Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:7 апреля 2009 г.
Источник:
SecurityVulns ID:9798
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:POWERPHLOGGER : Power Phlogger 2.2
 FAMILYCMS : Family Connections 1.8
 IGNITE : Realtime Openfire 3.6
 JOOMLA : com_bookjoomlas Joomla Component 0.1
 VBULLETIN : vBulletin 3.8
 AMAYA : Amaya 11.1
CVE:CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.)
 CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin.)
 CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.)
 CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.)
 CVE-2008-6509 (SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.)
 CVE-2008-6508 (Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequence in a URI.)
Оригинальный текстdocumentMustLive, New vulnerabilities in Power Phlogger (07.04.2009)
 documentdontcontactorspamme_(at)_aria-security.com, Amaya 11.1 XHTML Parser Buffer Overflow (07.04.2009)
 documentdontcontactorspamme_(at)_aria-security.com, [Aria-Security.com] vBulletin multiple XSS (07.04.2009)
 documentSalvatore "drosophila" Fresta, Joomla Component com_bookjoomlas SQL Injection Vulnerability (07.04.2009)
 documentSalvatore "drosophila" Fresta, Family Connections 1.8.2 Blind SQL Injection (Correct Version) (07.04.2009)
 documentGENTOO, [ GLSA 200904-01 ] Openfire: Multiple vulnerabilities (07.04.2009)
Файлы:Amaya 11.1 XHTML Parser Buffer Overflow POC
 Family Connection <= 1.8.2 - Remote Command Execution

Проверка существования учетной записи пользователя в Sun Java System Identity Manager / Access Manager
Опубликовано:7 апреля 2009 г.
Источник:
SecurityVulns ID:9799
Тип:удаленная
Уровень опасности:
3/10
Описание:Ответы для несуществующего имени пользователя и неправильного пароля различаются.
Затронутые продукты:SUN : Identity Manager 7.0
 SUN : Identity Manager 7.1
 SUN : Identity Manager 8.0
 SUN : Sun Java System Access Manager 6
 SUN : Sun Java System Access Manager 7
 SUN : Sun Java System Access Manager 7.1
Оригинальный текстdocumentMarco Mella, POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration (07.04.2009)

Выполнение кода в скриптах python (blender, gedit, gnumeric, vim, eog)
дополнено с 17 февраля 2009 г.
Опубликовано:7 апреля 2009 г.
Источник:
SecurityVulns ID:9683
Тип:локальная
Уровень опасности:
4/10
Описание:Возможна манипуляция переменной sys.path для загрузки постороннего кода.
Затронутые продукты:GNUMERIC : gnumeric 1.8
 BLENDER : Blender 2.46
 GEDIT : gedit 2.24
 EPIPHANY : epiphany 2.24
 EOG : Eye of GNOME 2.22
CVE:CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.)
 CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in eog 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.)
 CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.)
Оригинальный текстdocumentGENTOO, [ GLSA 200904-06 ] Eye of GNOME: Untrusted search path (07.04.2009)
 documentMANDRIVA, [ MDVSA-2009:063 ] eog (04.03.2009)
 documentMANDRIVA, [ MDVSA-2009:048 ] epiphany (25.02.2009)
 documentMANDRIVA, [ MDVSA-2009:048-1 ] epiphany (24.02.2009)
 documentMANDRIVA, [ MDVSA-2009:047 ] vim (21.02.2009)
 documentMANDRIVA, [ MDVSA-2009:043 ] gnumeric (20.02.2009)
 documentMANDRIVA, [ MDVSA-2009:038 ] blender (17.02.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород