUNIA, [SA23623] Serene Bach Unspecified Cross-Site Scripting Vulnerability (05.01.2007)
 documentSECUNIA, [SA23484] OvBB Script Insertion Vulnerability (05.01.2007)
 documentSECUNIA, [SA23537] SPINE Cross-Site Request Forgery Vulnerability (05.01.2007)
 documentUwe Hermann, [Full-disclosure] [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue (05.01.2007)
 documentUwe Hermann, [Full-disclosure] [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue (05.01.2007)
 documentKevin Finisterre, DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' (05.01.2007)
 documentnanoymaster_(at)_gmail.com, CMS Made Simple non-permanent XSS (05.01.2007)
 documentnanoymaster_(at)_gmail.com, CMS Made Simple non-permanent XSS (05.01.2007)
 documentkadaj-diabolik_(at)_hotmail.fr, Wordpress <= 2.x dictionnary & Bruteforce attack (05.01.2007)
 documentinfo_(at)_burnhead.it, MkPortal "All Guests are Admin" Exploit (05.01.2007)
Файлы:Wordpress <= 2.x dictionnary & Bruteforce attack
 DigiRez <= V3.4 (book_id) Remote BLIND SQL Injection Exploit
 iLife iPhoto Photocast (XML title) Remote Format String PoC

Повышение привилегий через vga в OpenBSD (privilege escalation)
дополнено с 5 января 2007 г.
Опубликовано:8 января 2007 г.
Источник:
SecurityVulns ID:7004
Тип:локальная
Уровень опасности:
7/10
Описание:Системный вызов vga_ioctl() позволяет выполнить код в контексте ядра.
Затронутые продукты:OPENBSD : OpenBSD 3.9
 OPENBSD : OpenBSD 4.0
CVE:CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.)
Оригинальный текстdocumentSECUNIA, [SA23608] OpenBSD "vga" Privilege Escalation Vulnerability (05.01.2007)
Файлы:OpenBSD 3.x-4.0 vga_ioctl() root exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород