Информационная безопасность
[RU] switch to English


Уязвимости в марзрутизаторах Comcast / SMC DOCSIS 3.0 Business Gateway - SMCD3G-CCR
Опубликовано:8 февраля 2011 г.
Источник:
SecurityVulns ID:11407
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовая подмена запросов, учетная запись по-умолчанию.
Затронутые продукты:SMC : SMCD3G-CCR
CVE:CVE-2011-0886 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.)
 CVE-2011-0885 (A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.)
Оригинальный текстdocumentTrustwave Advisories, TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR) (08.02.2011)

Утечка информации в HTC Peep
Опубликовано:8 февраля 2011 г.
Источник:
SecurityVulns ID:11408
Тип:m-i-t-m
Уровень опасности:
4/10
Описание:В трафике присутствует учетная данных Twitter в открытом виде.
Затронутые продукты:HTC : HTC HD2
 HTC : HTC Topaz
 HTC : HTC Rhodium
 HTC : HTC HD Mini
 TMOBILE : T-Mobile HD2
Оригинальный текстdocumentRaul Siles, (TAD-2011-001) Vulnerability in HTC Peep: Twitter Credentials Disclosure (08.02.2011)

Переполнение буфера в FTP-сервера Microsoft IIS
Опубликовано:8 февраля 2011 г.
Источник:
SecurityVulns ID:11411
Тип:удаленная
Уровень опасности:
9/10
Описание:Переполнение буфера динамической памяти.
Затронутые продукты:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-3972 (Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.)

Многочисленные уязвимости безопасности в Apache Tomcat
Опубликовано:8 февраля 2011 г.
Источник:
SecurityVulns ID:11406
Тип:удаленная
Уровень опасности:
6/10
Описание:Повышение привилегий, DoS, межсайтовый скриптинг.
Затронутые продукты:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.)
 CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Software Foundation Tomcat 7.0 before 7.0.6, 5.5 before 5.5.32, and 6.0 before 6.0.30 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.)
 CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability (08.02.2011)
 documentAPACHE, [SECURITY] CVE-2011-0534 Apache Tomcat DoS vulnerability (08.02.2011)
 documentAPACHE, [SECURITY] Oracle JVM bug causes denial of service in Apache Tomcat (08.02.2011)
 documentAPACHE, [SECURITY] CVE-2010-3718 Apache Tomcat Local bypass of security manger file permissions (08.02.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:8 февраля 2011 г.
Источник:
SecurityVulns ID:11409
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:DOKEOS : Dokeos 1.8
 DOKEOS : Dokeos 2.0
 CHAMILIO : Chamilo 1.8
 VIART : ViArt Shop 4.0
 UMICMS : UMI.CMS 2.8
 WEBASYST : Shop-Script 2011.01
 PHPXREF : PHPXref 0.7
Оригинальный текстdocumentMustLive, Уязвимости в PHPXref (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22812: XSRF (CSRF) in UMI.CMS (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22813: XSS vulnerability in UMI.CMS (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22814: XSS vulnerability in ViArt Shop (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22815: XSS vulnerability in ViArt Shop (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22818: Stored XSS vulnerability in WebAsyst Shop-Script (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22819: XSS vulnerability in WebAsyst Shop-Script (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22811: XSS vulnerability in UMI.CMS (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22816: XSS vulnerability in ViArt Shop (08.02.2011)
 documentHigh-Tech Bridge Security Research, HTB22817: XSS vulnerability in WebAsyst Shop-Script (08.02.2011)
 documentbeford, Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure (08.02.2011)

DoS против Microsoft Active Directory
Опубликовано:8 февраля 2011 г.
Источник:
SecurityVulns ID:11412
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе SPN.
Затронутые продукты:MICROSOFT : Windows 2003 Server
CVE:CVE-2011-0040 (The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability.")

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 8 февраля 2011 г.
Опубликовано:14 февраля 2011 г.
Источник:
SecurityVulns ID:11410
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти, небезопасная подгрузка библиотек.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-0038 (Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability.")
 CVE-2011-0036 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, relagted to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.)
 CVE-2011-0035 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.)
 CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "mshtml.dll" Dangling Pointer Vulnerability (CVE-2011-0036) (14.02.2011)
Файлы:Microsoft Security Bulletin MS11-003 - Critical Cumulative Security Update for Internet Explorer (2482017)

Многочисленные уязвимости безопасности в Microsoft Windows
дополнено с 8 февраля 2011 г.
Опубликовано:14 февраля 2011 г.
Источник:
SecurityVulns ID:11413
Тип:библиотека
Уровень опасности:
8/10
Описание:Переполнение буфера в shell при показе изображений, повреждение памяти при разборе шрифтов OpenType Compact Font Format, повышение привилегий через CSRSS, LSA, ядро и различные драйверы, подмена ответов сервера Kerberos, утечка данных в JScript/VBScript.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability.")
 CVE-2011-0090 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability.")
 CVE-2011-0089 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability.")
 CVE-2011-0088 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability.")
 CVE-2011-0087 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability.")
 CVE-2011-0086 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability.")
 CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability.")
 CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability.")
 CVE-2011-0039 (The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability.")
 CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability.")
 CVE-2011-0031 (The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability.")
 CVE-2011-0030 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.)
 CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability.")
 CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability.")
 CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Shell Graphics biCompression Buffer Overflow Vulnerability (14.02.2011)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Shell Graphics BMP "height" Integer Overflow Vulnerability (14.02.2011)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Shell Graphics BMP "width" Integer Overflow Vulnerability (14.02.2011)
 documentIDEFENSE, iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library (11.02.2011)
 documentZDI, ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability (09.02.2011)
Файлы:Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
 Microsoft Security Bulletin MS11-011 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
 Microsoft Security Bulletin MS11-013 - Important Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
 Microsoft Security Bulletin MS11-006 - Critical Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
 Microsoft Security Bulletin MS11-012 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
 Microsoft Security Bulletin MS11-014 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород