Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:8 мая 2007 г.
Источник:
SecurityVulns ID:7676
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:OTRS : OTRS 2.0
 ADVANCEDGUESTBOO : Advanced Guestbook 2.4
 PHPHTMLLIB : PHPHtmlLib 2.4
 AMEROCANCART : american cart 3.5
 FIPSASP : fipsCMS 2.1
 PFA : pfa CMS 6.0
CVE:CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.)
 CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.)
 CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.)
Оригинальный текстdocumentsecurityresearch_(at)_netvigilance.com, [Full-disclosure] Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability (08.05.2007)
 documentsecurityresearch_(at)_netvigilance.com, [Full-disclosure] Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities (08.05.2007)
 documentilkerKandemir_(at)_mynet.com, pfa CMS v6.0 (index.php repinc) Remote File Include Vulnerability (08.05.2007)
 documentilkerKandemir_(at)_mynet.com, fipsCMS v2.1 Remote SQL injection Vulnerability (08.05.2007)
 documentilkerKandemir_(at)_mynet.com, phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability (08.05.2007)
 documentkepledehlah_(at)_eluwini.co.uk, american cart 3.* (abs_path) remote file include (08.05.2007)
 documentsecurityresearch_(at)_netvigilance.com, Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities (08.05.2007)
 documentciri_(at)_virtuax.be, OTRS <= 2.0.x XSS/XSRF (08.05.2007)
Файлы:PHPHtmlLib <= Remote File Include Exploit

Многочисленные уязвимости в Microsoft Office (multiple bugs)
Опубликовано:8 мая 2007 г.
Источник:
SecurityVulns ID:7679
Тип:клиент
Уровень опасности:
6/10
Описание:Повреждение памяти при разборе рисованных объектов.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873) (08.05.2007)
Файлы:Microsoft Security Bulletin MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)

Выполнение кода через ActiveX CAPICOM.Certificates (code execution)
Опубликовано:8 мая 2007 г.
Источник:
SecurityVulns ID:7682
Тип:клиент
Уровень опасности:
6/10
CVE:CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906) (08.05.2007)
Файлы:Microsoft Security Bulletin MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)

0-day переполнение буфера в DNS-сервере Microsoft Windows (buffer overflow)
дополнено с 13 апреля 2007 г.
Опубликовано:8 мая 2007 г.
Источник:
SecurityVulns ID:7579
Тип:удаленная
Уровень опасности:
8/10
Описание:Переполнение буфера в RPC-интерфейсе используется для удаленной компрометации систем.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) (08.05.2007)
 documentAndres Tarasco , [Full-disclosure] Microsoft DNS Server Remote Code execution Exploit and analysis (16.04.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-103A -- Microsoft Windows DNS RPC Buffer Overflow (14.04.2007)
 documentMICROSOFT, Microsoft Security Advisory (935964) Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (13.04.2007)
Файлы:Microsoft DNS Server Remote Code execution Exploit
 Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)

Многочисленные уязвимости в Microsoft Excel (multiple bugs)
дополнено с 8 мая 2007 г.
Опубликовано:10 мая 2007 г.
Источник:
SecurityVulns ID:7677
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти при разборе различных типов записей.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.)
 CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.)
 CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 05.08.07: Microsoft Excel Filter Record Code Execution Vulnerability (10.05.2007)
 documentZDI, ZDI-07-026: Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability (08.05.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233) (08.05.2007)
Файлы:Microsoft Security Bulletin MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)

Многочисленные уязвимости в Microsoft Exchange
дополнено с 8 мая 2007 г.
Опубликовано:10 мая 2007 г.
Источник:
SecurityVulns ID:7680
Тип:удаленная
Уровень опасности:
8/10
Описание:Межсайтовый скриптинг в OWA, DoS при разборе iCal, повреждение памяти при декодировании Base64, DoS через IMAP.
Затронутые продукты:MICROSOFT : Exchange 2000
 MICROSOFT : Exchange 2003
 MICROSOFT : Exchange 2007
CVE:CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability.")
 CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".)
 CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.)
 CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.)
Оригинальный текстdocumentAlexander Sotirov, Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) (10.05.2007)
 documentIDEFENSE, iDefense Security Advisory 05.08.07: Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability (10.05.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832) (08.05.2007)
Файлы:Microsoft Security Bulletin MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)

Многочисленные уязвимости в Microsoft Word (multiple bugs)
дополнено с 8 мая 2007 г.
Опубликовано:10 мая 2007 г.
Источник:
SecurityVulns ID:7678
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение массива, повреждения памяти при разборе потоков и файлов RTF.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Works 2004
 MICROSOFT : Works 2005
 MICROSOFT : Works 2006
CVE:CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability.")
 CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.)
 CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 05.08.07: Microsoft Word RTF File Parsing Heap Corruption Vulnerability (10.05.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232) (08.05.2007)
Файлы:Microsoft Security Bulletin MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)

Многочисленные уязвимости в Microsoft Internet Explorer (multiple bugs)
дополнено с 8 мая 2007 г.
Опубликовано:10 мая 2007 г.
Источник:
SecurityVulns ID:7681
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти в COM-объектах, при разборе HTML, перезапись файлов.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability.")
 CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.)
 CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.)
 CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability.")
 CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability.")
 CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls", which allows remote attackers to execute arbitrary code via a crafted COM object.)
Оригинальный текстdocumentSECUNIA, [Full-disclosure] Secunia Research: Internet Explorer HTML Objects Memory Corruption Vulnerability (10.05.2007)
 documentZDI, ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability (08.05.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) (08.05.2007)
Файлы:Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768)

Многочисленные уязвимости в VMWare (multiple bugs)
дополнено с 8 мая 2007 г.
Опубликовано:19 мая 2007 г.
Источник:
SecurityVulns ID:7683
Тип:локальная
Уровень опасности:
5/10
Описание:Многочисленные DoS-условия в гостевой и хостовой системах.
Затронутые продукты:VMWARE : VMware Workstation 5.5
 VMWARE : VMware Player 1.0
 VMWARE : VMware Server 1.0
 VMWARE : VMware ACE 1.0
CVE:CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.)
 CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.)
 CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction.")
 CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.)
 CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).)
Оригинальный текстdocumentVMWARE, VMSA-2007-0004.1 Updated: Multiple Denial-of-Service issues fixed and directory traversal vulnerability (19.05.2007)
 documentReversemode, [Reversemode Advisory] VMware Products - GPF Denial of Service (08.05.2007)
 documentVMWARE, VMSA-2007-0004 Multiple Denial-of-Service issues fixed (08.05.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород