Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Nullsoft WinAmp (multiple bugs)
Опубликовано:6 апреля 2007 г.
Источник:
SecurityVulns ID:7539
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти в различных модулях.
Затронутые продукты:NULLSOFT : Winamp 5.33
CVE:CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.)
 CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT (MATLAB sound) file that contains a value that is used as an offset, which triggers memory corruption.)
Оригинальный текстdocumentPiotr Bania, [Full-disclosure] AOL Nullsoft Winamp IT Module "IN_MOD.DLL" Remote Heap Memory Corruption (06.04.2007)
 documentPiotr Bania, [Full-disclosure] AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption (06.04.2007)
 documentPiotr Bania, [Full-disclosure] AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero) (06.04.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:6 апреля 2007 г.
Источник:
SecurityVulns ID:7540
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:LEDGERSMB : LedgerSMB 1.1
 LEDGERSMB : LedgerSMB 1.2
 GAZILOGO : Gazi Okul Sitesi 2007
CVE:CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.)
 CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.)
 CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.)
Оригинальный текстdocumentr00t-balance_(at)_hotmail.com, Gazi Okul Sitesi 2007(tr)(fotokategori.asp) Remote SQL Injection (06.04.2007)
 documentChris Travers, ACLS ineffective in SQL-Ledger and LedgerSMB (06.04.2007)
 documentChris Travers, LedgerSMB 1.2.0 finally released, fixes CVE-2006-5589 (06.04.2007)

Выполнение кода через расширение Firebug в Mozilla Firefox
Опубликовано:6 апреля 2007 г.
Источник:
SecurityVulns ID:7538
Тип:клиент
Уровень опасности:
6/10
Описание:Скрипт может получить доступ к chrome.
Затронутые продукты:FIREFOX : Firebug 1.03
CVE:CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.)
 CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function, related to lack of HTML escaping in the property name.)
Оригинальный текстdocumentpdp (architect), Firefox extensions go Evil - Critical Vulnerabilities in Firefox/Firebug (06.04.2007)

Обход фильтрации в ASP.NET (protection bypass)
Опубликовано:6 апреля 2007 г.
Источник:
SecurityVulns ID:7537
Тип:удаленная
Уровень опасности:
5/10
Описание:Существуют многочисленные способы обойти фильтрацию с целью использования межсайтового скриптинга.
Затронутые продукты:MICROSOFT : ASP.NET 2.0
CVE:CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.)
Оригинальный текстdocumentProCheckUp Research, Microsoft .NET request filtering bypass vulnerability (BID 20753) (06.04.2007)

Многочисленные уязвимости в антивирусе Касперского (multiple bugs)
Опубликовано:6 апреля 2007 г.
Источник:
SecurityVulns ID:7536
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные небезопасные методы ActiveX позволяют загрузить любой файл с машины. Переполнение буфера при разборе архивов ARJ. Локальные переполнения буфера в драйвере.
Затронутые продукты:KASPERSKY : Kaspersky Antivirus 6.0
 KASPERSKY : Kaspersky Internet Security 6.0
CVE:CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.)
 CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.)
 CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.)
 CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.)
 CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.)
Оригинальный текстdocumentZDI, [Full-disclosure] ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity (06.04.2007)
 documentZDI, [Full-disclosure] ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability (06.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.04.07: Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability (06.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.04.07: Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability (06.04.2007)

Переполнение буфера в сервере баз данных ESRI ArcSDE (buffer overflow)
дополнено с 6 апреля 2007 г.
Опубликовано:16 августа 2007 г.
Источник:
SecurityVulns ID:7541
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при обработки длинного запроса по порту TCP/5151.
Затронутые продукты:ESRI : ArcGIS 9.2
 ESRI : ArcSDE 9.2
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 08.15.07: ESRI ArcSDE Numeric Literal Buffer Overflow Vulnerability (16.08.2007)
 documentIDEFENSE, iDefense Security Advisory 04.04.07: ESRI ArcSDE Buffer Overflow Vulnerability (06.04.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород