Информационная безопасность
[RU] switch to English


Переполнение буфера в Eudora WorldMail (buffer overflow)
Опубликовано:6 января 2007 г.
Источник:
SecurityVulns ID:7007
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в интерфейсе удаленного управления (TCP/106).
Затронутые продукты:QUALCOMM : Eudora WorldMail 3.1
Оригинальный текстdocumentZDI, ZDI-07-001: QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability (06.01.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:6 января 2007 г.
Источник:
SecurityVulns ID:7008
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:COPPERMINE : Coppermine Photo Gallery 1.4
 WORDPRESS : WordPress 2.0
 FLOG : FLog 1.1
 EDITTAG : EditTag 1.2
 RIBLOG : RI Blog 1.3
 UBERUPLOADER : Uber Uploader 4.2
CVE:CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.)
 CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.)
 CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.)
 CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.)
 CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.)
 CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.)
 CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.)
 CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.)
Оригинальный текстdocumentinfo_(at)_burnhead.it, MkPortal Admin XSS (06.01.2007)
 documentnull_hack_(at)_yahoo.com, Uber Uploader 4.2 Arbitrary File Upload Vulnerability (06.01.2007)
 documentAdvisory_(at)_Aria-Security.net, Intranet Open Source Remote Password Disclosure "intranet.mdb" (06.01.2007)
 documentStefan Esser, Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability (06.01.2007)
 documentShaFuq31_(at)_HoTMaiL.CoM, RI Blog 1.3 XSS Vuln. (06.01.2007)
 documentStefan Esser, Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability (06.01.2007)
 documentnj_(at)_hackerz.ir, Multiple bugs in EditTag (06.01.2007)
 documentCorryL, Flog 1.1.2 Remote Admin Password Disclosure (06.01.2007)
 documentShaFuq31_(at)_HoTMaiL.CoM, Kolayindir Download (Yenionline) (tr) SqL Injection Vuln. (06.01.2007)
Файлы:Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit

Многочисленные уязвимости в OpenVMS (multiple bugs)
Опубликовано:6 января 2007 г.
Источник:
SecurityVulns ID:7010
Тип:локальная
Уровень опасности:
5/10
Описание:Пароль в открытом тексте в лог-файлах, ошибки в HP DecNet-Plus.
Затронутые продукты:HP : OpenVMS 8.2
CVE:CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.)
Оригинальный текстdocumentSECUNIA, [SA23632] OpenVMS Audit Logfile Password Exposure (06.01.2007)

DoS против Антивируса Касперского
Опубликовано:6 января 2007 г.
Источник:
SecurityVulns ID:7005
Тип:удаленная
Уровень опасности:
6/10
Описание:Бесконечный цикл при некорректном значении поля NumberOfRvaAndSizes при разборе PE-файлов.
Затронутые продукты:KASPERSKY : Kaspersky Antivirus 6.0
 KASPERSKY : Kaspersky Antivirus 5.5
CVE:CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.)
Оригинальный текстdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.05.07: Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability (06.01.2007)

Повышение привилегий через Apple DiskManagement.framework в Mac OS X (privilege escalation)
Опубликовано:6 января 2007 г.
Источник:
SecurityVulns ID:7009
Тип:локальная
Уровень опасности:
5/10
Описание:При восстановлении оригинальных разрешений на файлы не проверяется целостность файла.
Затронутые продукты:APPLE : Mac OS X 10.4
CVE:CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.)
Оригинальный текстdocumentKevin Finisterre, MOAB-05-01-2007: Apple DiskManagement BOM Local Privilege Escalation Vulnerability (06.01.2007)
Файлы:original 0day exploits Apple DiskManagement BOM Local Privilege Escalation Vulnerability
 Exploits Apple DiskManagement BOM Local Privilege Escalation Vulnerability
 original 0day exploits Apple DiskManagement BOM Local Privilege Escalation Vulnerability
 Exploits Apple DiskManagement BOM Local Privilege Escalation Vulnerability

Многочисленные уязвимости в браузере Opera (multiple bugs)
дополнено с 6 января 2007 г.
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7006
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждение динамической памяти при разборе JPEG, вызов функции по контролируемому указателю в Javascript.
Затронутые продукты:OPERA : Opera 9.02
CVE:CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.)
 CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.)
Оригинальный текстdocumentposidron, Opera JPEG processing - Heap corruption vulnerabilities (09.01.2007)
 documentIDEFENSE, iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability (06.01.2007)
 documentIDEFENSE, iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability (06.01.2007)
Файлы:Exploits Opera ntdll.RtlAllocateHeap() DHT vulnerability
 Exploits Opera ntdll.RtlAllocateHeap() SOS vulnerability

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород